6c03dd397a24b63b385c8e1b1b58e4ca6e07f8c8fb51e7b501bc9d45c6f70227

Analysis

max time kernel
4s
max time network
149s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

347c10a1498cc6e759e828d2992b52b7.exe
Size

43KB
MD5

347c10a1498cc6e759e828d2992b52b7
SHA1

d2cbc6b4d0ea37d4a733968188431715ccee23cf
SHA256

6c03dd397a24b63b385c8e1b1b58e4ca6e07f8c8fb51e7b501bc9d45c6f70227
SHA512

dc76b730c4df5b0a91f3b90fda3086c236d2405a4b79cb1ef79987345bc5665409e8de1b4e621019b8c6859ce5d30a42c6c2aa8d665805a6acf2feffedf7a5f2
SSDEEP

768:kraYE/omnoZ0d6QFYCuMsWu4EmlayA10wR7Atoqzdf0uE+quxaAnrpod:krajWS6PUDnA10wNA3dzE+qTi6d

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1376	minh.exe
2328	minh.exe
2348	minh.exe
2336	minh.exe
2600	minh.exe
2664	minh.exe
2728	minh.exe
2560	minh.exe
3052	minh.exe
2776	minh.exe
2752	minh.exe
2484	minh.exe
2624	minh.exe
2456	minh.exe
2488	minh.exe
2000	minh.exe
2968	minh.exe
2396	minh.exe
1900	minh.exe
2712	minh.exe
2516	minh.exe
1944	minh.exe
1920	minh.exe
1936	minh.exe
2692	minh.exe
1184	minh.exe
1644	minh.exe
1808	minh.exe
1764	minh.exe
2104	minh.exe
2940	minh.exe
1244	minh.exe
816	minh.exe
2268	minh.exe
1436	minh.exe
2056	minh.exe
1776	minh.exe
384	minh.exe
324	minh.exe
1576	minh.exe
300	minh.exe
1416	minh.exe
2856	minh.exe
2552	minh.exe
1760	minh.exe
2428	minh.exe
1816	minh.exe
1344	minh.exe
1032	minh.exe
864	minh.exe
1984	minh.exe
1268	minh.exe
1488	minh.exe
1796	minh.exe
1536	minh.exe
1096	minh.exe
1612	minh.exe
272	minh.exe
2144	minh.exe
1316	minh.exe
912	minh.exe
564	minh.exe
3020	minh.exe
3056	minh.exe

