Windows Analysis Report
PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe

Overview

General Information

Sample name: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
renamed because original name is a hash value
Original sample name: PR 2500006515 972 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Analysis ID: 1520405
MD5: 0362b41458cd2b19f542e3f3f040c547
SHA1: 210e4b23a4ceba122fb66f6c0ed92a534c852b57
SHA256: f3dd8124dc20b5dbe2afde3eaa092c05e1eb0fae8fe16aaacfa9e0d5213f4117
Tags: exeuser-abuse_ch
Infos:

Detection

AgentTesla, PureLog Stealer
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Contains functionality to register a low level keyboard hook
Hides that the sample has been downloaded from the Internet (zone.identifier)
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Agent Tesla, AgentTesla A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
 https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

AV Detection
barindex
Found malware configuration
Source: 6.2.ctsdvwT.exe.400000.0.unpack Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.yildiztepeenerji.com.tr", "Username": "muhasebe@yildiztepeenerji.com.tr", "Password": "na1tyYbc3"}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe ReversingLabs: Detection: 71%
Multi AV Scanner detection for submitted file
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe ReversingLabs: Detection: 71%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: System.Management.Automation.pdb-2476756634-1002_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer325DA9 source: powershell.exe, 00000001.00000002.1778310849.0000000007981000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000001.00000002.1777916558.0000000007926000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: LrBtUp.pdb source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, ctsdvwT.exe.4.dr
Source: Binary string: LrBtUp.pdbSHA256 source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, ctsdvwT.exe.4.dr
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdbd source: powershell.exe, 00000001.00000002.1780173033.0000000008832000.00000004.00000020.00020000.00000000.sdmp
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.4:50358 -> 77.245.148.65:587
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: NIOBEBILISIMHIZMETLERITR NIOBEBILISIMHIZMETLERITR
Uses SMTP (mail sending)
Source: global traffic TCP traffic: 192.168.2.4:50358 -> 77.245.148.65:587
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: 26.165.165.52.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: mail.yildiztepeenerji.com.tr
Source: global traffic DNS traffic detected: DNS query: _kerberos._tcp.dc._msdcs.yildiztepeenerji.com.tr
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002BA9000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://mail.yildiztepeenerji.com.tr
Source: powershell.exe, 00000001.00000002.1774607096.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000001.00000002.1762367646.00000000050E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000001.00000002.1762367646.00000000050E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1755288317.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000001.00000002.1762367646.0000000004F91000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000005.00000002.1867946503.0000000002CFB000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 0000000A.00000002.1948373451.0000000002A19000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000001.00000002.1762367646.00000000050E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000001.00000002.1762367646.00000000050E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1756670007.0000000003E37000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000005.00000002.1877432434.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000005.00000002.1877432434.0000000003CC9000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000006.00000002.1928113926.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ctsdvwT.exe, 0000000A.00000002.1963628997.0000000003A28000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://account.dyn.com/
Source: powershell.exe, 00000001.00000002.1762367646.0000000004F91000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://aka.ms/pscore6lB
Source: powershell.exe, 00000001.00000002.1774607096.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000001.00000002.1774607096.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000001.00000002.1774607096.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://contoso.com/License
Source: powershell.exe, 00000001.00000002.1762367646.00000000050E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000001.00000002.1774607096.0000000005FF8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://nuget.org/nuget.exe

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Contains functionality to log keystrokes (.Net Source)
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, R1W.cs .Net Code: uBa63eXnQW
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.raw.unpack, R1W.cs .Net Code: uBa63eXnQW
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_05C6EE00 SetWindowsHookExA 0000000D,00000000,?,?,?,?,?,?,?,?,?,05C6FC70,00000000,00000000 6_2_05C6EE00
Installs a global keyboard hook
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Windows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe
Creates a window with clipboard capturing capabilities
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Window created: window name: CLIPBRDWNDCLASS Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Window created: window name: CLIPBRDWNDCLASS

System Summary
barindex
Malicious sample detected (through community Yara rule)
Source: 6.2.ctsdvwT.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 10.2.ctsdvwT.exe.3a630e0.3.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 10.2.ctsdvwT.exe.3a630e0.3.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 10.2.ctsdvwT.exe.3a284c0.4.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 5.2.ctsdvwT.exe.3cc9990.1.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 5.2.ctsdvwT.exe.3cc9990.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 10.2.ctsdvwT.exe.3a284c0.4.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, type: UNPACKEDPE Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Detected potential crypto function
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 0_2_0127DC7C 0_2_0127DC7C
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_00EC9760 4_2_00EC9760
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_00ECC9D8 4_2_00ECC9D8
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_00EC4AA8 4_2_00EC4AA8
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_00EC3E90 4_2_00EC3E90
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_00EC41D8 4_2_00EC41D8
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_00ECE76F 4_2_00ECE76F
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_05686E05 4_2_05686E05
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_05681768 4_2_05681768
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_05688108 4_2_05688108
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_05688102 4_2_05688102
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_05688DD0 4_2_05688DD0
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_05682F10 4_2_05682F10
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_056809C0 4_2_056809C0
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 4_2_05682828 4_2_05682828
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 5_2_02C8DC7C 5_2_02C8DC7C
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_026F9638 6_2_026F9638
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_026F4AA8 6_2_026F4AA8
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_026FC8B0 6_2_026FC8B0
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_026F8E78 6_2_026F8E78
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_026F3E90 6_2_026F3E90
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_026F41D8 6_2_026F41D8
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_05C60448 6_2_05C60448
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_05C611F0 6_2_05C611F0
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_05C62D98 6_2_05C62D98
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_05C622B0 6_2_05C622B0
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_05C67F88 6_2_05C67F88
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_05C67F20 6_2_05C67F20
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 6_2_026FAF6F 6_2_026FAF6F
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 10_2_0100DC7C 10_2_0100DC7C
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_03089638 12_2_03089638
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_03084AA8 12_2_03084AA8
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_0308C8B0 12_2_0308C8B0
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_03083E90 12_2_03083E90
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_030841D8 12_2_030841D8
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B0448 12_2_068B0448
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B11F0 12_2_068B11F0
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B6C5C 12_2_068B6C5C
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B2D98 12_2_068B2D98
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B22B0 12_2_068B22B0
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B7F88 12_2_068B7F88
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B7F82 12_2_068B7F82
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 12_2_068B8C76 12_2_068B8C76
Sample file is different than original file name gathered from version info
