379fd5ec4ea9f51ff22c2f99d680fae3066dbfc664f4acf6d47c5c501d192ebd

Analysis

max time kernel
144s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file01.vbs
Size

4KB
MD5

d94eb511487eb2dbb55788317bc294fb
SHA1

87b9ee01ea17bf6845f7f3130efba3600ed83222
SHA256

379fd5ec4ea9f51ff22c2f99d680fae3066dbfc664f4acf6d47c5c501d192ebd
SHA512

75ded8fca929dd35e1c64d4d327d6431fe3b36254fcb15fd6ee963529b1be582e0289083820e979e47c5e01c11688d30837234057576d165fdd47119fb0d17cb
SSDEEP

96:KYrtaAr0Vu6Eg9CBmoceWZHJMzY3p5Uoi:1rtaAwVQIymfnnMz+p50

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2776	WScript.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4864	mspaint.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2144	mspaint.exe
2676	mspaint.exe
2552	mspaint.exe
2676	mspaint.exe
2676	mspaint.exe
2676	mspaint.exe
2552	mspaint.exe
2552	mspaint.exe
2552	mspaint.exe
2144	mspaint.exe
2144	mspaint.exe
2144	mspaint.exe
552	mspaint.exe
552	mspaint.exe
552	mspaint.exe
552	mspaint.exe
2648	mspaint.exe
2648	mspaint.exe
2648	mspaint.exe
2648	mspaint.exe
1728	mspaint.exe
1728	mspaint.exe
1728	mspaint.exe
1728	mspaint.exe
604	mspaint.exe
604	mspaint.exe
604	mspaint.exe
604	mspaint.exe
3040	mspaint.exe
3040	mspaint.exe
3040	mspaint.exe
3040	mspaint.exe
1388	mspaint.exe
1388	mspaint.exe
1388	mspaint.exe
1388	mspaint.exe
892	mspaint.exe
892	mspaint.exe
892	mspaint.exe
892	mspaint.exe
1484	mspaint.exe
1484	mspaint.exe
1484	mspaint.exe
1484	mspaint.exe
2000	mspaint.exe
2000	mspaint.exe
2000	mspaint.exe
2000	mspaint.exe
2576	mspaint.exe
2576	mspaint.exe
2576	mspaint.exe
2576	mspaint.exe
1800	mspaint.exe
1800	mspaint.exe
1800	mspaint.exe
1800	mspaint.exe
2044	mspaint.exe
2044	mspaint.exe
2044	mspaint.exe
2044	mspaint.exe
372	mspaint.exe
372	mspaint.exe
372	mspaint.exe
372	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2912	2776	WScript.exe	28
PID 2776 wrote to memory of 2912	2776	WScript.exe	28
PID 2776 wrote to memory of 2912	2776	WScript.exe	28
PID 2776 wrote to memory of 2144	2776	WScript.exe	30
PID 2776 wrote to memory of 2144	2776	WScript.exe	30
PID 2776 wrote to memory of 2144	2776	WScript.exe	30
PID 2776 wrote to memory of 2516	2776	WScript.exe	31
PID 2776 wrote to memory of 2516	2776	WScript.exe	31
PID 2776 wrote to memory of 2516	2776	WScript.exe	31
PID 2776 wrote to memory of 2676	2776	WScript.exe	33
PID 2776 wrote to memory of 2676	2776	WScript.exe	33
PID 2776 wrote to memory of 2676	2776	WScript.exe	33
PID 2776 wrote to memory of 2712	2776	WScript.exe	34
PID 2776 wrote to memory of 2712	2776	WScript.exe	34
PID 2776 wrote to memory of 2712	2776	WScript.exe	34
PID 2776 wrote to memory of 2552	2776	WScript.exe	36
PID 2776 wrote to memory of 2552	2776	WScript.exe	36
PID 2776 wrote to memory of 2552	2776	WScript.exe	36
PID 2776 wrote to memory of 2944	2776	WScript.exe	37
PID 2776 wrote to memory of 2944	2776	WScript.exe	37
PID 2776 wrote to memory of 2944	2776	WScript.exe	37
PID 2776 wrote to memory of 2572	2776	WScript.exe	40
PID 2776 wrote to memory of 2572	2776	WScript.exe	40
PID 2776 wrote to memory of 2572	2776	WScript.exe	40
PID 2776 wrote to memory of 2696	2776	WScript.exe	41
PID 2776 wrote to memory of 2696	2776	WScript.exe	41
PID 2776 wrote to memory of 2696	2776	WScript.exe	41
PID 2776 wrote to memory of 2528	2776	WScript.exe	43
PID 2776 wrote to memory of 2528	2776	WScript.exe	43
PID 2776 wrote to memory of 2528	2776	WScript.exe	43
PID 2776 wrote to memory of 2860	2776	WScript.exe	44
PID 2776 wrote to memory of 2860	2776	WScript.exe	44
PID 2776 wrote to memory of 2860	2776	WScript.exe	44
PID 2776 wrote to memory of 552	2776	WScript.exe	46
PID 2776 wrote to memory of 552	2776	WScript.exe	46
PID 2776 wrote to memory of 552	2776	WScript.exe	46
PID 2776 wrote to memory of 1080	2776	WScript.exe	47
PID 2776 wrote to memory of 1080	2776	WScript.exe	47
PID 2776 wrote to memory of 1080	2776	WScript.exe	47
PID 2776 wrote to memory of 1100	2776	WScript.exe	49
PID 2776 wrote to memory of 1100	2776	WScript.exe	49
PID 2776 wrote to memory of 1100	2776	WScript.exe	49
PID 2776 wrote to memory of 2004	2776	WScript.exe	50
PID 2776 wrote to memory of 2004	2776	WScript.exe	50
PID 2776 wrote to memory of 2004	2776	WScript.exe	50
PID 2776 wrote to memory of 2648	2776	WScript.exe	52
PID 2776 wrote to memory of 2648	2776	WScript.exe	52
PID 2776 wrote to memory of 2648	2776	WScript.exe	52
PID 2776 wrote to memory of 2632	2776	WScript.exe	53
PID 2776 wrote to memory of 2632	2776	WScript.exe	53
PID 2776 wrote to memory of 2632	2776	WScript.exe	53
PID 2776 wrote to memory of 1728	2776	WScript.exe	56
PID 2776 wrote to memory of 1728	2776	WScript.exe	56
PID 2776 wrote to memory of 1728	2776	WScript.exe	56
PID 2776 wrote to memory of 2316	2776	WScript.exe	57
PID 2776 wrote to memory of 2316	2776	WScript.exe	57
PID 2776 wrote to memory of 2316	2776	WScript.exe	57
PID 2776 wrote to memory of 604	2776	WScript.exe	59
PID 2776 wrote to memory of 604	2776	WScript.exe	59
PID 2776 wrote to memory of 604	2776	WScript.exe	59
PID 2776 wrote to memory of 1796	2776	WScript.exe	60
PID 2776 wrote to memory of 1796	2776	WScript.exe	60
PID 2776 wrote to memory of 1796	2776	WScript.exe	60
PID 2776 wrote to memory of 2504	2776	WScript.exe	62

