Loading ...

Play interactive tourEdit tour

Analysis Report TNT E-Invoice Consignment Delivey Notification_pdf.exe

Overview

General Information

Sample Name:TNT E-Invoice Consignment Delivey Notification_pdf.exe
Analysis ID:255464
MD5:bbebe99bf36cb3dc4c3c37a9487468ac
SHA1:b3c4734cbc3846304647fbf6854f6cbb3c0ab635
SHA256:4524f74c75340e0761a5e4e0f3c070fb96a364de054fead9c96c8ee8f4f81f0a

Most interesting Screenshot:

Detection

AgentTesla Matiex
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Sigma detected: Capture Wi-Fi password
Yara detected AgentTesla
Yara detected Matiex Keylogger
Binary contains a suspicious time stamp
Creates an undocumented autostart registry key
Executable has a suspicious name (potential lure to open the executable)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
May check the online IP address of the machine
Tries to harvest and steal WLAN passwords
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses netsh to modify the Windows network and firewall settings
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains strange resources
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "", "URL: ": "", "To: ": "support@minioninvest.com", "ByHost: ": "mail.minioninvest.com:587", "Password: ": "", "From: ": "support@minioninvest.com"}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
TNT E-Invoice Consignment Delivey Notification_pdf.exeMAL_RANSOM_COVID19_Apr20_1Detects ransomware distributed in COVID-19 themeFlorian Roth
  • 0x5c057:$op2: 60 2E 2E 2E AF 34 34 34 B8 34 34 34 B8 34 34 34
  • 0x636bf:$op3: 1F 07 1A 37 85 05 05 36 83 05 05 36 83 05 05 34

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.504537170.0000000000402000.00000040.00000001.sdmpJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
    00000000.00000002.250172196.0000000005130000.00000004.00000001.sdmpJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
      00000000.00000002.247412294.0000000003D51000.00000004.00000001.sdmpJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
        00000000.00000002.248239236.000000000400F000.00000004.00000001.sdmpJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
          00000000.00000002.247605869.0000000003E4C000.00000004.00000001.sdmpJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.TNT E-Invoice Consignment Delivey Notification_pdf.exe.770000.0.unpackMAL_RANSOM_COVID19_Apr20_1Detects ransomware distributed in COVID-19 themeFlorian Roth
            • 0x5c057:$op2: 60 2E 2E 2E AF 34 34 34 B8 34 34 34 B8 34 34 34
            • 0x636bf:$op3: 1F 07 1A 37 85 05 05 36 83 05 05 36 83 05 05 34
            2.2.TNT E-Invoice Consignment Delivey Notification_pdf.exe.990000.1.unpackMAL_RANSOM_COVID19_Apr20_1Detects ransomware distributed in COVID-19 themeFlorian Roth
            • 0x5c057:$op2: 60 2E 2E 2E AF 34 34 34 B8 34 34 34 B8 34 34 34
            • 0x636bf:$op3: 1F 07 1A 37 85 05 05 36 83 05 05 36 83 05 05 34
            0.0.TNT E-Invoice Consignment Delivey Notification_pdf.exe.770000.0.unpackMAL_RANSOM_COVID19_Apr20_1Detects ransomware distributed in COVID-19 themeFlorian Roth
            • 0x5c057:$op2: 60 2E 2E 2E AF 34 34 34 B8 34 34 34 B8 34 34 34
            • 0x636bf:$op3: 1F 07 1A 37 85 05 05 36 83 05 05 36 83 05 05 34
            2.0.TNT E-Invoice Consignment Delivey Notification_pdf.exe.990000.0.unpackMAL_RANSOM_COVID19_Apr20_1Detects ransomware distributed in COVID-19 themeFlorian Roth
            • 0x5c057:$op2: 60 2E 2E 2E AF 34 34 34 B8 34 34 34 B8 34 34 34
            • 0x636bf:$op3: 1F 07 1A 37 85 05 05 36 83 05 05 36 83 05 05 34
            0.2.TNT E-Invoice Consignment Delivey Notification_pdf.exe.5130000.2.raw.unpackJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
              Click to see the 2 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Capture Wi-Fi passwordShow sources
              Source: Process startedAuthor: Joe Security: Data: Command: 'netsh' wlan show profile, CommandLine: 'netsh' wlan show profile, CommandLine|base64offset|contains: V, Image: C:\Windows\SysWOW64\netsh.exe, NewProcessName: C:\Windows\SysWOW64\netsh.exe, OriginalFileName: C:\Windows\SysWOW64\netsh.exe, ParentCommandLine: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe, ParentImage: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe, ParentProcessId: 6736, ProcessCommandLine: 'netsh' wlan show profile, ProcessId: 7160

