Loading ...

Play interactive tourEdit tour

Analysis Report gsX7l6DQFz.exe

Overview

General Information

Sample Name:gsX7l6DQFz.exe
MD5:f2653608e212271962563b3a52a946c0
SHA1:c1e4e8c18d93dcff523a5eaf93681fa5f231efa8
SHA256:cb7a29c95fe01c9a5e1ff0b13f44fcb96c56f421e9bd1a7c5f1b8ef273e7f271

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Machine Learning detection for sample
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • gsX7l6DQFz.exe (PID: 2160 cmdline: 'C:\Users\user\Desktop\gsX7l6DQFz.exe' MD5: F2653608E212271962563B3A52A946C0)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "8RzkjbZf20m4DAu", "URL: ": "https://0aTLHpeMtp.org", "To: ": "chibu@psturyana.com", "ByHost: ": "smtp.psturyana.com:587", "Password: ": "wwuF0Fot23HNm2k", "From: ": "chibu@psturyana.com"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
gsX7l6DQFz.exeJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    .textJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2085394847.0000000000D12000.00000002.00020000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000000.405781732.0000000000D12000.00000002.00020000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Process Memory Space: gsX7l6DQFz.exe PID: 2160JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                Click to see the 1 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                0.2.gsX7l6DQFz.exe.d10000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.0.gsX7l6DQFz.exe.d10000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

                    Sigma Overview

                    No Sigma rule has matched

                    Signature Overview

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection:

                    barindex
                    Antivirus / Scanner detection for submitted sampleShow sources
                    Source: gsX7l6DQFz.exeAvira: detected
                    Found malware configurationShow sources
                    Source: gsX7l6DQFz.exe.2160.0.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "8RzkjbZf20m4DAu", "URL: ": "https://0aTLHpeMtp.org", "To: ": "chibu@psturyana.com", "ByHost: ": "smtp.psturyana.com:587", "Password: ": "wwuF0Fot23HNm2k", "From: ": "chibu@psturyana.com"}
                    Multi AV Scanner detection for submitted fileShow sources
                    Source: gsX7l6DQFz.exeVirustotal: Detection: 56%Perma Link
                    Source: gsX7l6DQFz.exeReversingLabs: Detection: 72%
                    Machine Learning detection for sampleShow sources
                    Source: gsX7l6DQFz.exeJoe Sandbox ML: detected

                    Source: global trafficTCP traffic: 192.168.2.6:49721 -> 208.91.199.225:587
                    Source: Joe Sandbox ViewIP Address: 208.91.199.225 208.91.199.225
                    Source: global trafficTCP traffic: 192.168.2.6:49721 -> 208.91.199.225:587
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DA186 recv,
                    Source: unknownDNS traffic detected: queries for: smtp.psturyana.com
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmp, gsX7l6DQFz.exe, 00000000.00000002.2089344248.0000000003632000.00000004.00000001.sdmpString found in binary or memory: https://0aTLHpeMtp.org
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmpString found in binary or memory: https://0aTLHpeMtp.orgd1

                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086046732.00000000013E0000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB362 NtQuerySystemInformation,
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB331 NtQuerySystemInformation,
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE8F0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD188
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056A0006
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE6D0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056ADD2D
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE8E0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD178
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056ADCBC
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD8CA
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AE6C2
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_056AD858
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612BC66
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061286D8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061274E0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612B930
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612A528
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06123FB8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06126DD8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06124470
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06122868
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061288BA
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061226D9
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0612632E
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06123FA8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061227CC
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06122DEE
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061717A0
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06170A28
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061710D8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06171790
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06170A1A
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061706A9
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_061710CA
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06170070
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624E228
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624DA98
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624CAD8
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624E888
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_0624C190
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06249790
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090935360.0000000006100000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000000.405918172.0000000000D58000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAVQLDHVxfeJcEJORCVRTUhzebdEHsaUsMABhvaF.exe4 vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090907138.00000000060F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090185724.0000000005B30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2089997220.0000000005670000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewbemdisp.tlbj% vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090761681.0000000006090000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086046732.00000000013E0000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs gsX7l6DQFz.exe
                    Source: gsX7l6DQFz.exeBinary or memory string: OriginalFilenameAVQLDHVxfeJcEJORCVRTUhzebdEHsaUsMABhvaF.exe4 vs gsX7l6DQFz.exe
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB1E6 AdjustTokenPrivileges,
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_013DB1AF AdjustTokenPrivileges,
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                    Source: gsX7l6DQFz.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\497ab1dd171eeef956401f1aeb0b9fec\mscorlib.ni.dll
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: gsX7l6DQFz.exeVirustotal: Detection: 56%
                    Source: gsX7l6DQFz.exeReversingLabs: Detection: 72%
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                    Source: gsX7l6DQFz.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll
                    Source: gsX7l6DQFz.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                    Source: Binary string: mscorrc.pdb source: gsX7l6DQFz.exe, 00000000.00000002.2090761681.0000000006090000.00000002.00000001.sdmp

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D13ACF push FFFFFFF4h; retf
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D1649A push eax; ret
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D148B2 push edx; ret
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D16C37 push esp; retf
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D14934 push esi; ret
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_00D13738 pushad ; ret

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion:

                    barindex
                    Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -420000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -148280s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -325017s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -146720s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87327s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -145000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -115564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -143750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57312s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -228376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -198079s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -111812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -139295s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -138750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -192500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -82173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -109188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -135235s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -134765s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80532s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80109s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -106376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -159000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -79032s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -78468s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -130235s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -128985s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77109s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -102000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -101188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75609s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75141s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -74859s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73923s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -98000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72891s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -120235s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47688s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47312s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -116485s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -69141s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -68814s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -91436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45468s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -133782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -133218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -65859s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -131064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -174000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -129936s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -107735s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -64032s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -63282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -62718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -145250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41312s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61641s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40594s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -101015s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99530s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -118500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -78564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97735s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97265s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -115782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96015s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -74564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -74188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90470s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -35906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -142752s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -124250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105846s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -122500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -86955s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -121079s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -34282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85235s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -67812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -100782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50109s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -82970s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49077s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -113750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96936s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80235s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -142173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44859s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44109s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72970s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42468s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41859s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -66250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39423s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38391s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38109s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37032s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36468s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57970s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -43188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -53205s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -63282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37735s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38829s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -149530s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -148750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -88218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -117188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87141s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57594s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -112376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55688s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55094s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54626s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80577s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -107000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -155718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77577s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -154500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76923s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51094s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73641s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -97812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -146064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -168000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -95564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -166579s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47094s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -117265s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -92812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -69282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -115000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -68673s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -113985s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -112265s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -65109s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -83188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61923s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61077s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60327s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -95235s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56532s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -109218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -126000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87030s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -102936s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50577s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48423s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -78515s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46359s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45423s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -89346s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -103579s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73205s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72265s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -71485s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41577s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -96250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -81000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -67030s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38577s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -75000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59765s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32532s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51015s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57846s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32970s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -119564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -88173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58626s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -87609s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -116376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -144220s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -84141s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -111624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -111188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -164064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80673s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -107188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -79827s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76077s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49312s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -169750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -72423s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -94752s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93752s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -93000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -90188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -88376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -64500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -149079s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -125064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -123000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -81624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59532s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56109s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -65376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46827s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -64765s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37827s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55780s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30423s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49455s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -35000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4692Thread sleep count: 116 > 30
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4692Thread sleep time: -58000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -89391s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -117812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85359s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56688s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -81282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -79641s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -105188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77814s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77532s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -99752s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49688s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -95624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -70032s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -91000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44626s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -43188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61314s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -61032s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -98985s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -77436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -134750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -112782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37312s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52641s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52032s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -69000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -68000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32594s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48609s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -64000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -31782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -62564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46641s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40641s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -66015s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -89250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59220s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -35250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50470s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -34624s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -142030s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -82923s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -137030s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -109000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76359s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -176750s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48468s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -67173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -66564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44094s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -43718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -106955s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -83812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -83436s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -101250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -37126s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -91250s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -71188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -34188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33688s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -67000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -35064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -34314s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -85923s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47906s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -44876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -60468s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40126s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39218s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55359s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32968s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30468s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40923s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39891s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38532s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33141s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51626s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -73077s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -68718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -67968s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -41876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38688s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33876s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36564s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54000s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -53376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52282s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -65391s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40626s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -39718s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58500s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55173s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54423s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54141s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -35406s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -52782s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -34376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -76032s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49812s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49626s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -49376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50064s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32188s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -30376s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -59314s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -83862s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55720s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -80862s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51908s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -51408s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47814s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -47408s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -46720s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -43314s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -42408s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -38314s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56112s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -36314s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33126s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -32908s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -33471s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58814s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -58408s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -86862s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -57720s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -56814s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -55220s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54970s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -54314s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -50908s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -48408s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -45408s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exe TID: 4996Thread sleep time: -40408s >= -30000s
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeLast function: Thread delayed
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090185724.0000000005B30000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090185724.0000000005B30000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090185724.0000000005B30000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086146337.000000000141B000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2090185724.0000000005B30000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess information queried: ProcessInformation