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\file01.vbs"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert1.exe C:\Users\Admin\Desktop\monitorinvert1.c && C:\Users\Admin\Desktop\monitorinvert1.exe
  2⤵
  PID:2912
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2144
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert2.exe C:\Users\Admin\Desktop\monitorinvert2.c && C:\Users\Admin\Desktop\monitorinvert2.exe
  2⤵
  PID:2516
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2676
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert3.exe C:\Users\Admin\Desktop\monitorinvert3.c && C:\Users\Admin\Desktop\monitorinvert3.exe
  2⤵
  PID:2712
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert4.exe C:\Users\Admin\Desktop\monitorinvert4.c && C:\Users\Admin\Desktop\monitorinvert4.exe
  2⤵
  PID:2944
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2572
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert5.exe C:\Users\Admin\Desktop\monitorinvert5.c && C:\Users\Admin\Desktop\monitorinvert5.exe
  2⤵
  PID:2696
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2528
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert6.exe C:\Users\Admin\Desktop\monitorinvert6.c && C:\Users\Admin\Desktop\monitorinvert6.exe
  2⤵
  PID:2860
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert7.exe C:\Users\Admin\Desktop\monitorinvert7.c && C:\Users\Admin\Desktop\monitorinvert7.exe
  2⤵
  PID:1080
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1100
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert8.exe C:\Users\Admin\Desktop\monitorinvert8.c && C:\Users\Admin\Desktop\monitorinvert8.exe
  2⤵
  PID:2004
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2648
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert9.exe C:\Users\Admin\Desktop\monitorinvert9.c && C:\Users\Admin\Desktop\monitorinvert9.exe
  2⤵
  PID:2632
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:1728
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert10.exe C:\Users\Admin\Desktop\monitorinvert10.c && C:\Users\Admin\Desktop\monitorinvert10.exe
  2⤵
  PID:2316
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:604
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert11.exe C:\Users\Admin\Desktop\monitorinvert11.c && C:\Users\Admin\Desktop\monitorinvert11.exe
  2⤵
  PID:1796
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2504
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert12.exe C:\Users\Admin\Desktop\monitorinvert12.c && C:\Users\Admin\Desktop\monitorinvert12.exe
  2⤵
  PID:2964
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1512
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert13.exe C:\Users\Admin\Desktop\monitorinvert13.c && C:\Users\Admin\Desktop\monitorinvert13.exe
  2⤵
  PID:2992
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:3040
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert14.exe C:\Users\Admin\Desktop\monitorinvert14.c && C:\Users\Admin\Desktop\monitorinvert14.exe
  2⤵
  PID:2292
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert15.exe C:\Users\Admin\Desktop\monitorinvert15.c && C:\Users\Admin\Desktop\monitorinvert15.exe
  2⤵
  PID:2384
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert16.exe C:\Users\Admin\Desktop\monitorinvert16.c && C:\Users\Admin\Desktop\monitorinvert16.exe
  2⤵
  PID:2364
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:892
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert17.exe C:\Users\Admin\Desktop\monitorinvert17.c && C:\Users\Admin\Desktop\monitorinvert17.exe
  2⤵
  PID:948
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:1484
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert18.exe C:\Users\Admin\Desktop\monitorinvert18.c && C:\Users\Admin\Desktop\monitorinvert18.exe
  2⤵
  PID:1392
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1224
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert19.exe C:\Users\Admin\Desktop\monitorinvert19.c && C:\Users\Admin\Desktop\monitorinvert19.exe
  2⤵
  PID:1584
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2000
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert20.exe C:\Users\Admin\Desktop\monitorinvert20.c && C:\Users\Admin\Desktop\monitorinvert20.exe
  2⤵
  PID:2728
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2664
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert21.exe C:\Users\Admin\Desktop\monitorinvert21.c && C:\Users\Admin\Desktop\monitorinvert21.exe
  2⤵
  PID:2564
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert22.exe C:\Users\Admin\Desktop\monitorinvert22.c && C:\Users\Admin\Desktop\monitorinvert22.exe
  2⤵
  PID:2856
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:1800
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert23.exe C:\Users\Admin\Desktop\monitorinvert23.c && C:\Users\Admin\Desktop\monitorinvert23.exe
  2⤵
  PID:2004
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert24.exe C:\Users\Admin\Desktop\monitorinvert24.c && C:\Users\Admin\Desktop\monitorinvert24.exe
  2⤵
  PID:1928
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2044
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert25.exe C:\Users\Admin\Desktop\monitorinvert25.c && C:\Users\Admin\Desktop\monitorinvert25.exe
  2⤵
  PID:1988
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:932
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert26.exe C:\Users\Admin\Desktop\monitorinvert26.c && C:\Users\Admin\Desktop\monitorinvert26.exe
  2⤵
  PID:1796
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2496
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert27.exe C:\Users\Admin\Desktop\monitorinvert27.c && C:\Users\Admin\Desktop\monitorinvert27.exe
  2⤵
  PID:768
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:372
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert28.exe C:\Users\Admin\Desktop\monitorinvert28.c && C:\Users\Admin\Desktop\monitorinvert28.exe
  2⤵
  PID:3048
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:2188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert29.exe C:\Users\Admin\Desktop\monitorinvert29.c && C:\Users\Admin\Desktop\monitorinvert29.exe
  2⤵
  PID:2148
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert30.exe C:\Users\Admin\Desktop\monitorinvert30.c && C:\Users\Admin\Desktop\monitorinvert30.exe
  2⤵
  PID:684
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert31.exe C:\Users\Admin\Desktop\monitorinvert31.c && C:\Users\Admin\Desktop\monitorinvert31.exe
  2⤵
  PID:1504
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert32.exe C:\Users\Admin\Desktop\monitorinvert32.c && C:\Users\Admin\Desktop\monitorinvert32.exe
  2⤵
  PID:2584
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:2236
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert33.exe C:\Users\Admin\Desktop\monitorinvert33.c && C:\Users\Admin\Desktop\monitorinvert33.exe
  2⤵
  PID:2260
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:1588
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert34.exe C:\Users\Admin\Desktop\monitorinvert34.c && C:\Users\Admin\Desktop\monitorinvert34.exe
  2⤵
  PID:2836
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:2640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert35.exe C:\Users\Admin\Desktop\monitorinvert35.c && C:\Users\Admin\Desktop\monitorinvert35.exe
  2⤵
  PID:2712
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:2708
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert36.exe C:\Users\Admin\Desktop\monitorinvert36.c && C:\Users\Admin\Desktop\monitorinvert36.exe
  2⤵
  PID:2696
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2156
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert37.exe C:\Users\Admin\Desktop\monitorinvert37.c && C:\Users\Admin\Desktop\monitorinvert37.exe
  2⤵
  PID:1676
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:1852
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert38.exe C:\Users\Admin\Desktop\monitorinvert38.c && C:\Users\Admin\Desktop\monitorinvert38.exe
  2⤵
  PID:2368
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:1796
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert39.exe C:\Users\Admin\Desktop\monitorinvert39.c && C:\Users\Admin\Desktop\monitorinvert39.exe
  2⤵
  PID:752
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3048
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert40.exe C:\Users\Admin\Desktop\monitorinvert40.c && C:\Users\Admin\Desktop\monitorinvert40.exe
  2⤵
  PID:2104
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:972
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert41.exe C:\Users\Admin\Desktop\monitorinvert41.c && C:\Users\Admin\Desktop\monitorinvert41.exe
  2⤵
  PID:1656
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2024
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert42.exe C:\Users\Admin\Desktop\monitorinvert42.c && C:\Users\Admin\Desktop\monitorinvert42.exe
  2⤵
  PID:2016
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:1476
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert43.exe C:\Users\Admin\Desktop\monitorinvert43.c && C:\Users\Admin\Desktop\monitorinvert43.exe
  2⤵
  PID:948
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:1688
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert44.exe C:\Users\Admin\Desktop\monitorinvert44.c && C:\Users\Admin\Desktop\monitorinvert44.exe
  2⤵
  PID:2912
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2412
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert45.exe C:\Users\Admin\Desktop\monitorinvert45.c && C:\Users\Admin\Desktop\monitorinvert45.exe
  2⤵
  PID:2420
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:1248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert46.exe C:\Users\Admin\Desktop\monitorinvert46.c && C:\Users\Admin\Desktop\monitorinvert46.exe
  2⤵
  PID:1676
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert47.exe C:\Users\Admin\Desktop\monitorinvert47.c && C:\Users\Admin\Desktop\monitorinvert47.exe
  2⤵
  PID:2064
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1704
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert48.exe C:\Users\Admin\Desktop\monitorinvert48.c && C:\Users\Admin\Desktop\monitorinvert48.exe
  2⤵
  PID:2060
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert49.exe C:\Users\Admin\Desktop\monitorinvert49.c && C:\Users\Admin\Desktop\monitorinvert49.exe
  2⤵
  PID:1656
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert50.exe C:\Users\Admin\Desktop\monitorinvert50.c && C:\Users\Admin\Desktop\monitorinvert50.exe
  2⤵
  PID:1520
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2728
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert51.exe C:\Users\Admin\Desktop\monitorinvert51.c && C:\Users\Admin\Desktop\monitorinvert51.exe
  2⤵
  PID:2780
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2500
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert52.exe C:\Users\Admin\Desktop\monitorinvert52.c && C:\Users\Admin\Desktop\monitorinvert52.exe
  2⤵
  PID:1876
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1320
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert53.exe C:\Users\Admin\Desktop\monitorinvert53.c && C:\Users\Admin\Desktop\monitorinvert53.exe
  2⤵
  PID:1928
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:324
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert54.exe C:\Users\Admin\Desktop\monitorinvert54.c && C:\Users\Admin\Desktop\monitorinvert54.exe
  2⤵
  PID:532
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert55.exe C:\Users\Admin\Desktop\monitorinvert55.c && C:\Users\Admin\Desktop\monitorinvert55.exe
  2⤵
  PID:1604
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:2200
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert56.exe C:\Users\Admin\Desktop\monitorinvert56.c && C:\Users\Admin\Desktop\monitorinvert56.exe
  2⤵
  PID:692
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2560
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert57.exe C:\Users\Admin\Desktop\monitorinvert57.c && C:\Users\Admin\Desktop\monitorinvert57.exe
  2⤵
  PID:2864
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1676
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert58.exe C:\Users\Admin\Desktop\monitorinvert58.c && C:\Users\Admin\Desktop\monitorinvert58.exe
  2⤵
  PID:1928
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2912
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert59.exe C:\Users\Admin\Desktop\monitorinvert59.c && C:\Users\Admin\Desktop\monitorinvert59.exe
  2⤵
  PID:2112
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert60.exe C:\Users\Admin\Desktop\monitorinvert60.c && C:\Users\Admin\Desktop\monitorinvert60.exe
  2⤵
  PID:1556
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:2548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert61.exe C:\Users\Admin\Desktop\monitorinvert61.c && C:\Users\Admin\Desktop\monitorinvert61.exe
  2⤵
  PID:2712
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert62.exe C:\Users\Admin\Desktop\monitorinvert62.c && C:\Users\Admin\Desktop\monitorinvert62.exe
  2⤵
  PID:1680
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert63.exe C:\Users\Admin\Desktop\monitorinvert63.c && C:\Users\Admin\Desktop\monitorinvert63.exe
  2⤵
  PID:2328
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:1664
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert64.exe C:\Users\Admin\Desktop\monitorinvert64.c && C:\Users\Admin\Desktop\monitorinvert64.exe
  2⤵
  PID:1520
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2064
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert65.exe C:\Users\Admin\Desktop\monitorinvert65.c && C:\Users\Admin\Desktop\monitorinvert65.exe
  2⤵
  PID:2828
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert66.exe C:\Users\Admin\Desktop\monitorinvert66.c && C:\Users\Admin\Desktop\monitorinvert66.exe
  2⤵
  PID:2988
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2828
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert67.exe C:\Users\Admin\Desktop\monitorinvert67.c && C:\Users\Admin\Desktop\monitorinvert67.exe
  2⤵
  PID:2284
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2836
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert68.exe C:\Users\Admin\Desktop\monitorinvert68.c && C:\Users\Admin\Desktop\monitorinvert68.exe
  2⤵
  PID:1928
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:1504
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert69.exe C:\Users\Admin\Desktop\monitorinvert69.c && C:\Users\Admin\Desktop\monitorinvert69.exe
  2⤵
  PID:1520
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3104
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert70.exe C:\Users\Admin\Desktop\monitorinvert70.c && C:\Users\Admin\Desktop\monitorinvert70.exe
  2⤵
  PID:3120
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3148
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert71.exe C:\Users\Admin\Desktop\monitorinvert71.c && C:\Users\Admin\Desktop\monitorinvert71.exe
  2⤵
  PID:3164
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:3192
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert72.exe C:\Users\Admin\Desktop\monitorinvert72.c && C:\Users\Admin\Desktop\monitorinvert72.exe
  2⤵
  PID:3208
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3260
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert73.exe C:\Users\Admin\Desktop\monitorinvert73.c && C:\Users\Admin\Desktop\monitorinvert73.exe
  2⤵
  PID:3276
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:3312
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert74.exe C:\Users\Admin\Desktop\monitorinvert74.c && C:\Users\Admin\Desktop\monitorinvert74.exe
  2⤵
  PID:3332
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3384
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert75.exe C:\Users\Admin\Desktop\monitorinvert75.c && C:\Users\Admin\Desktop\monitorinvert75.exe
  2⤵
  PID:3408
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3436
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert76.exe C:\Users\Admin\Desktop\monitorinvert76.c && C:\Users\Admin\Desktop\monitorinvert76.exe
  2⤵
  PID:3452
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3480
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert77.exe C:\Users\Admin\Desktop\monitorinvert77.c && C:\Users\Admin\Desktop\monitorinvert77.exe
  2⤵
  PID:3504
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:3556
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert78.exe C:\Users\Admin\Desktop\monitorinvert78.c && C:\Users\Admin\Desktop\monitorinvert78.exe
  2⤵
  PID:3576
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:3628
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert79.exe C:\Users\Admin\Desktop\monitorinvert79.c && C:\Users\Admin\Desktop\monitorinvert79.exe
  2⤵
  PID:3644
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3720
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert80.exe C:\Users\Admin\Desktop\monitorinvert80.c && C:\Users\Admin\Desktop\monitorinvert80.exe
  2⤵
  PID:3736
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3764
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert81.exe C:\Users\Admin\Desktop\monitorinvert81.c && C:\Users\Admin\Desktop\monitorinvert81.exe
  2⤵
  PID:3780
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3808
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert82.exe C:\Users\Admin\Desktop\monitorinvert82.c && C:\Users\Admin\Desktop\monitorinvert82.exe
  2⤵
  PID:3824
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3876
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert83.exe C:\Users\Admin\Desktop\monitorinvert83.c && C:\Users\Admin\Desktop\monitorinvert83.exe
  2⤵
  PID:3892
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3972
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert84.exe C:\Users\Admin\Desktop\monitorinvert84.c && C:\Users\Admin\Desktop\monitorinvert84.exe
  2⤵
  PID:3988
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4052
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert85.exe C:\Users\Admin\Desktop\monitorinvert85.c && C:\Users\Admin\Desktop\monitorinvert85.exe
  2⤵
  PID:4068
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3124
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert86.exe C:\Users\Admin\Desktop\monitorinvert86.c && C:\Users\Admin\Desktop\monitorinvert86.exe
  2⤵
  PID:3128
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3164
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert87.exe C:\Users\Admin\Desktop\monitorinvert87.c && C:\Users\Admin\Desktop\monitorinvert87.exe
  2⤵
  PID:3204
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert88.exe C:\Users\Admin\Desktop\monitorinvert88.c && C:\Users\Admin\Desktop\monitorinvert88.exe
  2⤵
  PID:3328
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3420
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert89.exe C:\Users\Admin\Desktop\monitorinvert89.c && C:\Users\Admin\Desktop\monitorinvert89.exe
  2⤵
  PID:3432
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert90.exe C:\Users\Admin\Desktop\monitorinvert90.c && C:\Users\Admin\Desktop\monitorinvert90.exe
  2⤵
  PID:3540
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert91.exe C:\Users\Admin\Desktop\monitorinvert91.c && C:\Users\Admin\Desktop\monitorinvert91.exe
  2⤵
  PID:3624
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3752
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert92.exe C:\Users\Admin\Desktop\monitorinvert92.c && C:\Users\Admin\Desktop\monitorinvert92.exe
  2⤵
  PID:3772
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3848
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert93.exe C:\Users\Admin\Desktop\monitorinvert93.c && C:\Users\Admin\Desktop\monitorinvert93.exe
  2⤵
  PID:3888
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert94.exe C:\Users\Admin\Desktop\monitorinvert94.c && C:\Users\Admin\Desktop\monitorinvert94.exe
  2⤵
  PID:3892
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4036
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert95.exe C:\Users\Admin\Desktop\monitorinvert95.c && C:\Users\Admin\Desktop\monitorinvert95.exe
  2⤵
  PID:3988
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert96.exe C:\Users\Admin\Desktop\monitorinvert96.c && C:\Users\Admin\Desktop\monitorinvert96.exe
  2⤵
  PID:4072
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3120
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert97.exe C:\Users\Admin\Desktop\monitorinvert97.c && C:\Users\Admin\Desktop\monitorinvert97.exe
  2⤵
  PID:3184
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3212
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert98.exe C:\Users\Admin\Desktop\monitorinvert98.c && C:\Users\Admin\Desktop\monitorinvert98.exe
  2⤵
  PID:3228
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3320
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert99.exe C:\Users\Admin\Desktop\monitorinvert99.c && C:\Users\Admin\Desktop\monitorinvert99.exe
  2⤵
  PID:3380
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3468
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert100.exe C:\Users\Admin\Desktop\monitorinvert100.c && C:\Users\Admin\Desktop\monitorinvert100.exe
  2⤵
  PID:3492
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3580
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert101.exe C:\Users\Admin\Desktop\monitorinvert101.c && C:\Users\Admin\Desktop\monitorinvert101.exe
  2⤵
  PID:3708
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3716
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert102.exe C:\Users\Admin\Desktop\monitorinvert102.c && C:\Users\Admin\Desktop\monitorinvert102.exe
  2⤵
  PID:3756
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3780
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert103.exe C:\Users\Admin\Desktop\monitorinvert103.c && C:\Users\Admin\Desktop\monitorinvert103.exe
  2⤵
  PID:3844
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3888
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert104.exe C:\Users\Admin\Desktop\monitorinvert104.c && C:\Users\Admin\Desktop\monitorinvert104.exe
  2⤵
  PID:3940
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3912
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert105.exe C:\Users\Admin\Desktop\monitorinvert105.c && C:\Users\Admin\Desktop\monitorinvert105.exe
  2⤵
  PID:4044
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3100
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert106.exe C:\Users\Admin\Desktop\monitorinvert106.c && C:\Users\Admin\Desktop\monitorinvert106.exe
  2⤵
  PID:3116
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3144
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert107.exe C:\Users\Admin\Desktop\monitorinvert107.c && C:\Users\Admin\Desktop\monitorinvert107.exe
  2⤵
  PID:3168
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3328
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert108.exe C:\Users\Admin\Desktop\monitorinvert108.c && C:\Users\Admin\Desktop\monitorinvert108.exe
  2⤵
  PID:3456
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3608
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert109.exe C:\Users\Admin\Desktop\monitorinvert109.c && C:\Users\Admin\Desktop\monitorinvert109.exe
  2⤵
  PID:3680
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:3776
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert110.exe C:\Users\Admin\Desktop\monitorinvert110.c && C:\Users\Admin\Desktop\monitorinvert110.exe
  2⤵
  PID:3828
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3892
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert111.exe C:\Users\Admin\Desktop\monitorinvert111.c && C:\Users\Admin\Desktop\monitorinvert111.exe
  2⤵
  PID:4012
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:3296
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert112.exe C:\Users\Admin\Desktop\monitorinvert112.c && C:\Users\Admin\Desktop\monitorinvert112.exe
  2⤵
  PID:3168
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3640
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert113.exe C:\Users\Admin\Desktop\monitorinvert113.c && C:\Users\Admin\Desktop\monitorinvert113.exe
  2⤵
  PID:3740
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3772
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert114.exe C:\Users\Admin\Desktop\monitorinvert114.c && C:\Users\Admin\Desktop\monitorinvert114.exe
  2⤵
  PID:3832
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3992
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert115.exe C:\Users\Admin\Desktop\monitorinvert115.c && C:\Users\Admin\Desktop\monitorinvert115.exe
  2⤵
  PID:4068
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3168
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert116.exe C:\Users\Admin\Desktop\monitorinvert116.c && C:\Users\Admin\Desktop\monitorinvert116.exe
  2⤵
  PID:3712
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:3756
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert117.exe C:\Users\Admin\Desktop\monitorinvert117.c && C:\Users\Admin\Desktop\monitorinvert117.exe
  2⤵
  PID:3908
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4012
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert118.exe C:\Users\Admin\Desktop\monitorinvert118.c && C:\Users\Admin\Desktop\monitorinvert118.exe
  2⤵
  PID:3344
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert119.exe C:\Users\Admin\Desktop\monitorinvert119.c && C:\Users\Admin\Desktop\monitorinvert119.exe
  2⤵
  PID:3988
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3340
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert120.exe C:\Users\Admin\Desktop\monitorinvert120.c && C:\Users\Admin\Desktop\monitorinvert120.exe
  2⤵
  PID:3988
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4064
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert121.exe C:\Users\Admin\Desktop\monitorinvert121.c && C:\Users\Admin\Desktop\monitorinvert121.exe
  2⤵
  PID:3988
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:3908
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert122.exe C:\Users\Admin\Desktop\monitorinvert122.c && C:\Users\Admin\Desktop\monitorinvert122.exe
  2⤵
  PID:3504
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4116
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert123.exe C:\Users\Admin\Desktop\monitorinvert123.c && C:\Users\Admin\Desktop\monitorinvert123.exe
  2⤵
  PID:4132
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4160
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert124.exe C:\Users\Admin\Desktop\monitorinvert124.c && C:\Users\Admin\Desktop\monitorinvert124.exe
  2⤵
  PID:4176
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4204
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert125.exe C:\Users\Admin\Desktop\monitorinvert125.c && C:\Users\Admin\Desktop\monitorinvert125.exe
  2⤵
  PID:4220
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4248
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert126.exe C:\Users\Admin\Desktop\monitorinvert126.c && C:\Users\Admin\Desktop\monitorinvert126.exe
  2⤵
  PID:4264
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4292
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert127.exe C:\Users\Admin\Desktop\monitorinvert127.c && C:\Users\Admin\Desktop\monitorinvert127.exe
  2⤵
  PID:4308
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4368
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert128.exe C:\Users\Admin\Desktop\monitorinvert128.c && C:\Users\Admin\Desktop\monitorinvert128.exe
  2⤵
  PID:4384
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4440
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert129.exe C:\Users\Admin\Desktop\monitorinvert129.c && C:\Users\Admin\Desktop\monitorinvert129.exe
  2⤵
  PID:4460
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4532
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert130.exe C:\Users\Admin\Desktop\monitorinvert130.c && C:\Users\Admin\Desktop\monitorinvert130.exe
  2⤵
  PID:4556
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4604
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert131.exe C:\Users\Admin\Desktop\monitorinvert131.c && C:\Users\Admin\Desktop\monitorinvert131.exe
  2⤵
  PID:4620
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4668
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert132.exe C:\Users\Admin\Desktop\monitorinvert132.c && C:\Users\Admin\Desktop\monitorinvert132.exe
  2⤵
  PID:4684
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4712
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert133.exe C:\Users\Admin\Desktop\monitorinvert133.c && C:\Users\Admin\Desktop\monitorinvert133.exe
  2⤵
  PID:4728
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4796
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert134.exe C:\Users\Admin\Desktop\monitorinvert134.c && C:\Users\Admin\Desktop\monitorinvert134.exe
  2⤵
  PID:4812
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4840
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert135.exe C:\Users\Admin\Desktop\monitorinvert135.c && C:\Users\Admin\Desktop\monitorinvert135.exe
  2⤵
  PID:4856
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4884
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert136.exe C:\Users\Admin\Desktop\monitorinvert136.c && C:\Users\Admin\Desktop\monitorinvert136.exe
  2⤵
  PID:4900
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4928
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert137.exe C:\Users\Admin\Desktop\monitorinvert137.c && C:\Users\Admin\Desktop\monitorinvert137.exe
  2⤵
  PID:4944
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:5008
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert138.exe C:\Users\Admin\Desktop\monitorinvert138.c && C:\Users\Admin\Desktop\monitorinvert138.exe
  2⤵
  PID:5032
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:5084
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert139.exe C:\Users\Admin\Desktop\monitorinvert139.c && C:\Users\Admin\Desktop\monitorinvert139.exe
  2⤵
  PID:5108
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4148
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert140.exe C:\Users\Admin\Desktop\monitorinvert140.c && C:\Users\Admin\Desktop\monitorinvert140.exe
  2⤵
  PID:4172
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4200
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert141.exe C:\Users\Admin\Desktop\monitorinvert141.c && C:\Users\Admin\Desktop\monitorinvert141.exe
  2⤵
  PID:4224
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4300
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert142.exe C:\Users\Admin\Desktop\monitorinvert142.c && C:\Users\Admin\Desktop\monitorinvert142.exe
  2⤵
  PID:4308
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4380
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert143.exe C:\Users\Admin\Desktop\monitorinvert143.c && C:\Users\Admin\Desktop\monitorinvert143.exe
  2⤵
  PID:4412
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4456
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert144.exe C:\Users\Admin\Desktop\monitorinvert144.c && C:\Users\Admin\Desktop\monitorinvert144.exe
  2⤵
  PID:4488
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4524
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert145.exe C:\Users\Admin\Desktop\monitorinvert145.c && C:\Users\Admin\Desktop\monitorinvert145.exe
  2⤵
  PID:4544
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4600
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert146.exe C:\Users\Admin\Desktop\monitorinvert146.c && C:\Users\Admin\Desktop\monitorinvert146.exe
  2⤵
  PID:4628
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4620
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert147.exe C:\Users\Admin\Desktop\monitorinvert147.c && C:\Users\Admin\Desktop\monitorinvert147.exe
  2⤵
  PID:4680
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert148.exe C:\Users\Admin\Desktop\monitorinvert148.c && C:\Users\Admin\Desktop\monitorinvert148.exe
  2⤵
  PID:4744
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4816
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert149.exe C:\Users\Admin\Desktop\monitorinvert149.c && C:\Users\Admin\Desktop\monitorinvert149.exe
  2⤵
  PID:4836
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of FindShellTrayWindow
  PID:4864
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert150.exe C:\Users\Admin\Desktop\monitorinvert150.c && C:\Users\Admin\Desktop\monitorinvert150.exe
  2⤵
  PID:4912
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert151.exe C:\Users\Admin\Desktop\monitorinvert151.c && C:\Users\Admin\Desktop\monitorinvert151.exe
  2⤵
  PID:4996
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:5040
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert152.exe C:\Users\Admin\Desktop\monitorinvert152.c && C:\Users\Admin\Desktop\monitorinvert152.exe
  2⤵
  PID:5104
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:5112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert153.exe C:\Users\Admin\Desktop\monitorinvert153.c && C:\Users\Admin\Desktop\monitorinvert153.exe
  2⤵
  PID:4100
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4172
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert154.exe C:\Users\Admin\Desktop\monitorinvert154.c && C:\Users\Admin\Desktop\monitorinvert154.exe
  2⤵
  PID:4184
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4336
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert155.exe C:\Users\Admin\Desktop\monitorinvert155.c && C:\Users\Admin\Desktop\monitorinvert155.exe
  2⤵
  PID:4320
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4488
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert156.exe C:\Users\Admin\Desktop\monitorinvert156.c && C:\Users\Admin\Desktop\monitorinvert156.exe
  2⤵
  PID:4540
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4584
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert157.exe C:\Users\Admin\Desktop\monitorinvert157.c && C:\Users\Admin\Desktop\monitorinvert157.exe
  2⤵
  PID:4636
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4760
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert158.exe C:\Users\Admin\Desktop\monitorinvert158.c && C:\Users\Admin\Desktop\monitorinvert158.exe
  2⤵
  PID:4804
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4872
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert159.exe C:\Users\Admin\Desktop\monitorinvert159.c && C:\Users\Admin\Desktop\monitorinvert159.exe
  2⤵
  PID:4896
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:5000
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert160.exe C:\Users\Admin\Desktop\monitorinvert160.c && C:\Users\Admin\Desktop\monitorinvert160.exe
  2⤵
  PID:5036
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:5052
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert161.exe C:\Users\Admin\Desktop\monitorinvert161.c && C:\Users\Admin\Desktop\monitorinvert161.exe
  2⤵
  PID:5104
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4100
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert162.exe C:\Users\Admin\Desktop\monitorinvert162.c && C:\Users\Admin\Desktop\monitorinvert162.exe
  2⤵
  PID:4212
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4460
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert163.exe C:\Users\Admin\Desktop\monitorinvert163.c && C:\Users\Admin\Desktop\monitorinvert163.exe
  2⤵
  PID:4400
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4580
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert164.exe C:\Users\Admin\Desktop\monitorinvert164.c && C:\Users\Admin\Desktop\monitorinvert164.exe
  2⤵
  PID:4612
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4688
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert165.exe C:\Users\Admin\Desktop\monitorinvert165.c && C:\Users\Admin\Desktop\monitorinvert165.exe
  2⤵
  PID:4684
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4940
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert166.exe C:\Users\Admin\Desktop\monitorinvert166.c && C:\Users\Admin\Desktop\monitorinvert166.exe
  2⤵
  PID:4880
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4812
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert167.exe C:\Users\Admin\Desktop\monitorinvert167.c && C:\Users\Admin\Desktop\monitorinvert167.exe
  2⤵
  PID:4360
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert168.exe C:\Users\Admin\Desktop\monitorinvert168.c && C:\Users\Admin\Desktop\monitorinvert168.exe
  2⤵
  PID:4192
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4808
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert169.exe C:\Users\Admin\Desktop\monitorinvert169.c && C:\Users\Admin\Desktop\monitorinvert169.exe
  2⤵
  PID:4892
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4784
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert170.exe C:\Users\Admin\Desktop\monitorinvert170.c && C:\Users\Admin\Desktop\monitorinvert170.exe
  2⤵
  PID:4912
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:5072
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert171.exe C:\Users\Admin\Desktop\monitorinvert171.c && C:\Users\Admin\Desktop\monitorinvert171.exe
  2⤵
  PID:5036
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4276
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert172.exe C:\Users\Admin\Desktop\monitorinvert172.c && C:\Users\Admin\Desktop\monitorinvert172.exe
  2⤵
  PID:740
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:5088
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert173.exe C:\Users\Admin\Desktop\monitorinvert173.c && C:\Users\Admin\Desktop\monitorinvert173.exe
  2⤵
  PID:4348
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert174.exe C:\Users\Admin\Desktop\monitorinvert174.c && C:\Users\Admin\Desktop\monitorinvert174.exe
  2⤵
  PID:4544
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4648
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert175.exe C:\Users\Admin\Desktop\monitorinvert175.c && C:\Users\Admin\Desktop\monitorinvert175.exe
  2⤵
  PID:4696
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4448
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert176.exe C:\Users\Admin\Desktop\monitorinvert176.c && C:\Users\Admin\Desktop\monitorinvert176.exe
  2⤵
  PID:4336
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4832
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert177.exe C:\Users\Admin\Desktop\monitorinvert177.c && C:\Users\Admin\Desktop\monitorinvert177.exe
  2⤵
  PID:4740
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:5020
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert178.exe C:\Users\Admin\Desktop\monitorinvert178.c && C:\Users\Admin\Desktop\monitorinvert178.exe
  2⤵
  PID:5032
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4260
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert179.exe C:\Users\Admin\Desktop\monitorinvert179.c && C:\Users\Admin\Desktop\monitorinvert179.exe
  2⤵
  PID:2932
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4404
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert180.exe C:\Users\Admin\Desktop\monitorinvert180.c && C:\Users\Admin\Desktop\monitorinvert180.exe
  2⤵
  PID:4240
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4544
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert181.exe C:\Users\Admin\Desktop\monitorinvert181.c && C:\Users\Admin\Desktop\monitorinvert181.exe
  2⤵
  PID:4272
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4936
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert182.exe C:\Users\Admin\Desktop\monitorinvert182.c && C:\Users\Admin\Desktop\monitorinvert182.exe
  2⤵
  PID:4956
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4968
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert183.exe C:\Users\Admin\Desktop\monitorinvert183.c && C:\Users\Admin\Desktop\monitorinvert183.exe
  2⤵
  PID:4792
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4176
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert184.exe C:\Users\Admin\Desktop\monitorinvert184.c && C:\Users\Admin\Desktop\monitorinvert184.exe
  2⤵
  PID:740
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2980
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert185.exe C:\Users\Admin\Desktop\monitorinvert185.c && C:\Users\Admin\Desktop\monitorinvert185.exe
  2⤵
  PID:4560
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4684
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert186.exe C:\Users\Admin\Desktop\monitorinvert186.c && C:\Users\Admin\Desktop\monitorinvert186.exe
  2⤵
  PID:2228
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4920
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert187.exe C:\Users\Admin\Desktop\monitorinvert187.c && C:\Users\Admin\Desktop\monitorinvert187.exe
  2⤵
  PID:4956
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:2804
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert188.exe C:\Users\Admin\Desktop\monitorinvert188.c && C:\Users\Admin\Desktop\monitorinvert188.exe
  2⤵
  PID:3504
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert189.exe C:\Users\Admin\Desktop\monitorinvert189.c && C:\Users\Admin\Desktop\monitorinvert189.exe
  2⤵
  PID:4908
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1944
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert190.exe C:\Users\Admin\Desktop\monitorinvert190.c && C:\Users\Admin\Desktop\monitorinvert190.exe
  2⤵
  PID:4728
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4956
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert191.exe C:\Users\Admin\Desktop\monitorinvert191.c && C:\Users\Admin\Desktop\monitorinvert191.exe
  2⤵
  PID:4896
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:3504
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert192.exe C:\Users\Admin\Desktop\monitorinvert192.c && C:\Users\Admin\Desktop\monitorinvert192.exe
  2⤵
  PID:4700
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:4916
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert193.exe C:\Users\Admin\Desktop\monitorinvert193.c && C:\Users\Admin\Desktop\monitorinvert193.exe
  2⤵
  PID:4776
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:1548
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert194.exe C:\Users\Admin\Desktop\monitorinvert194.c && C:\Users\Admin\Desktop\monitorinvert194.exe
  2⤵
  PID:4744
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:4388
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert195.exe C:\Users\Admin\Desktop\monitorinvert195.c && C:\Users\Admin\Desktop\monitorinvert195.exe
  2⤵
  PID:4700
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  PID:4692
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert196.exe C:\Users\Admin\Desktop\monitorinvert196.c && C:\Users\Admin\Desktop\monitorinvert196.exe
  2⤵
  PID:1716
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:5164
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert197.exe C:\Users\Admin\Desktop\monitorinvert197.c && C:\Users\Admin\Desktop\monitorinvert197.exe
  2⤵
  PID:5188
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:5252
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert198.exe C:\Users\Admin\Desktop\monitorinvert198.c && C:\Users\Admin\Desktop\monitorinvert198.exe
  2⤵
  PID:5268
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:5332
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c gcc -o C:\Users\Admin\Desktop\monitorinvert199.exe C:\Users\Admin\Desktop\monitorinvert199.c && C:\Users\Admin\Desktop\monitorinvert199.exe
  2⤵
  PID:5352
- C:\Windows\System32\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  PID:5416

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1569981218-26914337-1242694374281945927-1765961452-437655326-284156236424760599"
1⤵
PID:2284

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1561150327-1942901108-1981643872316174184297476927-1242307143-2469537351745703459"
1⤵
PID:3828

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1126548524-2082591465-9396467934002142521490950145-881720063-2038645397-182304064"
1⤵
PID:3624

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-414040717-12818084371688785796-424863018-17906630991625966048-175579955665748434"
1⤵
PID:3344

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2114266080-172371913020078652031469620663-2071982581743363739-919282507492292187"
1⤵
PID:3988

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-2076016079-6372437593606997161920932800-387133731-1272712424681292861961779253"
1⤵
PID:4132

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1482746081-2060181980-10392870502091065674022613-1323484760-1586593097-1261068587"
1⤵
PID:4628

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-37657441511661669432127532232-17270713591406477687421142072-865863042-1480451403"
1⤵
PID:4220

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-188494546914602366-1003050561-1805299654-1032123495-7006586126591570641532934008"
1⤵
PID:4412

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1272872223611783599664186146-9685180341573507917-47615485216744049531325117060"
1⤵
PID:4792

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "687689704-259513764-1162738652-1079525473-202989125921144766561320193737-1536309559"
1⤵
PID:4700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\monitorinvert5.c

Filesize
360B

MD5
35f471e11ba09bfc6a170e9a330deb02

SHA1
fbe4ed700d64c1ee4c9772c5b0a4b2eeeb50d142

SHA256
98fb0fd77d984fbac74c06dd264dd1a345185a85364358b0193198784db4368a

SHA512
6e6ff53d3611e58460a3c663e2bb37948eea10ba0ac44844d01658f5e934bb60fa6e4959e292a9986275473c02805e7d4821be8f57015bf8aea92dccc276c009

Download Submit
memory/372-86-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/372-63-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/372-64-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/552-13-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/552-14-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/604-24-0x0000000001D00000-0x0000000001D01000-memory.dmp

Filesize
4KB

Download
memory/604-23-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/876-71-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/876-73-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/892-57-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/892-38-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/892-36-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/972-98-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/972-101-0x0000000001D00000-0x0000000001D01000-memory.dmp

Filesize
4KB

Download
memory/1388-33-0x0000000001BF0000-0x0000000001BF1000-memory.dmp

Filesize
4KB

Download
memory/1388-32-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1476-104-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1476-103-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1484-62-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/1484-40-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1484-43-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/1588-79-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1588-81-0x0000000001BF0000-0x0000000001BF1000-memory.dmp

Filesize
4KB

Download
memory/1588-100-0x0000000001BF0000-0x0000000001BF1000-memory.dmp

Filesize
4KB

Download
memory/1688-106-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1728-21-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/1728-42-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/1728-20-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1796-95-0x0000000000420000-0x0000000000421000-memory.dmp

Filesize
4KB

Download
memory/1796-94-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1800-52-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1800-53-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/1800-76-0x00000000021B0000-0x00000000021B1000-memory.dmp

Filesize
4KB

Download
memory/1852-91-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/1852-93-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2000-46-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/2000-45-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2044-80-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/2044-58-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/2044-56-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2144-6-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2144-12-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/2188-67-0x00000000004D0000-0x00000000004D1000-memory.dmp

Filesize
4KB

Download
memory/2188-66-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2236-75-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2236-77-0x0000000001C00000-0x0000000001C01000-memory.dmp

Filesize
4KB

Download
memory/2552-7-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2552-28-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2552-11-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2576-49-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2576-50-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2576-72-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2640-83-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2640-84-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/2648-17-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2648-19-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2648-37-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2676-10-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/2676-8-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2708-88-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/2708-87-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/2708-107-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download
memory/3040-29-0x000007FEF6F30000-0x000007FEF6F7C000-memory.dmp

Filesize
304KB

Download
memory/3040-31-0x0000000001D70000-0x0000000001D71000-memory.dmp

Filesize
4KB

Download