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1760927897.00000000053C0000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameMML.dll2 vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1761794847.0000000005F60000.00000004.08000000.00040000.00000000.sdmp Binary or memory string: OriginalFilenameTyrone.dll8 vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000000.1718033193.0000000000A3A000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameLrBtUp.exeF vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1756670007.0000000003E37000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename44f18827-ac02-496c-beb3-f0922f952617.exe4 vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1753991456.000000000101E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1755288317.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilenameMML.dll2 vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1755288317.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: OriginalFilename44f18827-ac02-496c-beb3-f0922f952617.exe4 vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4180312206.0000000000CF9000.00000004.00000010.00020000.00000000.sdmp Binary or memory string: OriginalFilenameUNKNOWN_FILET vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Binary or memory string: OriginalFilenameLrBtUp.exeF vs PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe
Uses 32bit PE files
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Yara signature match
Source: 6.2.ctsdvwT.exe.400000.0.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 10.2.ctsdvwT.exe.3a630e0.3.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 10.2.ctsdvwT.exe.3a630e0.3.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 10.2.ctsdvwT.exe.3a284c0.4.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 5.2.ctsdvwT.exe.3cc9990.1.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 5.2.ctsdvwT.exe.3cc9990.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 10.2.ctsdvwT.exe.3a284c0.4.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, type: UNPACKEDPE Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.53c0000.5.raw.unpack, JwlrlmCCKvmG8rWaC9.cs Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, KLhJmaON.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, KLhJmaON.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, 7hO8luD.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, 7hO8luD.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, 7hO8luD.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, 7hO8luD.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, 9HIFdl.cs Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, 9HIFdl.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: _0020.SetAccessControl
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: _0020.AddAccessRule
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, TDUwymQgqk3Z3KoOJH.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: _0020.SetAccessControl
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: _0020.AddAccessRule
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, TDUwymQgqk3Z3KoOJH.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, TDUwymQgqk3Z3KoOJH.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: _0020.SetAccessControl
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, utfVXMWZH8mR5jCuu6.cs Security API names: _0020.AddAccessRule
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@17/9@4/1
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.log Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7000:120:WilError_03
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Mutant created: \Sessions\1\BaseNamedObjects\cHxCTwTuL
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:3748:120:WilError_03
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m3tzu3xt.1xd.ps1 Jump to behavior
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002C0A000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000006.00000002.1935883302.0000000002968000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 0000000C.00000002.4184465405.00000000032F8000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe ReversingLabs: Detection: 71%
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File read: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe"
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe"
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe"
Source: unknown Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe"
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe"
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe"
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe"
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: atl.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wshext.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: appxsip.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: opcservices.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: msv1_0.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: ntlmshared.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: version.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wldp.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: profapi.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: amsi.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: userenv.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: vaultcli.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Section loaded: edputil.dll
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32 Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles Jump to behavior
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static file information: File size 1083392 > 1048576
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x106600
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: System.Management.Automation.pdb-2476756634-1002_Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer325DA9 source: powershell.exe, 00000001.00000002.1778310849.0000000007981000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000001.00000002.1777916558.0000000007926000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: LrBtUp.pdb source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, ctsdvwT.exe.4.dr
Source: Binary string: LrBtUp.pdbSHA256 source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, ctsdvwT.exe.4.dr
Source: Binary string: \??\C:\Windows\System.Management.Automation.pdbd source: powershell.exe, 00000001.00000002.1780173033.0000000008832000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation
barindex
.NET source code contains method to dynamically call methods (often used by packers)
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.53c0000.5.raw.unpack, JwlrlmCCKvmG8rWaC9.cs .Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.2df3adc.0.raw.unpack, JwlrlmCCKvmG8rWaC9.cs .Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
.NET source code contains potential unpacker
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, ListagemTarefas.cs .Net Code: InitializeComponent
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, utfVXMWZH8mR5jCuu6.cs .Net Code: urEOmDpUy0 System.Reflection.Assembly.Load(byte[])
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, utfVXMWZH8mR5jCuu6.cs .Net Code: urEOmDpUy0 System.Reflection.Assembly.Load(byte[])
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, utfVXMWZH8mR5jCuu6.cs .Net Code: urEOmDpUy0 System.Reflection.Assembly.Load(byte[])
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 0_2_0127A16E push ecx; retf 0_2_0127A16F
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Code function: 0_2_0127C45F push cs; retf 0_2_0127C46E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 1_2_04CF5A98 push edi; iretd 1_2_04CF5A3E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 1_2_04CF3AA8 push ebx; retf 1_2_04CF3ADA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 1_2_04CF42BF push ebx; ret 1_2_04CF42DA
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 1_2_04CF5A2C push edi; iretd 1_2_04CF5A32
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 1_2_04CF5A3B push edi; iretd 1_2_04CF5A3E
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 1_2_04CF5A37 push edi; iretd 1_2_04CF5A3A
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Code function: 1_2_04CF5A33 push edi; iretd 1_2_04CF5A36
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Code function: 5_2_02C8DC5C pushfd ; iretd 5_2_02C8F171
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Static PE information: section name: .text entropy: 7.918254359877085