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeCode function: 0_2_06128CE8 LdrInitializeThunk,
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeProcess token adjusted: Debug
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeMemory allocated: page read and write | page guard

                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086875783.0000000001AB0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086875783.0000000001AB0000.00000002.00000001.sdmpBinary or memory string: Progman
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086875783.0000000001AB0000.00000002.00000001.sdmpBinary or memory string: RProgram Managerm
                    Source: gsX7l6DQFz.exe, 00000000.00000002.2086875783.0000000001AB0000.00000002.00000001.sdmpBinary or memory string: Progmanlock

                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

                    Stealing of Sensitive Information:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: gsX7l6DQFz.exe, type: SAMPLE
                    Source: Yara matchFile source: .text, type: SAMPLE
                    Source: Yara matchFile source: 00000000.00000002.2085394847.0000000000D12000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.405781732.0000000000D12000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: gsX7l6DQFz.exe PID: 2160, type: MEMORY
                    Source: Yara matchFile source: 0.2.gsX7l6DQFz.exe.d10000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.0.gsX7l6DQFz.exe.d10000.0.unpack, type: UNPACKEDPE
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)Show sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Tries to harvest and steal ftp login credentialsShow sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\
                    Tries to steal Mail credentials (via file access)Show sources
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: C:\Users\user\Desktop\gsX7l6DQFz.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                    Source: Yara matchFile source: 00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: gsX7l6DQFz.exe PID: 2160, type: MEMORY

                    Remote Access Functionality:

                    barindex
                    Yara detected AgentTeslaShow sources
                    Source: Yara matchFile source: gsX7l6DQFz.exe, type: SAMPLE
                    Source: Yara matchFile source: .text, type: SAMPLE
                    Source: Yara matchFile source: 00000000.00000002.2085394847.0000000000D12000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000000.405781732.0000000000D12000.00000002.00020000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2088507685.00000000033D0000.00000004.00000001.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: gsX7l6DQFz.exe PID: 2160, type: MEMORY
                    Source: Yara matchFile source: 0.2.gsX7l6DQFz.exe.d10000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.0.gsX7l6DQFz.exe.d10000.0.unpack, type: UNPACKEDPE

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    Valid AccountsWindows Management Instrumentation211Winlogon Helper DLLAccess Token Manipulation1Disabling Security Tools1Credential Dumping2Virtualization/Sandbox Evasion13Remote File Copy1Email Collection1Data Encrypted1Standard Cryptographic Protocol1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Replication Through Removable MediaService ExecutionPort MonitorsProcess Injection1Virtualization/Sandbox Evasion13Input Capture1Process Discovery2Remote ServicesInput Capture1Exfiltration Over Other Network MediumUncommonly Used Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    External Remote ServicesWindows Management InstrumentationAccessibility FeaturesPath InterceptionAccess Token Manipulation1Credentials in Registry1Security Software Discovery111Windows Remote ManagementData from Local System2Automated ExfiltrationRemote File Copy1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Drive-by CompromiseScheduled TaskSystem FirmwareDLL Search Order HijackingProcess Injection1Credentials in FilesRemote System Discovery1Logon ScriptsInput CaptureData EncryptedStandard Non-Application Layer Protocol1SIM Card SwapPremium SMS Toll Fraud
                    Exploit Public-Facing ApplicationCommand-Line InterfaceShortcut ModificationFile System Permissions WeaknessObfuscated Files or Information1Account ManipulationFile and Directory Discovery1Shared WebrootData StagedScheduled TransferStandard Application Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Spearphishing LinkGraphical User InterfaceModify Existing ServiceNew ServiceDLL Search Order HijackingBrute ForceSystem Information Discovery114Third-party SoftwareScreen CaptureData Transfer Size LimitsCommonly Used PortJamming or Denial of ServiceAbuse Accessibility Features

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic