Loading ...

Play interactive tourEdit tour

Analysis Report gsX7l6DQFz.exe

Overview

General Information

Sample Name:gsX7l6DQFz.exe
MD5:f2653608e212271962563b3a52a946c0
SHA1:c1e4e8c18d93dcff523a5eaf93681fa5f231efa8
SHA256:cb7a29c95fe01c9a5e1ff0b13f44fcb96c56f421e9bd1a7c5f1b8ef273e7f271

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • gsX7l6DQFz.exe (PID: 2160 cmdline: 'C:\Users\user\Desktop\gsX7l6DQFz.exe' MD5: F2653608E212271962563B3A52A946C0)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "8RzkjbZf20m4DAu", "URL: ": "https://0aTLHpeMtp.org", "To: ": "chibu@psturyana.com", "ByHost: ": "smtp.psturyana.com:587", "Password: ": "wwuF0Fot23HNm2k", "From: ": "chibu@psturyana.com"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
gsX7l6DQFz.exeJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    .textJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2085394847.0000000000D12000.00000002.00020000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000000.405781732.0000000000D12000.00000002.00020000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: gsX7l6DQFz.exe PID: 2160JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.gsX7l6DQFz.exe.d10000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.0.gsX7l6DQFz.exe.d10000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                    Sigma Overview

                    No Sigma rule has matched

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Antivirus / Scanner detection for submitted sampleShow sources
                    Source: gsX7l6DQFz.exeAvira: detected
                    Found malware configurationShow sources
                    Source: gsX7l6DQFz.exe.2160.0.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "8RzkjbZf20m4DAu", "URL: ": "https://0aTLHpeMtp.org", "To: ": "chibu@psturyana.com", "ByHost: ": "smtp.psturyana.com:587", "Password: ": "wwuF0Fot23HNm2k", "From: ": "chibu@psturyana.com"}
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: gsX7l6DQFz.exeVirustotal: Detection: 56%Perma Link
                    Source: gsX7l6DQFz.exeReversingLabs: Detection: 72%
                    Machine Learning detection for sampleShow sources
                    Source: gsX7l6DQFz.exeJoe Sandbox ML: detected

                    Source: global trafficTCP traffic: 192.168.2.6:49721 -> 208.91.199.225:587
                    Source: Joe Sandbox ViewIP Address: 208.91.199.225 208.91.199.225
                    Source: global trafficTCP traffic: 192.168.2.6:49721 -> 208.91.199.225:587
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DA186 recv,0_2_013DA186
                    Source: unknownDNS traffic detected: queries for: smtp.psturyana.com
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmp, gsX7l6DQFz.exe, 00000000.00000002.2089344248.0000000003632000.00000004.00000001.sdmpString found in binary or memory: https://0aTLHpeMtp.org
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmpString found in binary or memory: https://0aTLHpeMtp.orgd1