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, Ce2Xf9cjqybYAM3F2w.cs High entropy of concatenated method names: 'OjS0MRIe08', 'ttH0YsScod', 'aqiuUA1i5l', 'YFQuRkh1l5', 'uHn0PU2yyA', 'fo907Zl2Ch', 'uQO0IVvKe2', 'yIK0Zytajp', 'E2C01vicDf', 'jDF0je48LY'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, leE21PHPPCCd9mfVUy.cs High entropy of concatenated method names: 'pEthoifBFx', 'sgXhJlw68X', 'zT5hmpto2m', 'pCHheEorQP', 'yoKh6snU5M', 'pTYhAZPDUN', 'TRehrgVr8U', 'HRVhQRickV', 'X7Khyey2lT', 'RymhqLIjqC'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, aVADjOVDuEeZsiv9gr.cs High entropy of concatenated method names: 'Dispose', 'T0cRvXBjHO', 'tE2GTBWM8r', 'SnokkHLy9R', 'T3eRYgNK9H', 'o8xRzGZZ61', 'ProcessDialogKey', 'cqxGUlWFR4', 'DICGRlmUuP', 'eY7GGQYw0y'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, YUIl37IKJYjF8xf27m.cs High entropy of concatenated method names: 'PrHSQ58NC9', 'sLbSyDDd8p', 'E40S3v1ljY', 'yUYST3SQQj', 'TdwS2EZxKB', 'SfgS5t8InR', 'QgBSDX1mmL', 'NBISt5RnnG', 'JOBSkfLgMj', 'MJOSPv6wpZ'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, mxKMTujwPb7MXUpb3w.cs High entropy of concatenated method names: 'ToString', 'fKFbPyGtta', 'h7RbTh78XW', 'LyvbxMaHEJ', 'iRgb2jIQiw', 'RN0b5yw0vo', 'FgQbLyBR0F', 'vfpbDwhD2h', 'QrpbtrhXIX', 'Gx4bHY13n0'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, yF83lkDx7U66ctmbMp.cs High entropy of concatenated method names: 'cU5hgAWSSD', 'b0qhs4Pw9C', 'RdHhdxx3f9', 'KhadYs86ur', 'cQBdzACA4A', 'ufghUHkIDX', 'u6QhRc3o2T', 'uSXhGaEWil', 'm83h93JvPN', 'TSUhO0rFwV'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, WTWIs8ORlK2dCEydd1.cs High entropy of concatenated method names: 'LPnRhDUwym', 'fqkRW3Z3Ko', 'zj3RCXGBVn', 'XunRFYXDsf', 'mLHR8bVNVm', 'BLKRblT2Ko', 'XmvMrBugM0j0x7ytfa', 'UGTTKZRRCXOxxEfvvN', 'wX5RRU8Vug', 'YjaR97xsuS'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, zntx6TZ7Lbd4cPomW6.cs High entropy of concatenated method names: 'ww68kQl4sH', 'hHR87JCUHr', 'RZs8ZSxi7D', 'FOE81BNJ40', 'taH8TXE3ZA', 'JtC8xUFp58', 'n9Q82stkSW', 'lcK85g9nWD', 'OR28LiVxJj', 'ONI8DL16Nc'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, utfVXMWZH8mR5jCuu6.cs High entropy of concatenated method names: 'dtl9wSHLsw', 'Msc9gKMPU9', 'UyM9VPDDrp', 'ubc9sh973I', 'Cok9aj6bHX', 'sP19dPsj76', 'IEK9hniY3a', 'T1U9WDAWg1', 'UxN94iuI4B', 'C0t9C6dfM3'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, Kq767ssRxj1nqny8Z0.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'S64Gv2f46X', 'NH6GYDRc6V', 'gBZGz4ylCp', 'Aq49Uon7YW', 'cJf9RE5Ufe', 'XEu9GaH0Ck', 'Cbp99IyNrh', 'dKNwTsGoQJkwn9ixCIT'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, GegNK9MHS8xGZZ61Gq.cs High entropy of concatenated method names: 'kWGuguBDgY', 'huhuVNamJx', 'XOrusphPae', 'w6hua4AgZ5', 'N77udRjM1D', 'eMFuh8Z9fX', 'nPtuWgXHxv', 'd9yu4h9gyP', 'NjeuCmVbDu', 'fI6uFlaZrv'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, HlWFR4vQIClmUuPwY7.cs High entropy of concatenated method names: 'nQgu3YJbAG', 'ntOuTAOTC4', 'Ak3uxgwSAS', 'A1Ou2BY03v', 'bRAuZRAR74', 'CyJu5eqYS6', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, h3P7Jmyj3XGBVnMunY.cs High entropy of concatenated method names: 'igxseC1owB', 'WAXsAy6MTE', 'soEsQkVl8N', 'wglsy1glLR', 'qras8mmijv', 'SwwsbOIPRp', 'cNNs0CBVSE', 'zBnsuJb09q', 'lWNspmlQoL', 'okXsl8Eq3g'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, DYw0y6Y5vgvWOsT0qF.cs High entropy of concatenated method names: 'tw2pRx2WQc', 'L8ep9MhVA7', 'erOpONh5C8', 'VoypgHUjIb', 'lGnpVxUjxV', 'qOopaSbVc4', 'gP1pdNgrZt', 'uUPuN7DRJD', 'hWDuMa22df', 'Bk7uvlnI8M'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, WVm6LK3lT2Kovi1yt2.cs High entropy of concatenated method names: 'dcSdwbch6Q', 'MDKdVqYZNg', 'B6Mda156LL', 'DrVdhNfUhA', 'zLIdWkcrNR', 'cDNaEV4frQ', 'Em8acfCQuE', 'CQsaNx0NW9', 'n82aMKslpq', 'z0davmHWwt'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, NLLDLSGhLjNiFkvCP0.cs High entropy of concatenated method names: 'ohim4SiNf', 'yDfeQDXi5', 'LRbAkQhbT', 'TjUreekdi', 'YKWyi1IIo', 'VfEqMj2QX', 'OSsHD3nslixDjt4Okx', 'oqgl2u5u2Q8HHcf1gL', 'sseuH24sx', 'DZHlU0Iw4'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, tDsfXfqDOSPinCLHbV.cs High entropy of concatenated method names: 'drHa68Lcip', 'K9Uar3Cdav', 'jFesxwAMSk', 'nf5s2sLWmo', 'eBas5DdtGn', 'L6HsLVFUHS', 'qRosDHpNqN', 'DOqstLRrQA', 'uX0sHZAHgR', 'nWUskNv4uR'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, crOaocRUBdtAijCEKeb.cs High entropy of concatenated method names: 'QLQpo3LPbe', 'zFMpJta6cw', 'MrJpm997QA', 'pr6peq8ouu', 'INIp6suju5', 'WEQpAoXnhG', 'as0prjAck0', 'Fi8pQwkSrf', 'YPApyiIRx5', 'f61pqpOr6O'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, qgQCdRR9ohCEh5iiW3H.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YwalZYxXVx', 'UODl1fLEsh', 'gPkljwfuZx', 'YSTln2QoF6', 'bQOlEZuja2', 'tlAlcaX1AU', 'I9vlNl4Zfx'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.5f60000.7.raw.unpack, TDUwymQgqk3Z3KoOJH.cs High entropy of concatenated method names: 'vB6VZSDOtq', 'q2HV1bC4mb', 'v6qVjw1814', 'gMpVnxu4SV', 'Wf3VEYsm21', 'DH6Vc6pHOL', 'TcOVNJ01Jt', 'CCMVM8f4yS', 'Ee0Vvf0TSZ', 'GlnVYMLPcq'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, Ce2Xf9cjqybYAM3F2w.cs High entropy of concatenated method names: 'OjS0MRIe08', 'ttH0YsScod', 'aqiuUA1i5l', 'YFQuRkh1l5', 'uHn0PU2yyA', 'fo907Zl2Ch', 'uQO0IVvKe2', 'yIK0Zytajp', 'E2C01vicDf', 'jDF0je48LY'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, leE21PHPPCCd9mfVUy.cs High entropy of concatenated method names: 'pEthoifBFx', 'sgXhJlw68X', 'zT5hmpto2m', 'pCHheEorQP', 'yoKh6snU5M', 'pTYhAZPDUN', 'TRehrgVr8U', 'HRVhQRickV', 'X7Khyey2lT', 'RymhqLIjqC'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, aVADjOVDuEeZsiv9gr.cs High entropy of concatenated method names: 'Dispose', 'T0cRvXBjHO', 'tE2GTBWM8r', 'SnokkHLy9R', 'T3eRYgNK9H', 'o8xRzGZZ61', 'ProcessDialogKey', 'cqxGUlWFR4', 'DICGRlmUuP', 'eY7GGQYw0y'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, YUIl37IKJYjF8xf27m.cs High entropy of concatenated method names: 'PrHSQ58NC9', 'sLbSyDDd8p', 'E40S3v1ljY', 'yUYST3SQQj', 'TdwS2EZxKB', 'SfgS5t8InR', 'QgBSDX1mmL', 'NBISt5RnnG', 'JOBSkfLgMj', 'MJOSPv6wpZ'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, mxKMTujwPb7MXUpb3w.cs High entropy of concatenated method names: 'ToString', 'fKFbPyGtta', 'h7RbTh78XW', 'LyvbxMaHEJ', 'iRgb2jIQiw', 'RN0b5yw0vo', 'FgQbLyBR0F', 'vfpbDwhD2h', 'QrpbtrhXIX', 'Gx4bHY13n0'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, yF83lkDx7U66ctmbMp.cs High entropy of concatenated method names: 'cU5hgAWSSD', 'b0qhs4Pw9C', 'RdHhdxx3f9', 'KhadYs86ur', 'cQBdzACA4A', 'ufghUHkIDX', 'u6QhRc3o2T', 'uSXhGaEWil', 'm83h93JvPN', 'TSUhO0rFwV'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, WTWIs8ORlK2dCEydd1.cs High entropy of concatenated method names: 'LPnRhDUwym', 'fqkRW3Z3Ko', 'zj3RCXGBVn', 'XunRFYXDsf', 'mLHR8bVNVm', 'BLKRblT2Ko', 'XmvMrBugM0j0x7ytfa', 'UGTTKZRRCXOxxEfvvN', 'wX5RRU8Vug', 'YjaR97xsuS'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, zntx6TZ7Lbd4cPomW6.cs High entropy of concatenated method names: 'ww68kQl4sH', 'hHR87JCUHr', 'RZs8ZSxi7D', 'FOE81BNJ40', 'taH8TXE3ZA', 'JtC8xUFp58', 'n9Q82stkSW', 'lcK85g9nWD', 'OR28LiVxJj', 'ONI8DL16Nc'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, utfVXMWZH8mR5jCuu6.cs High entropy of concatenated method names: 'dtl9wSHLsw', 'Msc9gKMPU9', 'UyM9VPDDrp', 'ubc9sh973I', 'Cok9aj6bHX', 'sP19dPsj76', 'IEK9hniY3a', 'T1U9WDAWg1', 'UxN94iuI4B', 'C0t9C6dfM3'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, Kq767ssRxj1nqny8Z0.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'S64Gv2f46X', 'NH6GYDRc6V', 'gBZGz4ylCp', 'Aq49Uon7YW', 'cJf9RE5Ufe', 'XEu9GaH0Ck', 'Cbp99IyNrh', 'dKNwTsGoQJkwn9ixCIT'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, GegNK9MHS8xGZZ61Gq.cs High entropy of concatenated method names: 'kWGuguBDgY', 'huhuVNamJx', 'XOrusphPae', 'w6hua4AgZ5', 'N77udRjM1D', 'eMFuh8Z9fX', 'nPtuWgXHxv', 'd9yu4h9gyP', 'NjeuCmVbDu', 'fI6uFlaZrv'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, HlWFR4vQIClmUuPwY7.cs High entropy of concatenated method names: 'nQgu3YJbAG', 'ntOuTAOTC4', 'Ak3uxgwSAS', 'A1Ou2BY03v', 'bRAuZRAR74', 'CyJu5eqYS6', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, h3P7Jmyj3XGBVnMunY.cs High entropy of concatenated method names: 'igxseC1owB', 'WAXsAy6MTE', 'soEsQkVl8N', 'wglsy1glLR', 'qras8mmijv', 'SwwsbOIPRp', 'cNNs0CBVSE', 'zBnsuJb09q', 'lWNspmlQoL', 'okXsl8Eq3g'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, DYw0y6Y5vgvWOsT0qF.cs High entropy of concatenated method names: 'tw2pRx2WQc', 'L8ep9MhVA7', 'erOpONh5C8', 'VoypgHUjIb', 'lGnpVxUjxV', 'qOopaSbVc4', 'gP1pdNgrZt', 'uUPuN7DRJD', 'hWDuMa22df', 'Bk7uvlnI8M'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, WVm6LK3lT2Kovi1yt2.cs High entropy of concatenated method names: 'dcSdwbch6Q', 'MDKdVqYZNg', 'B6Mda156LL', 'DrVdhNfUhA', 'zLIdWkcrNR', 'cDNaEV4frQ', 'Em8acfCQuE', 'CQsaNx0NW9', 'n82aMKslpq', 'z0davmHWwt'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, NLLDLSGhLjNiFkvCP0.cs High entropy of concatenated method names: 'ohim4SiNf', 'yDfeQDXi5', 'LRbAkQhbT', 'TjUreekdi', 'YKWyi1IIo', 'VfEqMj2QX', 'OSsHD3nslixDjt4Okx', 'oqgl2u5u2Q8HHcf1gL', 'sseuH24sx', 'DZHlU0Iw4'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, tDsfXfqDOSPinCLHbV.cs High entropy of concatenated method names: 'drHa68Lcip', 'K9Uar3Cdav', 'jFesxwAMSk', 'nf5s2sLWmo', 'eBas5DdtGn', 'L6HsLVFUHS', 'qRosDHpNqN', 'DOqstLRrQA', 'uX0sHZAHgR', 'nWUskNv4uR'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, crOaocRUBdtAijCEKeb.cs High entropy of concatenated method names: 'QLQpo3LPbe', 'zFMpJta6cw', 'MrJpm997QA', 'pr6peq8ouu', 'INIp6suju5', 'WEQpAoXnhG', 'as0prjAck0', 'Fi8pQwkSrf', 'YPApyiIRx5', 'f61pqpOr6O'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, qgQCdRR9ohCEh5iiW3H.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YwalZYxXVx', 'UODl1fLEsh', 'gPkljwfuZx', 'YSTln2QoF6', 'bQOlEZuja2', 'tlAlcaX1AU', 'I9vlNl4Zfx'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42d77f8.3.raw.unpack, TDUwymQgqk3Z3KoOJH.cs High entropy of concatenated method names: 'vB6VZSDOtq', 'q2HV1bC4mb', 'v6qVjw1814', 'gMpVnxu4SV', 'Wf3VEYsm21', 'DH6Vc6pHOL', 'TcOVNJ01Jt', 'CCMVM8f4yS', 'Ee0Vvf0TSZ', 'GlnVYMLPcq'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, Ce2Xf9cjqybYAM3F2w.cs High entropy of concatenated method names: 'OjS0MRIe08', 'ttH0YsScod', 'aqiuUA1i5l', 'YFQuRkh1l5', 'uHn0PU2yyA', 'fo907Zl2Ch', 'uQO0IVvKe2', 'yIK0Zytajp', 'E2C01vicDf', 'jDF0je48LY'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, leE21PHPPCCd9mfVUy.cs High entropy of concatenated method names: 'pEthoifBFx', 'sgXhJlw68X', 'zT5hmpto2m', 'pCHheEorQP', 'yoKh6snU5M', 'pTYhAZPDUN', 'TRehrgVr8U', 'HRVhQRickV', 'X7Khyey2lT', 'RymhqLIjqC'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, aVADjOVDuEeZsiv9gr.cs High entropy of concatenated method names: 'Dispose', 'T0cRvXBjHO', 'tE2GTBWM8r', 'SnokkHLy9R', 'T3eRYgNK9H', 'o8xRzGZZ61', 'ProcessDialogKey', 'cqxGUlWFR4', 'DICGRlmUuP', 'eY7GGQYw0y'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, YUIl37IKJYjF8xf27m.cs High entropy of concatenated method names: 'PrHSQ58NC9', 'sLbSyDDd8p', 'E40S3v1ljY', 'yUYST3SQQj', 'TdwS2EZxKB', 'SfgS5t8InR', 'QgBSDX1mmL', 'NBISt5RnnG', 'JOBSkfLgMj', 'MJOSPv6wpZ'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, mxKMTujwPb7MXUpb3w.cs High entropy of concatenated method names: 'ToString', 'fKFbPyGtta', 'h7RbTh78XW', 'LyvbxMaHEJ', 'iRgb2jIQiw', 'RN0b5yw0vo', 'FgQbLyBR0F', 'vfpbDwhD2h', 'QrpbtrhXIX', 'Gx4bHY13n0'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, yF83lkDx7U66ctmbMp.cs High entropy of concatenated method names: 'cU5hgAWSSD', 'b0qhs4Pw9C', 'RdHhdxx3f9', 'KhadYs86ur', 'cQBdzACA4A', 'ufghUHkIDX', 'u6QhRc3o2T', 'uSXhGaEWil', 'm83h93JvPN', 'TSUhO0rFwV'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, WTWIs8ORlK2dCEydd1.cs High entropy of concatenated method names: 'LPnRhDUwym', 'fqkRW3Z3Ko', 'zj3RCXGBVn', 'XunRFYXDsf', 'mLHR8bVNVm', 'BLKRblT2Ko', 'XmvMrBugM0j0x7ytfa', 'UGTTKZRRCXOxxEfvvN', 'wX5RRU8Vug', 'YjaR97xsuS'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, zntx6TZ7Lbd4cPomW6.cs High entropy of concatenated method names: 'ww68kQl4sH', 'hHR87JCUHr', 'RZs8ZSxi7D', 'FOE81BNJ40', 'taH8TXE3ZA', 'JtC8xUFp58', 'n9Q82stkSW', 'lcK85g9nWD', 'OR28LiVxJj', 'ONI8DL16Nc'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, utfVXMWZH8mR5jCuu6.cs High entropy of concatenated method names: 'dtl9wSHLsw', 'Msc9gKMPU9', 'UyM9VPDDrp', 'ubc9sh973I', 'Cok9aj6bHX', 'sP19dPsj76', 'IEK9hniY3a', 'T1U9WDAWg1', 'UxN94iuI4B', 'C0t9C6dfM3'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, Kq767ssRxj1nqny8Z0.cs High entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'S64Gv2f46X', 'NH6GYDRc6V', 'gBZGz4ylCp', 'Aq49Uon7YW', 'cJf9RE5Ufe', 'XEu9GaH0Ck', 'Cbp99IyNrh', 'dKNwTsGoQJkwn9ixCIT'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, GegNK9MHS8xGZZ61Gq.cs High entropy of concatenated method names: 'kWGuguBDgY', 'huhuVNamJx', 'XOrusphPae', 'w6hua4AgZ5', 'N77udRjM1D', 'eMFuh8Z9fX', 'nPtuWgXHxv', 'd9yu4h9gyP', 'NjeuCmVbDu', 'fI6uFlaZrv'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, HlWFR4vQIClmUuPwY7.cs High entropy of concatenated method names: 'nQgu3YJbAG', 'ntOuTAOTC4', 'Ak3uxgwSAS', 'A1Ou2BY03v', 'bRAuZRAR74', 'CyJu5eqYS6', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, h3P7Jmyj3XGBVnMunY.cs High entropy of concatenated method names: 'igxseC1owB', 'WAXsAy6MTE', 'soEsQkVl8N', 'wglsy1glLR', 'qras8mmijv', 'SwwsbOIPRp', 'cNNs0CBVSE', 'zBnsuJb09q', 'lWNspmlQoL', 'okXsl8Eq3g'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, DYw0y6Y5vgvWOsT0qF.cs High entropy of concatenated method names: 'tw2pRx2WQc', 'L8ep9MhVA7', 'erOpONh5C8', 'VoypgHUjIb', 'lGnpVxUjxV', 'qOopaSbVc4', 'gP1pdNgrZt', 'uUPuN7DRJD', 'hWDuMa22df', 'Bk7uvlnI8M'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, WVm6LK3lT2Kovi1yt2.cs High entropy of concatenated method names: 'dcSdwbch6Q', 'MDKdVqYZNg', 'B6Mda156LL', 'DrVdhNfUhA', 'zLIdWkcrNR', 'cDNaEV4frQ', 'Em8acfCQuE', 'CQsaNx0NW9', 'n82aMKslpq', 'z0davmHWwt'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, NLLDLSGhLjNiFkvCP0.cs High entropy of concatenated method names: 'ohim4SiNf', 'yDfeQDXi5', 'LRbAkQhbT', 'TjUreekdi', 'YKWyi1IIo', 'VfEqMj2QX', 'OSsHD3nslixDjt4Okx', 'oqgl2u5u2Q8HHcf1gL', 'sseuH24sx', 'DZHlU0Iw4'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, tDsfXfqDOSPinCLHbV.cs High entropy of concatenated method names: 'drHa68Lcip', 'K9Uar3Cdav', 'jFesxwAMSk', 'nf5s2sLWmo', 'eBas5DdtGn', 'L6HsLVFUHS', 'qRosDHpNqN', 'DOqstLRrQA', 'uX0sHZAHgR', 'nWUskNv4uR'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, crOaocRUBdtAijCEKeb.cs High entropy of concatenated method names: 'QLQpo3LPbe', 'zFMpJta6cw', 'MrJpm997QA', 'pr6peq8ouu', 'INIp6suju5', 'WEQpAoXnhG', 'as0prjAck0', 'Fi8pQwkSrf', 'YPApyiIRx5', 'f61pqpOr6O'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, qgQCdRR9ohCEh5iiW3H.cs High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'YwalZYxXVx', 'UODl1fLEsh', 'gPkljwfuZx', 'YSTln2QoF6', 'bQOlEZuja2', 'tlAlcaX1AU', 'I9vlNl4Zfx'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.42109d8.4.raw.unpack, TDUwymQgqk3Z3KoOJH.cs High entropy of concatenated method names: 'vB6VZSDOtq', 'q2HV1bC4mb', 'v6qVjw1814', 'gMpVnxu4SV', 'Wf3VEYsm21', 'DH6Vc6pHOL', 'TcOVNJ01Jt', 'CCMVM8f4yS', 'Ee0Vvf0TSZ', 'GlnVYMLPcq'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.53c0000.5.raw.unpack, JwlrlmCCKvmG8rWaC9.cs High entropy of concatenated method names: 'sBWW1o69QP', 'RgtTUJcyZL', 'wHRL3ZoRRm', 'qx3LWApERP', 'Eo0LL2b9ec', 'SSpLi0YFJu', 'f0gY5uTkfS8Ax', 'DIXDrUpg3', 'mwmTMKcOE', 'GXuog4qOP'
Source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.2df3adc.0.raw.unpack, JwlrlmCCKvmG8rWaC9.cs High entropy of concatenated method names: 'sBWW1o69QP', 'RgtTUJcyZL', 'wHRL3ZoRRm', 'qx3LWApERP', 'Eo0LL2b9ec', 'SSpLi0YFJu', 'f0gY5uTkfS8Ax', 'DIXDrUpg3', 'mwmTMKcOE', 'GXuog4qOP'
Creates processes with suspicious names
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: \pr 2500006515 #u2116 972 #u043e#u0442 eta 24 hidmaksan vietnam ind co.,ltd 2024.exe
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: \pr 2500006515 #u2116 972 #u043e#u0442 eta 24 hidmaksan vietnam ind co.,ltd 2024.exe
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: \pr 2500006515 #u2116 972 #u043e#u0442 eta 24 hidmaksan vietnam ind co.,ltd 2024.exe
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: \pr 2500006515 #u2116 972 #u043e#u0442 eta 24 hidmaksan vietnam ind co.,ltd 2024.exe Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: \pr 2500006515 #u2116 972 #u043e#u0442 eta 24 hidmaksan vietnam ind co.,ltd 2024.exe Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: \pr 2500006515 #u2116 972 #u043e#u0442 eta 24 hidmaksan vietnam ind co.,ltd 2024.exe Jump to behavior
Drops PE files
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Jump to dropped file
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctsdvwT Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctsdvwT Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Hides that the sample has been downloaded from the Internet (zone.identifier)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File opened: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe:Zone.Identifier read attributes | delete Jump to behavior
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe File opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Yara detected AntiVM3
Source: Yara match File source: Process Memory Space: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe PID: 6752, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 7060, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 6840, type: MEMORYSTR
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 1270000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 2DD0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 2C10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 6130000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 7130000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 7260000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 8260000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: EC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 2B30000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: 1150000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 2B10000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 2CA0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 4CA0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 61F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 71F0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 7330000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 8330000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: DF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 2890000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 4890000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 1000000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 29C0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 2810000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 5FF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 5DC0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 6FF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 7FF0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 3080000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 3220000 memory reserve | memory write watch
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Memory allocated: 5220000 memory reserve | memory write watch
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2400000 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399868 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399748 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399640 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399531 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399419 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399297 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399181 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399063 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398938 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398813 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398688 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398576 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398396 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398262 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398101 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397985 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397860 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397735 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397606 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397485 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397360 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397235 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397110 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396985 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396860 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396735 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396610 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396485 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396360 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396235 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396110 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395985 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395860 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395699 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395336 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395219 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395109 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394999 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394891 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394781 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394672 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394563 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394453 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394342 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394234 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394121 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394000 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393891 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393766 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393641 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393531 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2400000 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399875 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399765 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399656 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399546 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399438 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399328 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399218 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399107 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398999 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398891 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398766 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398656 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398547 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398437 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398327 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398199 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398078 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397963 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397731 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397469 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397359 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397250 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397141 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397031 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396922 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396807 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396702 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396594 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396484 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396375 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396266 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396156 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396047 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395938 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395797 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395672 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395562 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395438 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395313 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395201 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394969 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394840 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394734 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394625 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394516 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394406 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394297 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394188 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394063 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2393953 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2400000
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399891
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399766
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399656
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399547
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399437
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399328
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399218
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399108
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399000
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398890
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398781
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398672
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398562
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398453
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398343
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398234
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398124
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398015
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397899
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397789
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397649
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397540
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397437
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397328
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397219
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397109
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396999
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396890
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396781
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396669
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396562
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396453
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396344
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396234
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396125
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396015
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395905
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395797
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395687
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395578
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395468
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395359
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395250
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395140
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395031
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394921
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394812
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394703
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394581
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 5857 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Window / User API: threadDelayed 2025 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Window / User API: threadDelayed 2977 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Window / User API: threadDelayed 6848 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Window / User API: threadDelayed 5053 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Window / User API: threadDelayed 4794 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Window / User API: threadDelayed 3599
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Window / User API: threadDelayed 6255