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe.6736.2.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "", "URL: ": "", "To: ": "support@minioninvest.com", "ByHost: ": "mail.minioninvest.com:587", "Password: ": "", "From: ": "support@minioninvest.com"}
              Machine Learning detection for sampleShow sources
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeJoe Sandbox ML: detected

              Networking:

              barindex
              May check the online IP address of the machineShow sources
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: unknownDNS query: name: checkip.dyndns.org
              Source: global trafficTCP traffic: 192.168.2.3:49737 -> 31.220.105.79:587
              Source: global trafficTCP traffic: 192.168.2.3:49737 -> 31.220.105.79:587
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
              Source: unknownDNS traffic detected: queries for: checkip.dyndns.org
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.507501279.00000000011A8000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudFlareIncECCCA-2.crt0
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508394469.0000000002D81000.00000004.00000001.sdmpString found in binary or memory: http://checkip.dyndns.org
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508394469.0000000002D81000.00000004.00000001.sdmpString found in binary or memory: http://checkip.dyndns.org/
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508394469.0000000002D81000.00000004.00000001.sdmpString found in binary or memory: http://checkip.dyndns.org/HB
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000003.410771451.00000000066D6000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoc5
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.507501279.00000000011A8000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.510303286.0000000002F5D000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.518153381.000000000669B000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.507501279.00000000011A8000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/CO
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.510303286.0000000002F5D000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000003.410604964.000000000670C000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthor
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000003.410771451.00000000066D6000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthorY
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.510303286.0000000002F5D000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/cPanelIncCertificationAuthority.crl0
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.507501279.00000000011A8000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudFlareIncECCCA2.crl06
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.518275373.00000000066C9000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0=
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.507501279.00000000011A8000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudFlareIncECCCA2.crl0L
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.510303286.0000000002F5D000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.507501279.00000000011A8000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.518275373.00000000066C9000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508394469.0000000002D81000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508394469.0000000002D81000.00000004.00000001.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508665131.0000000002DE5000.00000004.00000001.sdmp, TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508505180.0000000002DB5000.00000004.00000001.sdmpString found in binary or memory: https://freegeoip.app/xml/91.132.136.174
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508505180.0000000002DB5000.00000004.00000001.sdmpString found in binary or memory: https://freegeoip.app/xml/91.132.136.174leP
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508394469.0000000002D81000.00000004.00000001.sdmpString found in binary or memory: https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508505180.0000000002DB5000.00000004.00000001.sdmpString found in binary or memory: https://freegeoip.app/xml/esP
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508505180.0000000002DB5000.00000004.00000001.sdmpString found in binary or memory: https://freegeoip.appMoP
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508394469.0000000002D81000.00000004.00000001.sdmpString found in binary or memory: https://i.imgur.com/GJD7Q5y.png
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508639726.0000000002DD4000.00000004.00000001.sdmp, TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508618994.0000000002DD0000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.510303286.0000000002F5D000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000003.410496942.00000000066C5000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0l
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.518275373.00000000066C9000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.508665131.0000000002DE5000.00000004.00000001.sdmpString found in binary or memory: https://www.geodatatool.com/en/?ip=
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.510675883.0000000002FC5000.00000004.00000001.sdmpString found in binary or memory: https://www.geodatatool.com/en/?ip=3D91.132.136.174=0D=0A=0D=0A=
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.510303286.0000000002F5D000.00000004.00000001.sdmpString found in binary or memory: https://www.geodatatool.com/en/?ip=91.132.136.174
              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

              System Summary:

              barindex
              Executable has a suspicious name (potential lure to open the executable)Show sources
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeStatic file information: Suspicious name
              Initial sample is a PE file and has a suspicious nameShow sources
              Source: initial sampleStatic PE information: Filename: TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: initial sampleStatic PE information: Filename: TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 0_2_0125AD700_2_0125AD70
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 0_2_02D23DD00_2_02D23DD0
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 0_2_02D23DE00_2_02D23DE0
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C2D0D02_2_02C2D0D0
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C2F1102_2_02C2F110
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C205922_2_02C20592
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C2D9A02_2_02C2D9A0
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C2CD882_2_02C2CD88
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C215602_2_02C21560
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C20AA92_2_02C20AA9
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_02C289182_2_02C28918
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_05F34B982_2_05F34B98
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_05F382B02_2_05F382B0
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067CE4682_2_067CE468
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067C85FF2_2_067C85FF
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067CB7582_2_067CB758
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067CDE182_2_067CDE18
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067CE4082_2_067CE408
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067C8F712_2_067C8F71
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeBinary or memory string: OriginalFilename vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000000.00000002.247153084.0000000002B30000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameNuGet.Build.Tasks.Console.exe, vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000000.00000002.247412294.0000000003D51000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameVNXT.exe* vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000000.00000002.246558314.0000000000772000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSettingsMigrator.exeB vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000000.00000002.250172196.0000000005130000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameH.exe4 vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeBinary or memory string: OriginalFilename vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.505296918.0000000000470000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameH.exe4 vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.520375664.00000000069C9000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.506847439.00000000010E0000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.505409322.0000000000992000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSettingsMigrator.exeB vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.504537170.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameVNXT.exe* vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.517674277.0000000005F40000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeBinary or memory string: OriginalFilenameSettingsMigrator.exeB vs TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, type: SAMPLEMatched rule: MAL_RANSOM_COVID19_Apr20_1 date = 2020-04-15, hash1 = 2779863a173ff975148cb3156ee593cb5719a0ab238ea7c9e0b0ca3b5a4a9326, author = Florian Roth, description = Detects ransomware distributed in COVID-19 theme, reference = https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
              Source: 0.2.TNT E-Invoice Consignment Delivey Notification_pdf.exe.770000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_COVID19_Apr20_1 date = 2020-04-15, hash1 = 2779863a173ff975148cb3156ee593cb5719a0ab238ea7c9e0b0ca3b5a4a9326, author = Florian Roth, description = Detects ransomware distributed in COVID-19 theme, reference = https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
              Source: 2.2.TNT E-Invoice Consignment Delivey Notification_pdf.exe.990000.1.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_COVID19_Apr20_1 date = 2020-04-15, hash1 = 2779863a173ff975148cb3156ee593cb5719a0ab238ea7c9e0b0ca3b5a4a9326, author = Florian Roth, description = Detects ransomware distributed in COVID-19 theme, reference = https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
              Source: 0.0.TNT E-Invoice Consignment Delivey Notification_pdf.exe.770000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_COVID19_Apr20_1 date = 2020-04-15, hash1 = 2779863a173ff975148cb3156ee593cb5719a0ab238ea7c9e0b0ca3b5a4a9326, author = Florian Roth, description = Detects ransomware distributed in COVID-19 theme, reference = https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
              Source: 2.0.TNT E-Invoice Consignment Delivey Notification_pdf.exe.990000.0.unpack, type: UNPACKEDPEMatched rule: MAL_RANSOM_COVID19_Apr20_1 date = 2020-04-15, hash1 = 2779863a173ff975148cb3156ee593cb5719a0ab238ea7c9e0b0ca3b5a4a9326, author = Florian Roth, description = Detects ransomware distributed in COVID-19 theme, reference = https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/1@7/4
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TNT E-Invoice Consignment Delivey Notification_pdf.exe.logJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4696:120:WilError_01
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe 'C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe'
              Source: unknownProcess created: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe
              Source: unknownProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profile
              Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess created: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess created: C:\Windows\SysWOW64\netsh.exe 'netsh' wlan show profileJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
              Source: Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000000.00000002.247412294.0000000003D51000.00000004.00000001.sdmp, TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.504537170.0000000000402000.00000040.00000001.sdmp
              Source: Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000000.00000002.247412294.0000000003D51000.00000004.00000001.sdmp, TNT E-Invoice Consignment Delivey Notification_pdf.exe, 00000002.00000002.504537170.0000000000402000.00000040.00000001.sdmp

              Data Obfuscation:

              barindex
              Binary contains a suspicious time stampShow sources
              Source: initial sampleStatic PE information: 0xABE2619B [Thu May 19 14:54:19 2061 UTC]
              Source: TNT E-Invoice Consignment Delivey Notification_pdf.exeStatic PE information: real checksum: 0x581ee should be: 0x72a21
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067CB73F pushad ; ret 2_2_067CB756
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067CB2D0 pushad ; ret 2_2_067CB2E6
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeCode function: 2_2_067C20F1 push B805F0FBh; ret 2_2_067C20FD

              Boot Survival:

              barindex
              Creates an undocumented autostart registry key Show sources
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeKey value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon shellJump to behavior

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Icon mismatch, binary includes an icon from a different legit application in order to fool usersShow sources
              Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: icon (2112).png
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 6696Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -200000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -99844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -199500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -99641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -99500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -99391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -99297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -99188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -99094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -198000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -98000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -194500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -97000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -96000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95688s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95141s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -95000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94688s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94594s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94141s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -94047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93688s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93594s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93141s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -93047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -185500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92594s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -92047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91203s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -91047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -90000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89282s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -89047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88657s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -88047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -87000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86297s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -86000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -85000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84688s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84438s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84141s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -84000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83891s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83688s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83594s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83141s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -83047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82688s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82594s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82141s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -82047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81688s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81594s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81391s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81250s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81141s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -81047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -80938s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -80844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -80750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\TNT E-Invoice Consignment Delivey Notification_pdf.exe TID: 5612Thread sleep time: -80594s >= -30000s