Loads dropped DLL 64 IoCs

pid	Process
2232	347c10a1498cc6e759e828d2992b52b7.exe
2232	347c10a1498cc6e759e828d2992b52b7.exe
1376	minh.exe
1376	minh.exe
2328	minh.exe
2328	minh.exe
2348	minh.exe
2348	minh.exe
2336	minh.exe
2336	minh.exe
2600	minh.exe
2600	minh.exe
2664	minh.exe
2664	minh.exe
2728	minh.exe
2728	minh.exe
2560	minh.exe
2560	minh.exe
3052	minh.exe
3052	minh.exe
2776	minh.exe
2776	minh.exe
2752	minh.exe
2752	minh.exe
2484	minh.exe
2484	minh.exe
2624	minh.exe
2624	minh.exe
2456	minh.exe
2456	minh.exe
2488	minh.exe
2488	minh.exe
2000	minh.exe
2000	minh.exe
2968	minh.exe
2968	minh.exe
2396	minh.exe
2396	minh.exe
1900	minh.exe
1900	minh.exe
2712	minh.exe
2712	minh.exe
2516	minh.exe
2516	minh.exe
1944	minh.exe
1944	minh.exe
1920	minh.exe
1920	minh.exe
1936	minh.exe
1936	minh.exe
2692	minh.exe
2692	minh.exe
1184	minh.exe
1184	minh.exe
1644	minh.exe
1644	minh.exe
1808	minh.exe
1808	minh.exe
1764	minh.exe
1764	minh.exe
2104	minh.exe
2104	minh.exe
2940	minh.exe
2940	minh.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\minh = "C:\\Windows\\system32\\minh.exe"	minh.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies WinLogon 2 TTPs 64 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Shutdown = "WLEShutdown"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Shutdown = "WLEShutdown"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Impersonate = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Unlock = "WLEUnlock"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Impersonate = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Startup = "WLEStartup"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Unlock = "WLEUnlock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Shutdown = "WLEShutdown"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Impersonate = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Asynchronous = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Impersonate = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StopScreenSaver = "WLEStopScreenSaver"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Startup = "WLEStartup"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Startup = "WLEStartup"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Shutdown = "WLEShutdown"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Logoff = "WLELogoff"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Startup = "WLEStartup"	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Impersonate = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	347c10a1498cc6e759e828d2992b52b7.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Asynchronous = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StopScreenSaver = "WLEStopScreenSaver"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StopScreenSaver = "WLEStopScreenSaver"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Shutdown = "WLEShutdown"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StopScreenSaver = "WLEStopScreenSaver"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\DllName = "minh.dll"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Lock = "WLELock"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Shutdown = "WLEShutdown"	minh.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Asynchronous = "0"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StopScreenSaver = "WLEStopScreenSaver"	347c10a1498cc6e759e828d2992b52b7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StartScreenSaver = "WLEStartScreenSaver"	minh.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\StopScreenSaver = "WLEStopScreenSaver"	minh.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\minh\Asynchronous = "0"	minh.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe
File created	C:\Windows\SysWOW64\minh.exe	minh.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1376	2232	347c10a1498cc6e759e828d2992b52b7.exe	212
PID 2232 wrote to memory of 1376	2232	347c10a1498cc6e759e828d2992b52b7.exe	212
PID 2232 wrote to memory of 1376	2232	347c10a1498cc6e759e828d2992b52b7.exe	212
PID 2232 wrote to memory of 1376	2232	347c10a1498cc6e759e828d2992b52b7.exe	212
PID 1376 wrote to memory of 2328	1376	minh.exe	211
PID 1376 wrote to memory of 2328	1376	minh.exe	211
PID 1376 wrote to memory of 2328	1376	minh.exe	211
PID 1376 wrote to memory of 2328	1376	minh.exe	211
PID 2328 wrote to memory of 2348	2328	minh.exe	210
PID 2328 wrote to memory of 2348	2328	minh.exe	210
PID 2328 wrote to memory of 2348	2328	minh.exe	210
PID 2328 wrote to memory of 2348	2328	minh.exe	210
PID 2348 wrote to memory of 2336	2348	minh.exe	209
PID 2348 wrote to memory of 2336	2348	minh.exe	209
PID 2348 wrote to memory of 2336	2348	minh.exe	209
PID 2348 wrote to memory of 2336	2348	minh.exe	209
PID 2336 wrote to memory of 2600	2336	minh.exe	208
PID 2336 wrote to memory of 2600	2336	minh.exe	208
PID 2336 wrote to memory of 2600	2336	minh.exe	208
PID 2336 wrote to memory of 2600	2336	minh.exe	208
PID 2600 wrote to memory of 2664	2600	minh.exe	16
PID 2600 wrote to memory of 2664	2600	minh.exe	16
PID 2600 wrote to memory of 2664	2600	minh.exe	16
PID 2600 wrote to memory of 2664	2600	minh.exe	16
PID 2664 wrote to memory of 2728	2664	minh.exe	207
PID 2664 wrote to memory of 2728	2664	minh.exe	207
PID 2664 wrote to memory of 2728	2664	minh.exe	207
PID 2664 wrote to memory of 2728	2664	minh.exe	207
PID 2728 wrote to memory of 2560	2728	minh.exe	206
PID 2728 wrote to memory of 2560	2728	minh.exe	206
PID 2728 wrote to memory of 2560	2728	minh.exe	206
PID 2728 wrote to memory of 2560	2728	minh.exe	206
PID 2560 wrote to memory of 3052	2560	minh.exe	205
PID 2560 wrote to memory of 3052	2560	minh.exe	205
PID 2560 wrote to memory of 3052	2560	minh.exe	205
PID 2560 wrote to memory of 3052	2560	minh.exe	205
PID 3052 wrote to memory of 2776	3052	minh.exe	204
PID 3052 wrote to memory of 2776	3052	minh.exe	204
PID 3052 wrote to memory of 2776	3052	minh.exe	204
PID 3052 wrote to memory of 2776	3052	minh.exe	204
PID 2776 wrote to memory of 2752	2776	minh.exe	203
PID 2776 wrote to memory of 2752	2776	minh.exe	203
PID 2776 wrote to memory of 2752	2776	minh.exe	203
PID 2776 wrote to memory of 2752	2776	minh.exe	203
PID 2752 wrote to memory of 2484	2752	minh.exe	202
PID 2752 wrote to memory of 2484	2752	minh.exe	202
PID 2752 wrote to memory of 2484	2752	minh.exe	202
PID 2752 wrote to memory of 2484	2752	minh.exe	202
PID 2484 wrote to memory of 2624	2484	minh.exe	201
PID 2484 wrote to memory of 2624	2484	minh.exe	201
PID 2484 wrote to memory of 2624	2484	minh.exe	201
PID 2484 wrote to memory of 2624	2484	minh.exe	201
PID 2624 wrote to memory of 2456	2624	minh.exe	200
PID 2624 wrote to memory of 2456	2624	minh.exe	200
PID 2624 wrote to memory of 2456	2624	minh.exe	200
PID 2624 wrote to memory of 2456	2624	minh.exe	200
PID 2456 wrote to memory of 2488	2456	minh.exe	199
PID 2456 wrote to memory of 2488	2456	minh.exe	199
PID 2456 wrote to memory of 2488	2456	minh.exe	199
PID 2456 wrote to memory of 2488	2456	minh.exe	199
PID 2488 wrote to memory of 2000	2488	minh.exe	198
PID 2488 wrote to memory of 2000	2488	minh.exe	198
PID 2488 wrote to memory of 2000	2488	minh.exe	198
PID 2488 wrote to memory of 2000	2488	minh.exe	198

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2728

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1920
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Modifies WinLogon
  PID:1936

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1644
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1808

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
PID:2104
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:2940

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1764

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
PID:1184

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2692

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Modifies WinLogon
- Drops file in System32 directory
PID:2268
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  PID:1436

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Modifies WinLogon
PID:1576
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:300

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:2552
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Modifies WinLogon
  PID:1760

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:1344
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  PID:1032

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1268
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Modifies WinLogon
  PID:1488

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1536
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  - Modifies WinLogon
  PID:1096

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Modifies WinLogon
PID:1796

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:1984

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:1316
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Executes dropped EXE
  PID:912

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3056
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  - Drops file in System32 directory
  PID:2992

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3004
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:404

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:2168
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:472

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:1592
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  - Modifies WinLogon
  PID:1752

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:2388
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:2548
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    - Adds Run key to start application
    PID:2656

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2320

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2796

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2572
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:2668

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2528
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:2800

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2820
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:2832

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3104
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3124

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:3160
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3184

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3236
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:3256

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3288
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3304
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:3320

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
PID:3272

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:3220

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3368
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:3388

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:3440
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3460

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:3488
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3504

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3552
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:3568

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3596
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3612

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:3644
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3664

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3696
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3712

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Modifies WinLogon
PID:3728
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3748

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3780
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:3796

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3816
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:3832

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3868
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:3884

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3900
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:3916

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3948
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  PID:3968

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4000
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4012

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:4052
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4064

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4036

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3984

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3932

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4100
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:4116

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4132
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  PID:4144

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4176
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:4196

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:4212
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4228

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4264
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4280

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4312
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4328
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    - Adds Run key to start application
    PID:4344

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:4380
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:4396

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:4412
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4428

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4360

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4456
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:4472

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4488
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:4504

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Modifies WinLogon
PID:4536
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4548

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4564
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:4580

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4616
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4628

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4660
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:4676

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:4692
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4708

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4724
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:4744
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:4764

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Modifies WinLogon
PID:4644

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4596

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4520

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4440

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4292

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4244

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:4160

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4080

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:3852

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:3764

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3680

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:3628

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:3580

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3536

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3516

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3472

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:3424

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3404

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3356

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:3336

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3200

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3144

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:3092

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:3080

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2504

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:2052

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:2036

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:2480

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:2884

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:2672

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2224

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:640

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:1952

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2200

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:944

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:2192

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:1692

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Modifies WinLogon
PID:2948

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:3020

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:564

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:2144

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:272

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:1612

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Modifies WinLogon
PID:864

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1816

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Modifies WinLogon
PID:2428

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Modifies WinLogon
PID:2856

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:1416

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:324

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:384

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1776

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2056

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:816

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
PID:1244

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1944

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
PID:2516

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2712

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:1900

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2396

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2968

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
PID:2000

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2488

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2456

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2624

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2484

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2752

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2776

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3052

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2560

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2600

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2336

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
- Suspicious use of WriteProcessMemory
PID:2348

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2328

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1376

C:\Users\Admin\AppData\Local\Temp\347c10a1498cc6e759e828d2992b52b7.exe
"C:\Users\Admin\AppData\Local\Temp\347c10a1498cc6e759e828d2992b52b7.exe"
1⤵
- Loads dropped DLL
- Modifies WinLogon
- Suspicious use of WriteProcessMemory
PID:2232

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:4792
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:4808

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:4840
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4856

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4888
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  - Modifies WinLogon
  PID:4904

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Modifies WinLogon
PID:4920
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:4936

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:4968
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:4980

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5008
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:5024
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    - Drops file in System32 directory
    PID:5044
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:5060
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        Adds Run key to start application
        
        PID:5080
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        Adds Run key to start application
        Modifies WinLogon
        Drops file in System32 directory
        
        PID:5100
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:5124

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4992

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4952

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4872

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:4824

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:4776

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:5140
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:5156

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:5184
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:5200

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
- Drops file in System32 directory
PID:5244
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:5260

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:5292
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:5304

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5320
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  PID:5336

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5360
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:5376
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:5392
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:5412
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        Drops file in System32 directory
        
        PID:5428
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:5448

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:5348

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
- Modifies WinLogon
PID:5276

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:5232

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:5216

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5172

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5464
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:5480

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:5512
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:5532

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:5548
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:5564

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5580
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:5596

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5632
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:5644

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:5660
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:5676

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
PID:5704
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:5720

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5752
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  PID:5768

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:5784
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:5800

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:5812
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:5828

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Adds Run key to start application
PID:5844
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Drops file in System32 directory
  PID:5860

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5908
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:5924

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5936
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  PID:5956

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:5988
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Adds Run key to start application
  PID:6000

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6032
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6048

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6080
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  - Modifies WinLogon
  PID:6096

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:6112
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6128

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6180
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6196

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6228
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6244

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6260
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6276

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6212

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6308
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6324

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6356
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6372
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:6396

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6412
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6432

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6452
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6468

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6500
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6516

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6548
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6564

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6592
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6608
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:6624

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6580

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6648
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6664

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6684
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6696

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6744
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6760

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6776
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6792

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6824
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6840

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6872
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6892

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6924
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6940

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6956
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:6972
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:6988

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6908

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7020
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7036

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7068
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7084

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7100
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7120

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7152
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7164

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:1540
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7180

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7212
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7232

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7248
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7264
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:7280

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7196

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7296
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7312

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7328
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7348

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7360
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7380

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7396
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7412

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7448
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7464
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:7484

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7504
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7520
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:7540
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:7552

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7428

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:1524

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7132

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7052

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7004

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6856

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6808

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6728

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6712

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6636

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6532

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6484

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6340

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6292

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6164

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6148

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6064

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:6016

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5972

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Modifies WinLogon
- Drops file in System32 directory
PID:5892

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:5876

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:5736

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:5688

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
- Drops file in System32 directory
PID:5616

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:5496

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7568
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7584

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7604
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7620

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7640
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7656

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7672
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7688

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7700
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7716
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:7732
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:7752
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:7772

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7784
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7800

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7820
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7832

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7852
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7868
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:7884

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7912
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7928

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7896

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7944
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7960

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:7972
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:7992

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8004
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8020

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8036
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8052

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8072
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8088

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8100
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8116

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8132
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8148

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8164
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8184
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:8204
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:8220

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8232
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8252

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8264
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8280

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8312
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8328

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8344
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8356

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8372
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8388

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8408
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8424
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:8448

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8296

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8464
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8480

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8508
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8524

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8556
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8572

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8584
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8600

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8628
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8644

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8656
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8672
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:8688

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8616

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8540

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8496

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8720
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8736

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8752
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8768

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8800
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8812

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8860
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8880

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8892
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8908

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8928
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8944

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8972
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:8988
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:9008
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:9028

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8960

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8844

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8828

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8784

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:8704

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9060
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9076
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:9096

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9112
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9132

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9164
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9176

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9192
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9208

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9236
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9252

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9268
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9280
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:9296

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9220

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9148

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9044

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9312
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9328

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9360
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9376

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9392
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9408

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9428
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9444

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9464
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9480

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9508
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9524

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9540
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9556

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9496

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9344

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9576
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9592

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9608
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9624

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9640
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9660

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9676
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9692

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9708
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9724
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:9740
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:9760
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:9780
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:9800

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9816
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9832

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9848
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9864

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9880
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9896

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9908
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9924

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9936
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9952
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:9964

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9980
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:9996

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10012
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10028

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10044
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10060

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10080
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10092

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10112
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10128
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:10144

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10156
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10176
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:10192

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10208
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10224

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:9456
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10256

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10276
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10292

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10304
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10324

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10340
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10356

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10368
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10384

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10400
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10416
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:10436

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10448
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10472
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:10488

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10504
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10516

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10536
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10548

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10568
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10580

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10596
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10612

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10628
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10640

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10652
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10668

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10684
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10700

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10716
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10728

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10744
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10764

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10776
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10796

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10812
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10828

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10844
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10860
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:10880
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:10896

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10916
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10932

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10948
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10964

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:10980
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:10996

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11012
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11028

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11060
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11072

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11088
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11108

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11124
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11140

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11156
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11172
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11188
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:11204

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11044

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11220
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11240
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11256

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11276
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11288

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11308
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11324
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11340

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11356
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11372

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11384
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11400

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11416
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11428

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11444
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11464
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11480

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11496
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11516

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11532
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11548
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11564

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11580
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11596

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11608
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11624

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11636
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11656

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11668
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11684

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11700
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11720
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11736

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11752
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11768
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11784

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11800
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11816

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11832
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11848

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11880
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11900
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:11912
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:11928

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11864

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11944
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11960

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:11976
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11992

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12004
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12024

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12040
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12056
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12076

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12092
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12108

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12124
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12140

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12156
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12172

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12188
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12204

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12220
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12236
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12252
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:12268
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:11104
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:12312

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12332
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12348
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12364

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12380
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12396

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12408
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12424

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12440
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12452

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12468
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12484
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12500

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12516
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12536
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12556
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:12572

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12588
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12604

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12620
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12640
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12656

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12672
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12684
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12704
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:12720
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:12740
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:12776

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12792
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12804

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12820
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12836
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:12852

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12864
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12880

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12892
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12908

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12920
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12936

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12948
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:12968

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:12984
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13000
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13012

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13028
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13048
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13060

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13080
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13104
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13120
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:13140
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:13156

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13168
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13192
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13208

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13220
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13232

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13248
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13264
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13284

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13296
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:11892
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13324
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:13336

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13356
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13368

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13384
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13404
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13424
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:13444

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13456
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13472

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13488
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13504
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13524

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13544
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13568
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13584
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:13604
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:13620

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13640
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13652

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13664
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13676
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13696
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:13712

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13728
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13744

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13756
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13776

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13788
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13800

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13816
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13828

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13840
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13852
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:13872
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:13896
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:13916

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13944
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13960

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13976
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:13996

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14008
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14028
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14040

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:13928

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14052
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14072
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14092

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14112
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14124

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14140
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14156
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14168
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:14184
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:14208
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:14224
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:14240

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14260
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14272
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14288

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14300
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14316
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14332
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:13868
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:14360
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:14380
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:14396

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14412
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14424
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14436
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:14460
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:14476
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:14488

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14504
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14520

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14536
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14552
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14564
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:14588
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:14612
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:14632
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:14648
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:14660
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        9⤵
        
        PID:14676
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        10⤵
        
        PID:14692
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        11⤵
        
        PID:14708
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        12⤵
        
        PID:14720

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14736
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14748

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14764
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14776
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14792
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:14808
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:14828
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:14848