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 6788 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6436 Thread sleep time: -4611686018427385s >= -30000s Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5544 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep count: 32 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -29514790517935264s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2400000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 4828 Thread sleep count: 2977 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399868s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399748s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399640s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 4828 Thread sleep count: 6848 > 30 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399531s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399419s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399297s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399181s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2399063s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2398938s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2398813s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2398688s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2398576s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2398396s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2398262s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2398101s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397735s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397606s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397485s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397360s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397235s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2397110s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396735s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396610s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396485s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396360s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396235s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2396110s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2395985s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2395860s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2395699s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2395336s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2395219s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2395109s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394999s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394891s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394781s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394672s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394563s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394453s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394342s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394234s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394121s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2394000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2393891s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2393766s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2393641s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe TID: 5408 Thread sleep time: -2393531s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 6724 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep count: 34 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -31359464925306218s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2400000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399875s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 6752 Thread sleep count: 5053 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 6752 Thread sleep count: 4794 > 30 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399765s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399656s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399546s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399438s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399328s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399218s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2399107s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398999s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398891s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398766s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398656s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398547s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398437s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398327s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398199s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2398078s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2397963s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2397731s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2397469s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2397359s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2397250s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2397141s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2397031s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396922s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396807s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396702s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396594s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396484s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396375s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396266s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396156s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2396047s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2395938s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2395797s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2395672s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2395562s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2395438s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2395313s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2395201s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394969s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394840s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394734s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394625s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394516s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394406s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394297s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394188s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2394063s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7160 Thread sleep time: -2393953s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5552 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep count: 39 > 30
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -35971150943733603s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2400000s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7064 Thread sleep count: 3599 > 30
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399891s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 7064 Thread sleep count: 6255 > 30
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399766s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399656s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399547s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399437s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399328s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399218s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399108s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2399000s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398890s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398781s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398672s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398562s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398453s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398343s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398234s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398124s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2398015s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397899s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397789s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397649s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397540s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397437s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397328s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397219s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2397109s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396999s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396890s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396781s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396669s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396562s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396453s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396344s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396234s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396125s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2396015s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395905s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395797s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395687s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395578s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395468s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395359s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395250s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395140s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2395031s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2394921s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2394812s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2394703s >= -30000s
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe TID: 5432 Thread sleep time: -2394581s >= -30000s
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2400000 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399868 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399748 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399640 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399531 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399419 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399297 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399181 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2399063 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398938 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398813 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398688 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398576 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398396 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398262 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2398101 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397985 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397860 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397735 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397606 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397485 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397360 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397235 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2397110 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396985 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396860 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396735 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396610 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396485 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396360 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396235 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2396110 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395985 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395860 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395699 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395336 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395219 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2395109 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394999 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394891 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394781 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394672 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394563 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394453 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394342 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394234 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394121 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2394000 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393891 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393766 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393641 Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Thread delayed: delay time: 2393531 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2400000 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399875 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399765 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399656 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399546 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399438 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399328 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399218 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399107 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398999 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398891 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398766 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398656 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398547 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398437 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398327 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398199 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398078 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397963 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397731 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397469 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397359 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397250 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397141 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397031 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396922 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396807 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396702 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396594 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396484 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396375 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396266 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396156 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396047 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395938 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395797 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395672 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395562 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395438 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395313 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395201 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394969 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394840 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394734 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394625 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394516 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394406 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394297 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394188 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394063 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2393953 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2400000
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399891
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399766
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399656
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399547
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399437
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399328
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399218
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399108
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2399000
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398890
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398781
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398672
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398562
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398453
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398343
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398234
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398124
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2398015
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397899
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397789
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397649
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397540
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397437
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397328
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397219
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2397109
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396999
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396890
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396781
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396669
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396562
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396453
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396344
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396234
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396125
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2396015
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395905
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395797
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395687
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395578
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395468
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395359
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395250
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395140
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2395031
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394921
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394812
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394703
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Thread delayed: delay time: 2394581
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4192184957.00000000060C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll{
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000000.00000002.1756670007.0000000003E37000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000005.00000002.1877432434.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000005.00000002.1877432434.0000000003CC9000.00000004.00000800.00020000.00000000.sdmp, ctsdvwT.exe, 00000006.00000002.1928113926.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ctsdvwT.exe, 0000000A.00000002.1963628997.0000000003A28000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: hgfsZrw6
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process information queried: ProcessInformation Jump to behavior
Enables debug privileges
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
Adds a directory exclusion to Windows Defender
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe"
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe" Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe" Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Process created: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe "C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Process created: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe "C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe" Jump to behavior
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Program ManagerLR
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: q9<b>[ Program Manager]</b> (27/09/2024 06:43:05)<br>{Win}rTH
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Program Manager
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: q3<b>[ Program Manager]</b> (27/09/2024 06:43:05)<br>
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: q><b>[ Program Manager]</b> (27/09/2024 06:43:05)<br>{Win}r{Win}TH
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: q?<b>[ Program Manager]</b> (27/09/2024 06:43:05)<br>{Win}r{Win}rTH
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: q8<b>[ Program Manager]</b> (27/09/2024 06:43:05)<br>{Win}TH
Source: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe, 00000004.00000002.4186061604.0000000002B9D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Time: 11/24/2024 00:19:36<br>User Name: user<br>Computer Name: 506407<br>OSFullName: Microsoft Windows 10 Pro<br>CPU: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz<br>RAM: 8191.25 MB<br><hr><b>[ Program Manager]</b> (27/09/2024 06:43:05)<br>{Win}r{Win}r
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe VolumeInformation
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected AgentTesla
Source: Yara match File source: 6.2.ctsdvwT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a630e0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a284c0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a630e0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.3cc9990.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.3cc9990.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a284c0.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.1877432434.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.1928113926.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1877432434.0000000003CC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.1963628997.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1756670007.0000000003E37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe PID: 6752, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 7060, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 3684, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 6840, type: MEMORYSTR
Yara detected PureLog Stealer
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.2df3adc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.2cc398c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.53c0000.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.53c0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.2cc398c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.2df3adc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1760927897.00000000053C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1867946503.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1755288317.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
Tries to steal Mail credentials (via file / registry access)
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles Jump to behavior
Source: C:\Users\user\Desktop\PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities Jump to behavior
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
Source: C:\Users\user\AppData\Roaming\ctsdvwT\ctsdvwT.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Yara detected Credential Stealer
Source: Yara match File source: 6.2.ctsdvwT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a630e0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a284c0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a630e0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.3cc9990.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.3cc9990.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a284c0.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.1877432434.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.1928113926.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1877432434.0000000003CC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.1963628997.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1756670007.0000000003E37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000C.00000002.4184465405.000000000322B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.1935883302.0000000002891000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000004.00000002.4186061604.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe PID: 6752, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe PID: 7128, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 7060, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 3684, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 6840, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 2676, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected AgentTesla
Source: Yara match File source: 6.2.ctsdvwT.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a630e0.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a284c0.4.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a630e0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.3cc9990.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e72b80.2.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.3cc9990.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 10.2.ctsdvwT.exe.3a284c0.4.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.3e37f60.1.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000005.00000002.1877432434.0000000003D43000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.1928113926.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1877432434.0000000003CC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000A.00000002.1963628997.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1756670007.0000000003E37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe PID: 6752, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 7060, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 3684, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: ctsdvwT.exe PID: 6840, type: MEMORYSTR
Yara detected PureLog Stealer
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.2df3adc.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.2cc398c.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.53c0000.5.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.53c0000.5.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 5.2.ctsdvwT.exe.2cc398c.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 0.2.PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe.2df3adc.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000000.00000002.1760927897.00000000053C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000002.1867946503.0000000002CA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1755288317.0000000002DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1520405 Sample: PR 2500006515 #U2116 972 #U... Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 43 mail.yildiztepeenerji.com.tr 2->43 45 _kerberos._tcp.dc._msdcs.yildiztepeenerji.com.tr 2->45 47 2 other IPs or domains 2->47 59 Found malware configuration 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 Multi AV Scanner detection for submitted file 2->63 65 11 other signatures 2->65 8 PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe 4 2->8         started        12 ctsdvwT.exe 3 2->12         started        14 ctsdvwT.exe 2 2->14         started        signatures3 process4 file5 39 PR 2500006515 #U21...O.,LTD 2024.exe.log, ASCII 8->39 dropped 67 Adds a directory exclusion to Windows Defender 8->67 16 PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe 1 5 8->16         started        21 powershell.exe 23 8->21         started        23 PR 2500006515 #U2116 972 #U043e#U0442 ETA 24 HIDMAKSAN VIETNAM IND CO.,LTD 2024.exe 8->23         started        69 Multi AV Scanner detection for dropped file 12->69 71 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->71 73 Machine Learning detection for dropped file 12->73 75 Contains functionality to register a low level keyboard hook 12->75 25 ctsdvwT.exe 2 12->25         started        27 ctsdvwT.exe 14->27         started        29 ctsdvwT.exe 14->29         started        signatures6 process7 dnsIp8 41 mail.yildiztepeenerji.com.tr 77.245.148.65, 50358, 587 NIOBEBILISIMHIZMETLERITR Turkey 16->41 35 C:\Users\user\AppData\Roaming\...\ctsdvwT.exe, PE32 16->35 dropped 37 C:\Users\user\...\ctsdvwT.exe:Zone.Identifier, ASCII 16->37 dropped 49 Tries to steal Mail credentials (via file / registry access) 16->49 51 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->51 53 Installs a global keyboard hook 16->53 55 Loading BitLocker PowerShell Module 21->55 31 conhost.exe 21->31         started        33 conhost.exe 21->33         started        57 Tries to harvest and steal browser information (history, passwords, etc) 27->57 file9 signatures10 process11
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
77.245.148.65
 mail.yildiztepeenerji.com.tr Turkey
42868 NIOBEBILISIMHIZMETLERITR true

Contacted Domains

Name IP Active
mail.yildiztepeenerji.com.tr 77.245.148.65 true
241.42.69.40.in-addr.arpa unknown unknown
26.165.165.52.in-addr.arpa unknown unknown
_kerberos._tcp.dc._msdcs.yildiztepeenerji.com.tr unknown unknown