                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086046732.00000000013E0000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB362 NtQuerySystemInformation,0_2_013DB362
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB331 NtQuerySystemInformation,0_2_013DB331
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE8F00_2_056AE8F0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD1880_2_056AD188
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056A00060_2_056A0006
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE6D00_2_056AE6D0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056ADD2D0_2_056ADD2D
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE8E00_2_056AE8E0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD1780_2_056AD178
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056ADCBC0_2_056ADCBC
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD8CA0_2_056AD8CA
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE6C20_2_056AE6C2
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD8580_2_056AD858
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612BC660_2_0612BC66
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061286D80_2_061286D8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061274E00_2_061274E0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612B9300_2_0612B930
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612A5280_2_0612A528
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06123FB80_2_06123FB8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06126DD80_2_06126DD8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061244700_2_06124470
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061228680_2_06122868
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061288BA0_2_061288BA
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061226D90_2_061226D9
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612632E0_2_0612632E
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06123FA80_2_06123FA8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061227CC0_2_061227CC
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06122DEE0_2_06122DEE
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061717A00_2_061717A0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06170A280_2_06170A28
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061710D80_2_061710D8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061717900_2_06171790
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06170A1A0_2_06170A1A
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061706A90_2_061706A9
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061710CA0_2_061710CA
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061700700_2_06170070
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624E2280_2_0624E228
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624DA980_2_0624DA98
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624CAD80_2_0624CAD8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624E8880_2_0624E888
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624C1900_2_0624C190
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_062497900_2_06249790
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090935360.0000000006100000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000000.405918172.0000000000D58000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAVQLDHVxfeJcEJORCVRTUhzebdEHsaUsMABhvaF.exe4 vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090907138.00000000060F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090185724.0000000005B30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2089997220.0000000005670000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090761681.0000000006090000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086046732.00000000013E0000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exeBinary or memory string: OriginalFilenameAVQLDHVxfeJcEJORCVRTUhzebdEHsaUsMABhvaF.exe4 vs gsX7l6DQFz.exe
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB1E6 AdjustTokenPrivileges,0_2_013DB1E6
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB1AF AdjustTokenPrivileges,0_2_013DB1AF
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                    Source: gsX7l6DQFz.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\497ab1dd171eeef956401f1aeb0b9fec\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: gsX7l6DQFz.exeVirustotal: Detection: 56%
                    Source: gsX7l6DQFz.exeReversingLabs: Detection: 72%
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: gsX7l6DQFz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                    Source: gsX7l6DQFz.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: Binary string: mscorrc.pdb source: gsX7l6DQFz.exe, 00000000.00000002.2090761681.0000000006090000.00000002.00000001.sdmp

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D13ACF push FFFFFFF4h; retf 0_2_00D13AD2
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D1649A push eax; ret 0_2_00D1649B
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D148B2 push edx; ret 0_2_00D148C0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D16C37 push esp; retf 0_2_00D16C5F
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D14934 push esi; ret 0_2_00D14935
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D13738 pushad ; ret 0_2_00D13740

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion:

                    barindex
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -420000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -148280s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -325017s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58876s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -146720s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87327s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -145000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -115564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -143750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -228376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -198079s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -111812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -139295s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -138750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -192500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -82173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -109188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -135235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -134765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -106376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -159000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -79032s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -78468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -130235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -128985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -102000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -101188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75141s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -74859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73923s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -98000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -120235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -116485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -69141s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -68814s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -91436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -133782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -133218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -65859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -131064s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -174000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -129936s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -107735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -64032s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -63282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -62718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -145250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -101015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99530s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -118500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -78564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -115782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -74564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -74188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90470s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -35906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -142752s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -124250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105846s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -122500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -86955s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -121079s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -34282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -67812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -100782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -82970s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49077s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -113750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96936s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -142173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47064s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72970s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41859s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -66250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39423s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38391s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37032s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57970s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -43188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -53205s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -63282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38829s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -149530s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -148750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -88218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -117188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87141s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -112376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55876s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54626s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -107000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -155718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -154500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76923s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -146064s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -168000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -95564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -166579s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47094s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -117265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -92812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -69282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -115000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -68673s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -113985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -112265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -65109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42876s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -83188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61923s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61077s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60327s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -95235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -109218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -126000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87030s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -102936s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48423s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -78515s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45423s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -89346s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -103579s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73205s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72265s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -71485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -81000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -67030s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73782s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57846s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32970s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31250s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -119564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -88173s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58626s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87609s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -116376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -144220s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84141s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -111624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -111188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -164064s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80673s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -107188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -79827s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76077s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -169750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72423s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -94752s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93752s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93436s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -88376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -64500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -149079s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -125064s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -123000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -81624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37876s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56109s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -65376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31500s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46827s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -64765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37827s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55780s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32718s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30750s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30423s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49455s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -35000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4692Thread sleep count: 116 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4692Thread sleep time: -58000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -89391s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -117812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57812s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85359s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -81282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -79641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105564s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105188s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77814s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77532s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50376s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99752s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49688s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49218s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -95624s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47406s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -70032s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46282s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -91000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44626s >= -30000sJump to behavior
                    Sou