59c6312cbd9dc0f6be824baebbe6c639b9dc86a681469c473f268c13184a2ec9

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Invoice Soft Copy.exe
Size

1.3MB
MD5

bc80e0abde33958eb5d7c7ba426b829a
SHA1

2b51dc7ca66d1f19ef84c77c29dba7a8dda0b997
SHA256

2742619ddf2b194eac50b27148df58c484a42997ff6c0a04b03448d6514362a8
SHA512

5234c48915aae6e031ce3df69fe54537c099625574f7b14b43872e4f692f2a64d6b773d726857fee61ae889bb846cc8c465b008fc0f851a43698f6f055a751eb
SSDEEP

24576:HqDEvCTbMWu7rQYlBQcBiT6rprG8ar/3V7rDtFAYiKibkZ0EL4:HTvC/MTQYxsWR7ar/FrDt9iKiwZHL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Invoice Soft Copy.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
648	Invoice Soft Copy.exe
648	Invoice Soft Copy.exe
2400	Invoice Soft Copy.exe
2400	Invoice Soft Copy.exe
3020	Invoice Soft Copy.exe
3020	Invoice Soft Copy.exe
2752	Invoice Soft Copy.exe
2752	Invoice Soft Copy.exe
2780	Invoice Soft Copy.exe
2780	Invoice Soft Copy.exe
2908	Invoice Soft Copy.exe
2908	Invoice Soft Copy.exe
2760	Invoice Soft Copy.exe
2760	Invoice Soft Copy.exe
2656	Invoice Soft Copy.exe
2656	Invoice Soft Copy.exe
2516	Invoice Soft Copy.exe
2516	Invoice Soft Copy.exe
936	Invoice Soft Copy.exe
936	Invoice Soft Copy.exe
1512	Invoice Soft Copy.exe
1512	Invoice Soft Copy.exe
264	Invoice Soft Copy.exe
264	Invoice Soft Copy.exe
1888	Invoice Soft Copy.exe
1888	Invoice Soft Copy.exe
2020	Invoice Soft Copy.exe
2020	Invoice Soft Copy.exe
2176	Invoice Soft Copy.exe
2176	Invoice Soft Copy.exe
2120	Invoice Soft Copy.exe
2120	Invoice Soft Copy.exe
2448	Invoice Soft Copy.exe
2448	Invoice Soft Copy.exe
1192	Invoice Soft Copy.exe
1192	Invoice Soft Copy.exe
2572	Invoice Soft Copy.exe
2572	Invoice Soft Copy.exe
1340	Invoice Soft Copy.exe
1340	Invoice Soft Copy.exe
564	Invoice Soft Copy.exe
564	Invoice Soft Copy.exe
2552	Invoice Soft Copy.exe
2552	Invoice Soft Copy.exe
1172	Invoice Soft Copy.exe
1172	Invoice Soft Copy.exe
2172	Invoice Soft Copy.exe
2172	Invoice Soft Copy.exe
1856	Invoice Soft Copy.exe
1856	Invoice Soft Copy.exe
2912	Invoice Soft Copy.exe
2912	Invoice Soft Copy.exe
2716	Invoice Soft Copy.exe
2716	Invoice Soft Copy.exe
2892	Invoice Soft Copy.exe
2892	Invoice Soft Copy.exe
2756	Invoice Soft Copy.exe
2756	Invoice Soft Copy.exe
2648	Invoice Soft Copy.exe
2648	Invoice Soft Copy.exe
2624	Invoice Soft Copy.exe
2624	Invoice Soft Copy.exe
2344	Invoice Soft Copy.exe
2344	Invoice Soft Copy.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
648	Invoice Soft Copy.exe
648	Invoice Soft Copy.exe
2400	Invoice Soft Copy.exe
2400	Invoice Soft Copy.exe
3020	Invoice Soft Copy.exe
3020	Invoice Soft Copy.exe
2752	Invoice Soft Copy.exe
2752	Invoice Soft Copy.exe
2780	Invoice Soft Copy.exe
2780	Invoice Soft Copy.exe
2908	Invoice Soft Copy.exe
2908	Invoice Soft Copy.exe
2760	Invoice Soft Copy.exe
2760	Invoice Soft Copy.exe
2656	Invoice Soft Copy.exe
2656	Invoice Soft Copy.exe
2516	Invoice Soft Copy.exe
2516	Invoice Soft Copy.exe
936	Invoice Soft Copy.exe
936	Invoice Soft Copy.exe
1512	Invoice Soft Copy.exe
1512	Invoice Soft Copy.exe
264	Invoice Soft Copy.exe
264	Invoice Soft Copy.exe
1888	Invoice Soft Copy.exe
1888	Invoice Soft Copy.exe
2020	Invoice Soft Copy.exe
2020	Invoice Soft Copy.exe
2176	Invoice Soft Copy.exe
2176	Invoice Soft Copy.exe
2120	Invoice Soft Copy.exe
2120	Invoice Soft Copy.exe
2448	Invoice Soft Copy.exe
2448	Invoice Soft Copy.exe
1192	Invoice Soft Copy.exe
1192	Invoice Soft Copy.exe
2572	Invoice Soft Copy.exe
2572	Invoice Soft Copy.exe
1340	Invoice Soft Copy.exe
1340	Invoice Soft Copy.exe
564	Invoice Soft Copy.exe
564	Invoice Soft Copy.exe
2552	Invoice Soft Copy.exe
2552	Invoice Soft Copy.exe
1172	Invoice Soft Copy.exe
1172	Invoice Soft Copy.exe
2172	Invoice Soft Copy.exe
2172	Invoice Soft Copy.exe
1856	Invoice Soft Copy.exe
1856	Invoice Soft Copy.exe
2912	Invoice Soft Copy.exe
2912	Invoice Soft Copy.exe
2716	Invoice Soft Copy.exe
2716	Invoice Soft Copy.exe
2892	Invoice Soft Copy.exe
2892	Invoice Soft Copy.exe
2756	Invoice Soft Copy.exe
2756	Invoice Soft Copy.exe
2648	Invoice Soft Copy.exe
2648	Invoice Soft Copy.exe
2624	Invoice Soft Copy.exe
2624	Invoice Soft Copy.exe
2344	Invoice Soft Copy.exe
2344	Invoice Soft Copy.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 2400	648	Invoice Soft Copy.exe	30
PID 648 wrote to memory of 2400	648	Invoice Soft Copy.exe	30
PID 648 wrote to memory of 2400	648	Invoice Soft Copy.exe	30
PID 648 wrote to memory of 2400	648	Invoice Soft Copy.exe	30
PID 2400 wrote to memory of 3020	2400	Invoice Soft Copy.exe	31
PID 2400 wrote to memory of 3020	2400	Invoice Soft Copy.exe	31
PID 2400 wrote to memory of 3020	2400	Invoice Soft Copy.exe	31
PID 2400 wrote to memory of 3020	2400	Invoice Soft Copy.exe	31
PID 3020 wrote to memory of 2752	3020	Invoice Soft Copy.exe	32
PID 3020 wrote to memory of 2752	3020	Invoice Soft Copy.exe	32
PID 3020 wrote to memory of 2752	3020	Invoice Soft Copy.exe	32
PID 3020 wrote to memory of 2752	3020	Invoice Soft Copy.exe	32
PID 2752 wrote to memory of 2780	2752	Invoice Soft Copy.exe	33
PID 2752 wrote to memory of 2780	2752	Invoice Soft Copy.exe	33
PID 2752 wrote to memory of 2780	2752	Invoice Soft Copy.exe	33
PID 2752 wrote to memory of 2780	2752	Invoice Soft Copy.exe	33
PID 2780 wrote to memory of 2908	2780	Invoice Soft Copy.exe	34
PID 2780 wrote to memory of 2908	2780	Invoice Soft Copy.exe	34
PID 2780 wrote to memory of 2908	2780	Invoice Soft Copy.exe	34
PID 2780 wrote to memory of 2908	2780	Invoice Soft Copy.exe	34
PID 2908 wrote to memory of 2760	2908	Invoice Soft Copy.exe	35
PID 2908 wrote to memory of 2760	2908	Invoice Soft Copy.exe	35
PID 2908 wrote to memory of 2760	2908	Invoice Soft Copy.exe	35
PID 2908 wrote to memory of 2760	2908	Invoice Soft Copy.exe	35
PID 2760 wrote to memory of 2656	2760	Invoice Soft Copy.exe	36
PID 2760 wrote to memory of 2656	2760	Invoice Soft Copy.exe	36
PID 2760 wrote to memory of 2656	2760	Invoice Soft Copy.exe	36
PID 2760 wrote to memory of 2656	2760	Invoice Soft Copy.exe	36
PID 2656 wrote to memory of 2516	2656	Invoice Soft Copy.exe	37
PID 2656 wrote to memory of 2516	2656	Invoice Soft Copy.exe	37
PID 2656 wrote to memory of 2516	2656	Invoice Soft Copy.exe	37
PID 2656 wrote to memory of 2516	2656	Invoice Soft Copy.exe	37
PID 2516 wrote to memory of 936	2516	Invoice Soft Copy.exe	38
PID 2516 wrote to memory of 936	2516	Invoice Soft Copy.exe	38
PID 2516 wrote to memory of 936	2516	Invoice Soft Copy.exe	38
PID 2516 wrote to memory of 936	2516	Invoice Soft Copy.exe	38
PID 936 wrote to memory of 1512	936	Invoice Soft Copy.exe	39
PID 936 wrote to memory of 1512	936	Invoice Soft Copy.exe	39
PID 936 wrote to memory of 1512	936	Invoice Soft Copy.exe	39
PID 936 wrote to memory of 1512	936	Invoice Soft Copy.exe	39
PID 1512 wrote to memory of 264	1512	Invoice Soft Copy.exe	40
PID 1512 wrote to memory of 264	1512	Invoice Soft Copy.exe	40
PID 1512 wrote to memory of 264	1512	Invoice Soft Copy.exe	40
PID 1512 wrote to memory of 264	1512	Invoice Soft Copy.exe	40
PID 264 wrote to memory of 1888	264	Invoice Soft Copy.exe	41
PID 264 wrote to memory of 1888	264	Invoice Soft Copy.exe	41
PID 264 wrote to memory of 1888	264	Invoice Soft Copy.exe	41
PID 264 wrote to memory of 1888	264	Invoice Soft Copy.exe	41
PID 1888 wrote to memory of 2020	1888	Invoice Soft Copy.exe	42
PID 1888 wrote to memory of 2020	1888	Invoice Soft Copy.exe	42
PID 1888 wrote to memory of 2020	1888	Invoice Soft Copy.exe	42
PID 1888 wrote to memory of 2020	1888	Invoice Soft Copy.exe	42
PID 2020 wrote to memory of 2176	2020	Invoice Soft Copy.exe	43
PID 2020 wrote to memory of 2176	2020	Invoice Soft Copy.exe	43
PID 2020 wrote to memory of 2176	2020	Invoice Soft Copy.exe	43
PID 2020 wrote to memory of 2176	2020	Invoice Soft Copy.exe	43
PID 2176 wrote to memory of 2120	2176	Invoice Soft Copy.exe	45
PID 2176 wrote to memory of 2120	2176	Invoice Soft Copy.exe	45
PID 2176 wrote to memory of 2120	2176	Invoice Soft Copy.exe	45
PID 2176 wrote to memory of 2120	2176	Invoice Soft Copy.exe	45
PID 2120 wrote to memory of 2448	2120	Invoice Soft Copy.exe	46
PID 2120 wrote to memory of 2448	2120	Invoice Soft Copy.exe	46
PID 2120 wrote to memory of 2448	2120	Invoice Soft Copy.exe	46
PID 2120 wrote to memory of 2448	2120	Invoice Soft Copy.exe	46

C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
"C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:648
- C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
  "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
    "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
      "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
      4⤵
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        5⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        9⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        10⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        11⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        12⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        13⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        14⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        15⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        16⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        17⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        18⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        19⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        20⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        21⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        22⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        23⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        24⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        25⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        26⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        27⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        28⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        29⤵
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        30⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        31⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        32⤵
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        33⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        34⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        35⤵
        System Location Discovery: System Language Discovery
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        36⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        37⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        38⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        39⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        40⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        41⤵
        System Location Discovery: System Language Discovery
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        42⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        43⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        44⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        45⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        46⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        47⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        48⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        49⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        50⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        51⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        52⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        53⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        54⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        55⤵
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        56⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        57⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        58⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        59⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        60⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        61⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        62⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        63⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        64⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        65⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        66⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        67⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        68⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        70⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        71⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        73⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        74⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        77⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        78⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        80⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        81⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        83⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        84⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        85⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        86⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        88⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        89⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        91⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        92⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        94⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        95⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        96⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        102⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        104⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        106⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        107⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        108⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        109⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        110⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        111⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        112⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        113⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        114⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        115⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        117⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        119⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        120⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        121⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        122⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        123⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        125⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        127⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        129⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        130⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        131⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        133⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        134⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        135⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        136⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        139⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        141⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        143⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        144⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        145⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        146⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        147⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        148⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        149⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        152⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        153⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        154⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        155⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        156⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        157⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        158⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        159⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        160⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        161⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        163⤵
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        164⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        165⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        166⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        167⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        168⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        169⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        171⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        172⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        173⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        174⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        175⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        177⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        178⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        179⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        180⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        181⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        182⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        185⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        186⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        187⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        188⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        189⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        191⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        192⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        193⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        194⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        195⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        196⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        199⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        200⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        201⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        202⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        203⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        204⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        205⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        206⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        207⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        208⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        209⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Invoice Soft Copy.exe"
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autA62E.tmp

Filesize
422KB

MD5
3610f992197e5fc9504276cb6d622a29

SHA1
b3260c15fa136bfbf46165679e5dce9aeb499cf8

SHA256
e6be1fc5b3a5e4a291513ecde3cc47314fd0595ec38d2174cabb9a8236bb8788

SHA512
66beb764822d742c9d5ea5ffe425b0b57fba28214e317aa2ac5c3f22978a01045b175992e7940f337ad358f2247ee0ff6f71f680d2bfe2f50b80cc0e78190863

Download Submit
C:\Users\Admin\AppData\Local\Temp\autA63F.tmp

Filesize
42KB

MD5
8df6a0ca8ab92080ced195d8d1e4cb47

SHA1
9e7d7160f8567366fa5db8c558988693a0792f2b

SHA256
c2a17dc95859e594285041d70707e10c2eb5580ff8369c91298e5e3303c58848

SHA512
36ed00bd92eee6c6bb98b910962bc0001d509d5c6ccda4ef1aaa04a8900efd2e0f9d6270eb5607daf3f63c6232e9acfa8b1fe7360ffa23eeba59b53055d3f354

Download Submit
C:\Users\Admin\AppData\Local\Temp\putrefactible

Filesize
84KB

MD5
c3bfc167d5006184ddd11ec99307fa0f

SHA1
b210cc86dd3e95b0eabac28fa116610d579ce3f8

SHA256
9ff57b00069614d3059443de1e842809e31edcc7ab82ea9c675e77e4e88d907d

SHA512
278dfb786e6df768f52577e1f2092b7f2152fb0a57ecbd2b4e30fb27ac3e0c29f49b57a804fba0413777580fab898223cee28c789d58b9adbe9b807e287e3904

Download Submit
C:\Users\Admin\AppData\Local\Temp\spado

Filesize
483KB

MD5
bf34fe868b82767f530cb8f79bf9a622

SHA1
ae1cf65b39321cac8a2e26a3c57b5ab03fd396b6

SHA256
1fdf00ca4a152bc315f9283107271ef09fedeca05615c7b0f16b3393df000be4

SHA512
b7f17201770ad3a7f94e2973f20cdbdcd4cb9729f6309f858f6af09856270c83203d4ee73dc2737a4a3e73d52b65af9b394e84ab989bd20256a3517aaf621cbf

Download Submit
memory/648-11-0x0000000000130000-0x0000000000134000-memory.dmp

Filesize
16KB

Download