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14864
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14880

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14892
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:14904
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:14920
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:14940
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:14968
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:14984
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:15000

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15016
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15028
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15044

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15068
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15080
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15100
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:15120
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:15140
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:15168
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:15180
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:15192
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        9⤵
        
        PID:15212
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        10⤵
        
        PID:15224

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15056

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15240
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15252
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15268
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:15284
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:15304
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:15324
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:15340

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:14456
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15364
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15376

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15392
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15408

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15420
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15432
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15448
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:15464
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:15484
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:15504

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15520
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15540

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15552
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15568
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15580
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:15624
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:15640
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:15652
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:15664

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15676
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15688
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15700
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:15716
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:15728
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:15744

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15756
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15772
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15792

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15808
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15828
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15844
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:15860
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:15876
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:15896
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:15912
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:15928

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15944
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:15956
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:15972

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:15988
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16000

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16016
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16032
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16044
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:16060

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16080
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16096
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16116
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:16132

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16148
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16164
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16176
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:16200
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:16216
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:16232
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:16248

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16264
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16284
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16296

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16312
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16324
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16348
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:16364
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:16380
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:16392
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:16408

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16424
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16448
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16464
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:16480
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:16496
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:16508
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:16524
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:16540
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        9⤵
        
        PID:16556
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        10⤵
        
        PID:16572
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        11⤵
        
        PID:16588
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        12⤵
        
        PID:16604
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        13⤵
        
        PID:16620
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        14⤵
        
        PID:16632

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16648
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16664
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16684
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:16700
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:16716
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:16736
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:16756
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:16784

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16796
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16808
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16824
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:16836
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:16848
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:16860
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:16876

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16892
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16904

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16920
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16936
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16948

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:16964
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:16984
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:16996
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:17016
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:17040
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:17060
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:17076
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:17096
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        9⤵
        
        PID:17108
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        10⤵
        
        PID:17128
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        11⤵
        
        PID:17148
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        12⤵
        
        PID:17164
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        13⤵
        
        PID:17180
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        14⤵
        
        PID:17196
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        15⤵
        
        PID:17208

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:17220
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:17236
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:17248
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:17264
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:17280
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:17296

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:17312
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:17328
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:17340
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:17356
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:17400
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:17120
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:17420
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:17432
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        9⤵
        
        PID:17444

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:17460
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:17476
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:17492
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:17508
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:17524
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:17540
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:17552
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:17568
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        9⤵
        
        PID:17584
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        10⤵
        
        PID:17604
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        11⤵
        
        PID:17620
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        12⤵
        
        PID:17640
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        13⤵
        
        PID:17652

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:17668
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:17680
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:17692
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:17712
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:17724
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:17740

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:17756
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:17776
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:17792
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:17808
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:17824
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:17844
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:17860

C:\Windows\SysWOW64\minh.exe
C:\Windows\system32\minh.exe
1⤵
PID:17876
- C:\Windows\SysWOW64\minh.exe
  C:\Windows\system32\minh.exe
  2⤵
  PID:17888
- - C:\Windows\SysWOW64\minh.exe
    C:\Windows\system32\minh.exe
    3⤵
    PID:17904
  - - C:\Windows\SysWOW64\minh.exe
      C:\Windows\system32\minh.exe
      4⤵
      PID:17924
    - - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        5⤵
        
        PID:17940
      - C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        6⤵
        
        PID:17960
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        7⤵
        
        PID:17972
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        8⤵
        
        PID:17992
        
        C:\Windows\SysWOW64\minh.exe
        
        C:\Windows\system32\minh.exe
        9⤵
        
        PID:18004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\minh.exe

Filesize
29KB

MD5
2fbbedace0adc6650b0561ae2cc6f546

SHA1
eb9d4cd7f6f4f925e5448297bf3b3f0b34b21f40

SHA256
4889bc96e3346f0f7c516f89ca6777c7b72f055e804ca92fb17fe57acf390f3b

SHA512
1ba0f4ca01c9c09ca9a1897e469af21829f4a78c826e94b2ee9b989b21eb9167ea4ab4ba905379a08d9d77d289cf220449b107f7662522cb6efec06954a2678a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads