Malware Analysis Report

2024-11-13 14:55

Sample ID 220718-fa5dbaafek
Target SecuriteInfo.com.W32.AIDetect.malware2.21162.19131
SHA256 24c617f6c994a7a2f8520020365669fbd3cf5535f893118cefc39401394c2e15
Tags
kutaki wannacry discovery evasion persistence ransomware spyware stealer trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24c617f6c994a7a2f8520020365669fbd3cf5535f893118cefc39401394c2e15

Threat Level: Known bad

The file SecuriteInfo.com.W32.AIDetect.malware2.21162.19131 was found to be: Known bad.

Malicious Activity Summary

kutaki wannacry discovery evasion persistence ransomware spyware stealer trojan worm

Wannacry

Kutaki family

Kutaki Executable

Modifies system executable filetype association

Looks for VirtualBox Guest Additions in registry

Modifies extensions of user files

Registers COM server for autorun

Looks for VMWare Tools registry key

Creates new service(s)

Contacts a large (551) amount of remote hosts

Drops file in Drivers directory

Executes dropped EXE

Downloads MZ/PE file

Drops startup file

Checks BIOS information in registry

Checks computer location settings

Modifies file permissions

Reads user/profile data of web browsers

Loads dropped DLL

Checks whether UAC is enabled

Maps connected drives based on registry

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops desktop.ini file(s)

Enumerates connected drives

Checks installed software on the system

Drops file in System32 directory

Sets desktop wallpaper using registry

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Suspicious behavior: LoadsDriver

Suspicious use of WriteProcessMemory

Views/modifies file attributes

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Enumerates processes with tasklist

Suspicious use of SetWindowsHookAW

Checks processor information in registry

Modifies registry key

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Modifies data under HKEY_USERS

Kills process with taskkill

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-07-18 04:41

Signatures

Kutaki Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kutaki family

kutaki

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-18 04:41

Reported

2022-07-18 05:21

Platform

win10v2004-20220715-en

Max time kernel

1991s

Max time network

2280s

Command Line

C:\Windows\Explorer.EXE

Signatures

Modifies system executable filetype association

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip\ = "{E0D79305-84BE-11CE-9641-444553540000}" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\DragDropHandlers\WinZip C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip\ = "{E0D79305-84BE-11CE-9641-444553540000}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip\ = "{E0D79304-84BE-11CE-9641-444553540000}" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip\ = "{E0D79304-84BE-11CE-9641-444553540000}" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip C:\Program Files\WinZip\winzip64.exe N/A

Wannacry

ransomware worm wannacry

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe N/A

Contacts a large (551) amount of remote hosts

discovery

Creates new service(s)

persistence

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\drivers\protected_elam.sys C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Windows\system32\drivers\protected_elam.sys C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Windows\system32\drivers\webshieldfilter.sys C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Windows\system32\drivers\protected_elam.sys C:\Program Files (x86)\PCProtect\SecurityService.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2424_1845389723\ChromeRecovery.exe N/A
N/A N/A C:\Users\Admin\Downloads\winzip26-bing.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe N/A
N/A N/A C:\Program Files\WinZip\WzPreviewer64.exe N/A
N/A N/A C:\Program Files\WinZip\WzPreloader.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe N/A
N/A N/A C:\Program Files\WinZip\FAHConsole.exe N/A
N/A N/A C:\Program Files\WinZip\FAHWindow64.exe N/A
N/A N/A C:\Program Files\WinZip\adxregistrator.exe N/A
N/A N/A C:\Program Files\WinZip\adxregistrator.exe N/A
N/A N/A C:\Program Files\WinZip\WZUpdateNotifier.exe N/A
N/A N/A C:\Program Files\WinZip\WzBGTComServer64.exe N/A
N/A N/A C:\Program Files\WinZip\WzBGTools64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
N/A N/A C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\102.286.200\software_reporter_tool.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe N/A
N/A N/A \??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe N/A

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\GetOut.tif.WNCRYT => C:\Users\Admin\Pictures\GetOut.tif.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File renamed C:\Users\Admin\Pictures\ResolvePing.png.WNCRYT => C:\Users\Admin\Pictures\ResolvePing.png.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File renamed C:\Users\Admin\Pictures\PushAdd.png.WNCRYT => C:\Users\Admin\Pictures\PushAdd.png.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File created C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRYT C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\Pictures\GetOut.tif.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File renamed C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRYT => C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File renamed C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRYT => C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\Pictures\PushAdd.png.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File created C:\Users\Admin\Pictures\ResolvePing.png.WNCRYT C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\Pictures\ResolvePing.png.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File created C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRYT C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File renamed C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRYT => C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRY C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File created C:\Users\Admin\Pictures\GetOut.tif.WNCRYT C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File created C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRYT C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File created C:\Users\Admin\Pictures\PushAdd.png.WNCRYT C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\Pictures\LockUnregister.tiff C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32 C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\RuntimeVersion = "v2.0.50727" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "mscoree.dll" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Both" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Class = "WinZipExpressForOffice.AddinModule" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{523EB855-2A2D-4A56-8581-FF17D9728093}\InProcServer32\ = "oleaut32.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D7930A-84BE-11CE-9641-444553540002}\LocalServer32\ = "C:\\Program Files\\WinZip\\WzPreviewer64.exe" C:\Program Files\WinZip\WzPreviewer64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\RuntimeVersion = "v2.0.50727" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\WZSHLS64.DLL" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "mscoree.dll" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, Version=3.5.14535.0, Culture=neutral, PublicKeyToken=86e07f6d9d2175ee" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "C:\\Program Files\\WinZip\\adxloader64.WinZipExpressForOffice.dll" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Class = "WinZipExpressForOffice.AddinModule" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Assembly = "WinZipExpressForOffice, Version=3.5.14535.0, Culture=neutral, PublicKeyToken=86e07f6d9d2175ee" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, PublicKeyToken=86E07F6D9D2175EE" C:\Program Files\WinZip\adxregistrator.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Assembly = "WinZipExpressForOffice, Version=3.5.14535.0, Culture=neutral, PublicKeyToken=86e07f6d9d2175ee" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, PublicKeyToken=86E07F6D9D2175EE" C:\Program Files\WinZip\adxregistrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{523EB855-2A2D-4A56-8581-FF17D9728093}\InProcServer32\ThreadingModel = "Both" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Class = "WinZipExpressForOffice.AddinModule" C:\Program Files\WinZip\adxregistrator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 C:\Program Files\WinZip\adxregistrator.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}\LocalServer32\ = "\"C:\\Program Files (x86)\\PCProtect\\PCProtect.exe\" -ToastActivated" C:\Program Files (x86)\PCProtect\PCProtect.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79307-84BE-11CE-9641-444553540000}\InProcServer32 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79307-84BE-11CE-9641-444553540000}\InProcServer32 C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\WZSHLS64.DLL" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 C:\Program Files\WinZip\adxregistrator.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Both" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\RuntimeVersion = "v2.0.50727" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\RuntimeVersion = "v2.0.50727" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{784C04A3-2E5A-4E7C-A7F7-7D97E27859AD}\LocalServer32\ = "C:\\Program Files\\WinZip\\winzip64.exe" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79307-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\wzshls64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Class = "WinZipExpressForOffice.AddinModule" C:\Program Files\WinZip\adxregistrator.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\wzshls64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA9DBE8-C0B1-42c9-B6C7-856BE5756855}\LocalServer32\ = "\"C:\\Program Files\\WinZip\\WzBGTComServer64.exe\"" C:\Program Files\WinZip\WzBGTComServer64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{784C04A3-2E5A-4E7C-A7F7-7D97E27859AD}\LocalServer32 C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Both" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Class = "WinZipExpressForOffice.AddinModule" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\wzshls64.dll" C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Class = "WinZipExpressForOffice.AddinModule" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, PublicKeyToken=86E07F6D9D2175EE" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{523EB855-2A2D-4A56-8581-FF17D9728093}\InProcServer32\InprocServer32 = 41003000310036004600300046003100310031003700330046004300440031003700440042003600000034006b00480038004800730024006a0049003d00270045006600280049007a00500069005a004700450043004400430036003e004d0035004b0044005900530055006e0066002800480041002a004c005b00780065005800290079002400660031002c004200460079004000580039002d00410045007d0026004d003500500025005900500072006f006700720061006d005f0044006100740061003e004d0035004b0044005900530055006e0066002800480041002a004c005b007800650058002900790000000000 C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32 C:\Windows\System32\MsiExec.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation C:\Program Files\WinZip\winzip64.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD355B.tmp C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3572.tmp C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A
N/A N/A C:\Windows\SysWOW64\icacls.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pivepxpsij972 = "\"C:\\Users\\Admin\\Downloads\\WannaCry-main\\WannaCry-main\\tasksche.exe\"" C:\Windows\SysWOW64\reg.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinZip FAH = "C:\\Program Files\\WinZip\\FAHConsole.exe" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Powder = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\powder-desktop\\Powder.exe\" --start-hidden" C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run C:\Windows\SysWOW64\reg.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinZip UN = "\"C:\\Program Files\\WinZip\\WZUpdateNotifier.exe\" -show" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Windows\CurrentVersion\Run C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\WinZip\winzip64.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Program Files\WinZip\winzip64.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A

Legitimate hosting services abused for malware hosting/C2

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db-journal C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SecurityService\SecurityService_Url_0y5odhsgmzbzdute3dv1u0i2p1urm0we\2u50hwmi.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SecurityService\SecurityService_Url_0y5odhsgmzbzdute3dv1u0i2p1urm0we\2u50hwmi.newcfg C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db-journal C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PCProtect\vdf_1658127478.zip C:\Program Files (x86)\PCProtect\SecurityService.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" C:\Users\Admin\Desktop\@[email protected] N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\PCProtect\netstandard.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00160.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00191.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00194.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files\WinZip\en-US\WzWXFcmbpdf64.dll.mui C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\WinZip\AddinExpress.OL.2005.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\WinZip\en-US\USRCOMBO.WJF C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00172.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-13ulrzqk.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files\WinZip\AddinExpress.MSO.2005.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\PCProtect\System.Reflection.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\System.Xml.Serialization.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00018.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-n3epflwl.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00201.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00246.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\tmp\avupdate_tmp_19HF1V\savapi4-ave2\win32\en\aeheur_mv.dat.gz C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe N/A
File created C:\Program Files\WinZip\BoxService.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\aelidb.dat C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\savapi_post.bat C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00087.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-15z3taj1.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\aesbx.dll C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe N/A
File created C:\Program Files\WinZip\WzWXFmfire64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\PCProtect\System.ComponentModel.Annotations.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\on_access\win32\win7\avkmgr.cat C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\System.Net.WebSockets.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-01bduzzl.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00139.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-q14zylsd.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00244.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files\WinZip\WzWXFcldme64.dll C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Program Files\WinZip\wzcab.dll C:\Windows\System32\MsiExec.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\installer.log C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files\WinZip\IMClient.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\WinZip\NASCloudService.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\PCProtect\System.Runtime.WindowsRuntime.UI.Xaml.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\aebb.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00015.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00064.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-vpu0izrw.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-yb1gdye4.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files\WinZip\en-US\ZipShareService.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\PCProtect\PresentationCore.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\System.Windows.Presentation.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\avupdate.log C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\tmp\avupdate_tmp_19HF1V\savapi4-ave2\win32\en\aehelp.dll C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe N/A
File created C:\Program Files (x86)\PCProtect\System.Security.Cryptography.Csp.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\mscorrc.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\driver\i386\OemWin2k.inf C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\on_access\win64\win7\avgio.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-qu3q5dku.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files\WinZip\CloudStorageService.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\WinZip\WzWXFln64.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\PCProtect\System.Reflection.Emit.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00239.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\tmp\avupdate_tmp_19HF1V\savapi4-ave2\win32\en\aescript.dll C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-0ir4dw1o.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-3jhj5yyz.tmp C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File opened for modification C:\Program Files (x86)\PCProtect\SAVAPI\xbv00176.vdf C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
File created C:\Program Files (x86)\PCProtect\SAVAPI\aeheur.dll C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe N/A
File created C:\Program Files\WinZip\en-US\WXFSGNPDF.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\PCProtect\PresentationFramework.Luna.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A
File created C:\Program Files (x86)\PCProtect\lib_SCAPI.dll C:\Users\Admin\Downloads\PCProtect_Setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI9FFB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA9E4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\win.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Windows\Installer\MSIA0C8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB7AA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDA95.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\SbkupStub64_ShortCut_StartMenu.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\win.ini C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\ARPPRODUCTICON.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\Sbkup64_ShortCut_StartMenu.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_StartMenu.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1E35.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA4BA.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA634.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\WIN.INI C:\Program Files\WinZip\winzip64.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_Desktop.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1E34.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAB62.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI517.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1CF8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID74D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID76F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI781.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI14B5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA4DB.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5C8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\Sbkup64_ShortCut_Desktop.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1C5B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB942.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID965.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID975.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED87.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\PdfUtil64_ShortCut_StartMenu.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1A83.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA169.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA995.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDAA6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDAD8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_Desktop.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA0A8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIAA26.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\ImgUtilStub64_Shortcut_Desktop.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\ImgUtilStub64_Shortcut_StartMenu.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI20A7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID73D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDA46.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\SbkupStub64_ShortCut_StartMenu.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1A94.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_MenuGroup.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\Sbkup64_ShortCut_Desktop.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_Preloader.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI1B31.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIA118.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIC634.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\win.ini C:\Program Files\WinZip\winzip64.exe N/A
File created C:\Windows\Installer\e5a99c1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID9C4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDAB7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5A8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\PdfUtilStub64_Shortcut_Desktop.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\win.ini C:\Program Files\WinZip\winzip64.exe N/A
File created C:\Windows\ELAMBKUP\protected_elam.sys C:\Program Files (x86)\PCProtect\SecurityService.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cd8915632a09e1fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cd8915630000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900cd891563000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cd89156300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cd89156300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Enumerates processes with tasklist

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\tasklist.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "0" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3486" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1946" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1237" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "235" C:\Program Files\WinZip\winzip64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3072" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "111" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3781" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1237" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1946" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "4194" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3073" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "235" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1529" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1244" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "235" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1242" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3486" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "4194" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "235" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3073" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "111" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "820" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1242" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "0" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "4194" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\DOMStorage\corel.com C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1943" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1237" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\WebAuthBroker.exe = "10000" C:\Windows\System32\MsiExec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1946" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3068" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1240" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1242" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "2655" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3072" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3072" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "124" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "819" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1242" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "111" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3781" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1237" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "111" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1237" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "820" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1235" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3781" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3781" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3072" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3490" C:\Program Files\WinZip\winzip64.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\Splitter\Enabled = "1" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\UpdateCheck\Period = "7" C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFcmbpdf C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFdbox C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFzshare\Default C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WinZip C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzAddrgcts C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\Statistics\Collect = "1" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFcldme\Default\WritableRootFolder = "\\" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\PowerPoint\AddIns\WinZipExpressForOffice.AddinModule C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\winzip\Setup = "0" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\wzshlext\AddToFolder = "1" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Size = "5,R,48,T" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Encrypt = "1,L,18,T" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFcnvp C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFoned\Default\WritableRootFolder = "\\" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Name = "2,L,216,T" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Path = "10,L,-2,F" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\wzshlext C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\WinZip Computing\WinZip Computing = "Please look in the Nico Mak Computing section for WinZip keys, values, and settings." C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFnas\Default C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\WinZip\adxregistrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\winzip\ReuseWindows = "1" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFssync\Default C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Word\AddIns\WinZipExpressForOffice.AddinModule\Description = "AddinModule" C:\Program Files\WinZip\adxregistrator.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFcldme\Default\MaxUploadSizeMB = "0" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFoned C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.BZ2 = "1" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\GridLines = "0" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFgdrv\Default C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\wzshlext\MenuCfgTable = "222222222222222222222222222221" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\Common\Email\Services\ = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><mailservices default=\"Gmail\"><mailservice name=\"Gmail\" login=\"yes\" help=\"yes\" encryption=\"tls\"><smtp server=\"smtp.gmail.com\" port=\"587\"/><domains>gmail.com</domains></mailservice><mailservice name=\"Hotmail\" login=\"yes\" help=\"no\" encryption=\"tls\"><smtp server=\"smtp.live.com\" port=\"587\"/><domains>hotmail.*;live.*;msnhotmail.com</domains></mailservice><mailservice name=\"Yahoo!\" login=\"yes\" help=\"yes\" encryption=\"none\"><smtp server=\"plus.smtp.mail.yahoo.com\" port=\"465\"/><domains>yahoo.com;sbcglobal.com</domains></mailservice><mailservice name=\"Outlook.com\" login=\"yes\" help=\"yes\" encryption=\"tls\"><smtp server=\"smtp-mail.outlook.com\" port=\"587\"/><domains>outlook.com;*.onmicrosoft.com</domains></mailservice></mailservices>" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFivrs C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.TBZ2 = "1" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\winzip\AlwaysOnTop = "0" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\Splitter C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\UpdateCheck\AskFirst = "0" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\PowerPoint C:\Program Files\WinZip\adxregistrator.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFbox\Default\MaxUploadSizeMB = "0" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.VHD = "0" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\caution\ErrDelFileCaution = "0" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Packed = "7,R,54,T" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\Common\Email\Services C:\Program Files\WinZip\winzip64.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\Common\Email C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.CAB = "1" C:\Program Files\WinZip\winzip64.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\MainGUI = "WinZip" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\MediaFireCloud = "CloudSvc" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\MRUListEx = ffffffff C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vhd\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F} C:\Program Files\WinZip\WzPreviewer64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wztheme\WinZip.Theme\ShellNew C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.ZipX\ = "WinZip Zipx File" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\PdfUtil = "\x06Applets" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\PCProtect\SeparatorAfter C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.B64\ShellEx C:\Program Files\WinZip\WzPreviewer64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Component Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} C:\Program Files\WinZip\adxregistrator.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.SetupConfig\shell\open\ = "Configure WinZip" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32 C:\Windows\System32\MsiExec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ = "WinZip" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\CloudMeCloudFiles = "CloudMeCloud" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\Themes = "WinZip" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.GZ C:\Program Files\WinZip\WzPreviewer64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip\ = "WinZip File" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.swjf\ = "WinZip.SecureBackup" C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Windows\Explorer.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\PdfUtilDesktopIcon = "\x06PdfUtil" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\PCProtect\Icon = "\"C:\\Program Files (x86)\\PCProtect\\PCProtect.exe\"" C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\ImgUtilFiles = "\x06ImgUtil" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinZip\ = "{E0D79305-84BE-11CE-9641-444553540000}" C:\Windows\System32\MsiExec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.BHX\WinZip\ShellNew C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.MIM\ = "WinZip" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\NASCloudFiles = "NASCloud" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\DropboxCloudFiles = "DropboxCloud" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Windows\Explorer.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Windows\Explorer.EXE N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ShellEx C:\Program Files\WinZip\WzPreviewer64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 6400310000000000f2543438100057414e4e41437e3100004c0009000400efbef2542938f25434382e0000000b3f020000000b000000000000000000000000000000406d6100570061006e006e0061004300720079002d006d00610069006e00000018000000 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.hqx\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}\ = "{E0D7930A-84BE-11CE-9641-444553540002}" C:\Program Files\WinZip\WzPreviewer64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.jpeg C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.7z C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\SugarSyncCloud = "CloudSvc" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WzExpForSPExtension\shell\open\command\ = "\"C:\\Program Files\\WinZip\\WzExpForSPExtension.exe\" \"%1\"" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.BZ2 C:\Program Files\WinZip\WzPreviewer64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.LZS\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F} C:\Program Files\WinZip\WzPreviewer64.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2 = 8a00310000000000f2547739100052414e534f4d7e312e302d4d00006e0009000400efbef2547739f25478392e000000a42d02000000080000000000000000000000000000009b911f00520041004e0053004f004d0057004100520045002d00570041004e004e0041004300520059002d0032002e0030002d006d006100730074006500720000001c000000 C:\Windows\Explorer.EXE N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\Previewer = "WinZip" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\RuntimeVersion = "v2.0.50727" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "C:\\Program Files\\WinZip\\adxloader64.WinZipExpressForOffice.dll" C:\Program Files\WinZip\adxregistrator.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\AddressBookEnglishFiles = "AddressBook" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile\shell\open C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0D7930A-84BE-11CE-9641-444553540002}\LocalServer32\ = "C:\\Program Files\\WinZip\\WzPreviewer64.exe" C:\Program Files\WinZip\WzPreviewer64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ = "WinZip" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.wjf\WinZip.JobFile\ShellNew C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.vmdk\WinZip\ShellNew C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\166F59DC4C5A5F446AAACEDD192C14F3\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile\shell\open C:\Program Files\WinZip\winzip64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile\shell\ = "open" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\discord-973501835119837244\DefaultIcon C:\Users\Admin\AppData\Local\Programs\powder-desktop\PowderRecorderCli.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.wzmul C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.ZipX\shell\print\command\ = "\"C:\\Program Files\\WinZip\\winzip64.exe\" /print /ni \"%1\"" C:\Program Files\WinZip\winzip64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.RAR\WinZip C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Windows\Explorer.EXE N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\reg.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C4D8249BB310BA6E0A062CB88F91E00716FC6694 C:\Program Files (x86)\PCProtect\SecurityService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C4D8249BB310BA6E0A062CB88F91E00716FC6694\Blob = 030000000100000014000000c4d8249bb310ba6e0a062cb88f91e00716fc66942000000001000000320300003082032e30820216a003020102021100bdb09ca1e11fa45c1d7294f3a9d1aa8f300d06092a864886f70d01010b0500303f310b300906035504061302454e3130302e06035504030c27504350726f74656374204d616c6963696f75732055524c2050726f74656374696f6e20434120323020170d3032303732333036353930325a180f32303632303730383036353930325a303f310b300906035504061302454e3130302e06035504030c27504350726f74656374204d616c6963696f75732055524c2050726f74656374696f6e204341203230820122300d06092a864886f70d01010105000382010f003082010a0282010100d102fac59471f2454e80b9ee0861ed6bc62c3adfc79948a74cab6431221d7b71df61aa005a245e6c3327cda20d5c08adb0d221feb6341439cede4d10d764e688b7eabc1894335631312cf2bb7018c589ba265131a95e54f5632f511c7f64f87025a21b0f37aaf37258301de0e6985740c2bc17b760f47b6ce2abce7c04bff132729f8d8813a4a627589f2add6ff03882c301b842988c8437cf996bac4b8052ba490037f68e5c534c9ede75ed439b281ad72ce839e02e73464b10929aa8d1b67302beb4e67d5bb38bfca987818ffe16130e77dc73b89a042671727239f9c7b1dad7e1b249c30f51a713dd9dd7f7eba4617c90ae2c806af2cec304d8759e219fe10203010001a3233021300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101006eb668d320d84b9f59d812e9a3068a34722825f733c6696c0c55284315bf3c20c42bbd426d0e3c7e8bd22e5247fd2fb804dfb86d9549d3d8c0cc3bc60b2a74915d6dd4261b511962038e61962c9f3616c2cc77b8a26a42a3fb7e0ac68780c1d56c862a7d5a3561ffb6e4ba1831aef8af3bf77ecfbba594f92f52dda9f651ccef81d9c48004c8994ae66f506f91bfe552ea3504799fda74b92e2345712f7d4ba41bbc8e749d3dd582086e6cdcf45bec67b1e4c561add6cf57efb1927ab416939f6f7a28f9d929ec6fd434b67b4a723a629be6304c57a5ecf2684dcc8a2b45356520917b928b2479bc6273dca8d697f9389947424e6d44a6cd7d2c8588bdf62250 C:\Program Files (x86)\PCProtect\SecurityService.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A
N/A N/A C:\Windows\System32\MsiExec.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files (x86)\PCProtect\PCProtect.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Program Files\WinZip\winzip64.exe N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\@[email protected] N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected] N/A
N/A N/A C:\Windows\Explorer.EXE N/A
N/A N/A C:\Windows\Explorer.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4960 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe C:\Windows\SysWOW64\cmd.exe
PID 4960 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe C:\Windows\SysWOW64\cmd.exe
PID 4960 wrote to memory of 2404 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe C:\Windows\SysWOW64\cmd.exe
PID 4768 wrote to memory of 3544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 3544 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 1472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4768 wrote to memory of 4428 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A
N/A N/A C:\Windows\SysWOW64\attrib.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c C:\Users\Admin\AppData\Local\Temp\

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4916 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1104 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6284 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x33c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6536 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2620 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3580 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4876 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8

C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"

C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2424_1845389723\ChromeRecovery.exe

"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2424_1845389723\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={fd001846-9245-4a4d-ac8c-461bc36da8f6} --system

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1456 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6900 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6452 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6168 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7220 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7172 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7152 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7924 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7884 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8084 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8060 /prefetch:8

C:\Users\Admin\Downloads\winzip26-bing.exe

"C:\Users\Admin\Downloads\winzip26-bing.exe"

C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe

run=1 shortcut="C:\Users\Admin\Downloads\winzip26-bing.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A70ABAC2853BF1C34C609760AAE66E6A

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 8FC3B6A39F956BF4D3E8CD215428223A

C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe

"C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe"

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DB926FDC-2495-4052-8A37-E5D04A15F3DB}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55FE02C4-DC91-4CED-9EDD-B3E6D76CE618}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C7545F9-0411-4E55-8F98-B3B15BF7E781}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{850D33F1-3DB1-4942-9471-A57ED9F66177}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFECB41B-8CEF-448F-A669-FB00C34582D0}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8A3D7CB4-FF6E-40D3-9431-C8A63092B9A0}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6E0A6474-7180-4357-A432-4B23B8D15DDB}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6A6F79CA-46C2-43C6-8FE9-2F2214B18080}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D85ACBA5-C7FC-4EB5-8EC9-B573BCA09651}

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{93794825-D128-4241-8864-1EB783825FED}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9436F9E1-FFC3-48BF-BBC3-8655C5DF3AC8}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AC76CBDD-6BF9-4E4F-94F5-BB9B6B123E56}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10FB2375-A9D3-409E-8655-AAB7D1BAFD63}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{25A40759-80FB-4E3E-9716-D4B39B1F32A8}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EAADA687-71FC-491E-B2AD-D5881467A137}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A0ACA309-A10C-4FFF-867F-AB668D9D2C40}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8127CEAC-1177-43E3-ACC0-125EE9614413}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{25E2C77C-11E2-4EF6-90B7-8231DBB58EBA}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{60BED4D7-EA1B-42AA-A203-523740FFEDAB}

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7ECE8154-631F-4EFC-AD28-2309E3E4698D}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28944EF5-A45D-4B89-9DB1-0E1801E46695}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{78C1EDAE-6A0C-4DF5-8D0E-D87323A42F2A}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{67C4034F-D9C1-48A1-AB29-330FC6F40031}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{649F78D1-2AE6-4635-9289-DA8AFE0040EC}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C341B77D-F3A1-45B5-AA84-D0C31F7A31CF}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FBE67055-3A49-44A7-BCB6-B560320AC795}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5AE8846A-8C20-4208-B9D6-A1CB03776992}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6E35CDED-5378-4044-823B-7C6D43C80608}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{16B6B4DA-11A2-4929-B214-46E32DB522BB}

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1EBAF034-E359-4B5C-AEC7-32EFBF5B7C73}

C:\Windows\System32\MsiExec.exe

C:\Windows\System32\MsiExec.exe -Embedding 5A9BD59A9DCB3DD2AAA40B10D35E8C5F E Global\MSI0000

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:8

C:\Program Files\WinZip\WzPreviewer64.exe

"C:\Program Files\WinZip\WzPreviewer64.exe" -regserver winzip64

C:\Program Files\WinZip\WzPreloader.exe

"C:\Program Files\WinZip\WzPreloader.exe"

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe" /noqp /nodesktop /nostartmenu /nomenugroup /autoinstall /lang 1033

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 327D0F4B1A9BB552818616FAD8D312A9 E Global\MSI0000

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75F79232-BE5B-4225-9512-011AE1E89C55}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FF42A0AF-B612-4212-AA66-7D5D46F230D9}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{708D0131-4F7D-4A40-A878-2CD46A15CDF7}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{07512CF4-002C-4902-9927-56393319C66A}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B07B3F79-C416-43CB-8856-153D31A2CC5B}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{74A5CD3C-8B24-42B7-BB33-7ACB785032ED}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{89144EEC-82AA-434B-B6A2-3E9FE687F230}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E451FBFE-43AD-4819-981A-FF4A6965A202}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9EF8B3A1-82E7-4647-992B-819931E926F2}

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0567FCD8-48A5-4EAA-A24B-451CC40E41D6}

C:\Program Files\WinZip\FAHConsole.exe

"C:\Program Files\WinZip\FAHConsole.exe"

C:\Program Files\WinZip\FAHWindow64.exe

"C:\Program Files\WinZip\FAHWindow64.exe" register

C:\Program Files\WinZip\adxregistrator.exe

"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=user /GenerateLogFile=false

C:\Program Files\WinZip\adxregistrator.exe

"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=admin /GenerateLogFile=false

C:\Windows\SysWOW64\schtasks.exe

C:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 1" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_9AM\" -show" /ST 09:36 /F

C:\Windows\SysWOW64\schtasks.exe

C:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 2" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_12PM\" -show" /ST 12:36 /F

C:\Windows\SysWOW64\schtasks.exe

C:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 3" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_3PM\" -show" /ST 15:36 /F

C:\Program Files\WinZip\WzBGTComServer64.exe

"C:\Program Files\WinZip\WzBGTComServer64.exe" /REGSERVER

C:\Program Files\WinZip\WZUpdateNotifier.exe

"C:\Program Files\WinZip\WZUpdateNotifier.exe"

C:\Program Files\WinZip\WzBGTools64.exe

"C:\Program Files\WinZip\WzBGTools64.exe" /s

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.winzip.com/instcmplt.cgi?pid=WNZP&ver=26.0.15033.0&lang=en&osbits=64&vid=oemg&x-at=bing

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca25546f8,0x7ffca2554708,0x7ffca2554718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7504 /prefetch:8

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\ZwLoader.zip"

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7160 /prefetch:8

C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe

"C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4800 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1996 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2972 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5816 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6616 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3632 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5552 /prefetch:8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\102.286.200\software_reporter_tool.exe

"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\102.286.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=bar61aL9B0cjXVzUU1M7nhAEe5SIxmVhNZY5DdeE --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=102.286.200 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff78de9ecc8,0x7ff78de9ecd8,0x7ff78de9ece8

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_808_BGOMNKPCIOGJJRJP" --sandboxed-process-id=2 --init-done-notifier=760 --sandbox-mojo-pipe-token=3661897917861546039 --mojo-platform-channel-handle=736 --engine=2

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe

"c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_808_BGOMNKPCIOGJJRJP" --sandboxed-process-id=3 --init-done-notifier=1000 --sandbox-mojo-pipe-token=9853554866268473617 --mojo-platform-channel-handle=996

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5688 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6808 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6160 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8048 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8028 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8244 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8040 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8272 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10052 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11196 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11760 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12988 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12860 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12720 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11632 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13004 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13424 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11320 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7248 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9356 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12868 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9012 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12908 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12912 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13492 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12924 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12240 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7004 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1

C:\Users\Admin\Downloads\Powder-latest.exe

"C:\Users\Admin\Downloads\Powder-latest.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11764 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=175 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12596 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=174 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13976 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11316 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11796 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=188 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=193 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=191 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12528 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12044 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14068 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14236 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=197 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11380 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14300 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12476 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=201 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11600 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=202 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=203 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=204 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14056 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=205 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=206 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=207 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=210 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=209 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=208 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10496 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=211 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=212 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=213 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=214 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=215 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14216 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=216 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=217 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=218 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=219 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=220 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=221 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=222 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=223 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13140 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=224 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=225 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9684 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10208 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9336 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9680 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13568 /prefetch:8

C:\Users\Admin\Downloads\PCProtect_Setup.exe

"C:\Users\Admin\Downloads\PCProtect_Setup.exe"

C:\Windows\SysWOW64\Wbem\wmic.exe

wmic.exe path Win32_Process where executablepath="C:\\Program Files (x86)\\PCProtect\\PCProtect.exe" delete

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /f /T /IM "avupdate.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /f /T /IM "Update.Win.exe"

C:\Windows\SysWOW64\taskkill.exe

"taskkill" /f /T /IM "PasswordExtension.Win.exe"

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\PCProtect\SecurityService.exe

"C:\Program Files (x86)\PCProtect\SecurityService.exe" "--install"

C:\Windows\SysWOW64\sc.exe

"sc" create SecurityService start= auto binpath= "\"C:\Program Files (x86)\PCProtect\SecurityService.exe\"" displayname= "PC Security Management Service" obj= LocalSystem password= ""

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4568 -ip 4568

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 4376

C:\Program Files (x86)\PCProtect\PCProtect.exe

"C:\Program Files (x86)\PCProtect\PCProtect.exe" --installed --installer="C:\Users\Admin\Downloads\PCProtect_Setup.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Powder.exe" | %SYSTEMROOT%\System32\find.exe "Powder.exe"

C:\Windows\SysWOW64\find.exe

C:\Windows\System32\find.exe "Powder.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Powder.exe"

C:\Program Files (x86)\PCProtect\SecurityService.exe

"C:\Program Files (x86)\PCProtect\SecurityService.exe"

C:\Program Files (x86)\PCProtect\PCProtect.exe

"C:\Program Files (x86)\PCProtect\PCProtect.exe"

C:\Program Files (x86)\PCProtect\SecurityService.exe

"C:\Program Files (x86)\PCProtect\SecurityService.exe" --run-service --run-service-id=5240

C:\Users\Admin\AppData\Local\Temp\nst700.tmp\custom-installer.exe

C:\Users\Admin\AppData\Local\Temp\nst700.tmp\custom-installer.exe --vcredist C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe --app-id "gg.powder.desktop" --app-version "2.26.0" --install-folder "C:\Users\Admin\AppData\Local\Programs\powder-desktop"

C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe

C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe /q /norestart

C:\Windows\Temp\{935EB077-FD82-497F-A3CA-1C11056CFE1A}\.cr\vc_redist.x64.exe

"C:\Windows\Temp\{935EB077-FD82-497F-A3CA-1C11056CFE1A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe" -burn.filehandle.attached=536 -burn.filehandle.self=532 /q /norestart

C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe

"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe"

C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe

"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe

"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --mojo-platform-channel-handle=2000 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Local\Programs\powder-desktop\PowderRecorderCli.exe

./PowderRecorderCli.exe

C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe

"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --app-user-model-id=gg.powder.desktop --app-path="C:\Users\Admin\AppData\Local\Programs\powder-desktop\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=3236 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe

"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net

C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe

"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net

C:\Program Files (x86)\PCProtect\SAVAPI\apc_random_id_generator.exe

"C:\Program Files (x86)\PCProtect\SAVAPI\apc_random_id_generator.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe

"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pcprotect.com/video?logintoken=NzdkNzI4MTUtNmZkNy00NDcyLWE0NGYtODA4MzJkOGY3NzcwXzE2NTgxMjc0MzFAcHJvdGVjdGVkLXNpZ251cC5jb206MmMxNzhlMzgyNjcyODBhYzVkNWI5MDUyYzBmYzM4M2Q2OTE5NzA1YzpmY2NmMmVlZTI3MmZiZGQzZDcxOGZmNmNmMjJhMmZlZDg0NmQ5ODRlMDAyMDAyZjAyMzJlNzNkM2EwMWNlNWE3OjU1NjU4MTM0&source=WIN_GUIV2_CREATED_ACCOUNT&action=NONE&sourceGroup=win-app

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x40,0xe4,0xdc,0xe0,0x108,0x7ffca2e746f8,0x7ffca2e74708,0x7ffca2e74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4196 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=231 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13304 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=232 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x33c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=233 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13140 /prefetch:1

C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe

"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=780 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=234 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=235 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=12236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=237 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://secure.pcprotect.com/?logintoken=NzdkNzI4MTUtNmZkNy00NDcyLWE0NGYtODA4MzJkOGY3NzcwXzE2NTgxMjc0MzFAcHJvdGVjdGVkLXNpZ251cC5jb206MmMxNzhlMzgyNjcyODBhYzVkNWI5MDUyYzBmYzM4M2Q2OTE5NzA1YzpmY2NmMmVlZTI3MmZiZGQzZDcxOGZmNmNmMjJhMmZlZDg0NmQ5ODRlMDAyMDAyZjAyMzJlNzNkM2EwMWNlNWE3OjU1NjU4MTM0&source=WIN_GUIV2_FREE_EDITION_REALTIME_ENABLE_ATTEMPT&action=NONE&sourceGroup=win-app&plan=RTP

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2e746f8,0x7ffca2e74708,0x7ffca2e74718

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12948 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 /prefetch:3

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\WannaCry-main.zip"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13192 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3120 /prefetch:8

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4156 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE

"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE"

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 270491658127690.bat

C:\Windows\SysWOW64\cscript.exe

cscript.exe //nologo m.vbs

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Desktop\@[email protected]

"C:\Users\Admin\Desktop\@[email protected]"

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b @[email protected] vs

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected] co

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected] vs

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pivepxpsij972" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\SysWOW64\reg.exe

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pivepxpsij972" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f

C:\Windows\system32\notepad.exe

"C:\Windows\system32\notepad.exe"

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Music\ResumeApprove.jfif" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Music\UndoImport.xla"

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=241 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\ZwLoader\VAC.exe

"C:\ZwLoader\VAC.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=242 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=243 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=244 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=245 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=247 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=248 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x40c 0x33c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=249 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=250 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=251 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1592 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4504 /prefetch:8

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3236 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1620 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2040 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2440 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4928 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6164 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1532 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2312 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3320 /prefetch:8

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7064 /prefetch:8

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\CSGhost-v4.rar"

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Users\Admin\Downloads\CSGhost-v4.exe

"C:\Users\Admin\Downloads\CSGhost-v4.exe"

C:\Users\Admin\Desktop\CSGhost-v4.exe

"C:\Users\Admin\Desktop\CSGhost-v4.exe"

C:\Program Files (x86)\PCProtect\PCProtect.exe

"C:\Program Files (x86)\PCProtect\PCProtect.exe" --custom-scan-context --custom-scan-archives --custom-scan-files="C:\Users\Admin\Desktop\CSGhost-v4.exe" --hide

C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe

"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4860 /prefetch:8

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6628 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4828 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6840 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7268 /prefetch:8

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7572 /prefetch:8

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip"

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip"

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Program Files\WinZip\winzip64.exe

"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry.zip"

C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe

"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Program Files\WinZip\WzWipe32.exe

"C:\Program Files\WinZip\WzWipe32.exe" "C:\Users\Admin\AppData\Local\Temp\wzd406" /nWinZip

C:\Program Files (x86)\PCProtect\PCProtect.exe

"C:\Program Files (x86)\PCProtect\PCProtect.exe" --custom-scan-context --custom-scan-archives --custom-scan-files="C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe" --hide

C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe

"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Windows\SysWOW64\icacls.exe

icacls . /grant Everyone:F /T /C /Q

C:\Windows\SysWOW64\attrib.exe

attrib +h .

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe

taskdl.exe

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3e93855 /state1:0x41c64e6d

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe

taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

@[email protected]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 172.217.168.238:443 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 216.58.214.14:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r5---sn-5hneknek.gvt1.com udp
NL 74.125.8.138:80 r5---sn-5hneknek.gvt1.com tcp
US 8.8.8.8:53 apis.google.com udp
NL 216.58.214.14:443 apis.google.com tcp
US 8.8.8.8:53 chrome.google.com udp
NL 142.251.36.14:443 chrome.google.com tcp
NL 142.251.36.14:443 chrome.google.com tcp
NL 142.251.36.14:443 chrome.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
NL 216.58.214.8:443 ssl.google-analytics.com tcp
NL 142.251.36.10:443 content-autofill.googleapis.com tcp
NL 216.58.214.8:443 udp
NL 216.58.214.3:443 ssl.gstatic.com tcp
NL 216.58.214.14:443 apis.google.com udp
NL 142.251.39.97:443 udp
US 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 142.251.36.10:443 udp
NL 216.58.214.3:443 udp
NL 142.251.39.106:443 scone-pa.clients6.google.com tcp
NL 142.251.39.106:443 udp
US 8.8.8.8:443 dns.google udp
NL 216.58.214.14:443 apis.google.com tcp
NL 216.58.214.14:443 apis.google.com udp
NL 142.251.36.14:443 chrome.google.com tcp
NL 216.58.214.3:443 id.google.com tcp
DE 142.132.203.69:443 cheatersoul.com tcp
DE 142.132.203.69:443 tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 104.110.191.182:80 apps.identrust.com tcp
NL 142.251.36.10:443 udp
US 192.0.73.2:443 www.gravatar.com tcp
US 151.139.242.29:443 tcp
US 104.18.22.52:443 kit.fontawesome.com tcp
DE 136.243.63.184:443 tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 104.18.22.52:443 kit.fontawesome.com tcp
US 104.21.30.41:443 tcp
US 104.21.30.41:443 ka-f.fontawesome.com tcp
US 104.21.30.41:443 tcp
DE 136.243.63.186:443 tcp
NL 142.251.36.14:443 chrome.google.com udp
US 93.184.220.29:80 tcp
US 8.247.210.254:80 tcp
NL 142.251.36.1:443 tcp
NL 142.251.36.1:443 udp
US 216.239.32.36:443 udp
NL 142.251.36.38:443 static.doubleclick.net tcp
US 169.62.154.242:443 www.dreamstime.com tcp
US 169.62.154.242:443 tcp
US 40.76.84.176:443 tcp
US 192.229.233.122:443 tcp
US 192.229.233.122:443 tcp
US 192.229.233.122:443 tcp
US 157.240.240.1:443 tcp
RU 77.88.21.119:443 tcp
FR 2.22.147.89:443 client.px-cloud.net tcp
NL 142.250.179.163:443 update.googleapis.com tcp
US 104.26.13.59:443 www.clickcease.com tcp
US 35.244.240.189:443 seoab.io tcp
US 35.186.220.184:443 collector-px2e972lwz.px-cloud.net tcp
US 142.250.102.155:443 udp
US 35.244.240.189:443 seoab.io tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 142.251.36.3:443 www.google.nl tcp
US 35.186.220.184:443 tcp
NL 142.251.36.38:443 udp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 216.58.214.14:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r5---sn-5hnednss.gvt1.com udp
NL 172.217.132.202:80 r5---sn-5hnednss.gvt1.com tcp
NL 216.58.214.3:443 udp
NL 142.250.179.163:443 udp
US 76.76.21.21:443 dogefiles.io tcp
US 76.76.21.93:443 www.dogefiles.io tcp
NL 13.227.211.212:443 dw55pg05c2rl5.cloudfront.net tcp
NL 52.222.137.80:443 dba9ytko5p72r.cloudfront.net tcp
US 104.21.45.207:443 tcp
US 104.21.45.207:443 freychang.fun tcp
NL 13.227.219.7:443 ospicalad.buzz tcp
US 172.67.139.211:443 tcp
NL 52.222.139.88:443 tcp
NL 52.222.137.80:443 dba9ytko5p72r.cloudfront.net tcp
US 157.240.240.35:443 tcp
NL 142.251.36.45:443 accounts.google.com udp
US 192.243.59.20:443 tcp
DE 52.29.132.48:443 tcp
US 192.243.59.13:443 tcp
US 192.243.59.13:443 tcp
US 192.243.59.13:443 tcp
US 192.243.59.13:443 tcp
US 192.243.59.13:443 tcp
US 192.243.59.13:443 tcp
NL 130.117.252.16:443 s3.eu-central-1.wasabisys.com tcp
NL 45.133.44.9:443 tcp
NL 45.133.44.9:443 cdn.cloudimagesb.com tcp
NL 31.220.27.134:443 s.viinxd.com tcp
US 172.67.217.88:443 xml.serve-servee.com tcp
NL 45.133.44.36:443 i.cdnkimg.com tcp
US 76.76.21.93:443 www.dogefiles.io tcp
DE 18.193.209.105:443 api.datastattech.com tcp
US 172.67.174.187:443 getsecuritysuite.com tcp
US 104.17.24.14:443 tcp
NL 142.251.39.97:443 udp
FR 2.18.228.108:443 tcp
NL 216.58.214.8:443 udp
NL 216.58.214.14:443 redirector.gvt1.com udp
NL 142.251.39.106:443 udp
NL 142.251.39.97:443 udp
NL 172.217.168.238:443 clients2.google.com udp
NL 172.217.168.238:443 clients2.google.com tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 r2---sn-5hneknee.gvt1.com udp
NL 74.125.8.71:80 r2---sn-5hneknee.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:443 dns.google udp
NL 142.251.36.14:443 chrome.google.com tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.142:443 google.com tcp
US 108.156.60.105:443 tcp
US 108.156.60.105:443 mepositis.com tcp
US 188.114.97.0:443 get.cehdw.com tcp
US 188.114.97.0:443 install.ultramapsearch.com tcp
US 69.16.175.42:443 tcp
US 69.16.175.42:443 tcp
US 69.16.175.42:443 tcp
US 188.114.97.3:443 trk-consulatu.com tcp
US 69.16.175.42:443 tcp
US 69.16.175.42:443 tcp
US 69.16.175.42:443 tcp
US 188.114.97.0:443 install.ultramapsearch.com tcp
US 188.114.97.0:443 event.trk-consulatu.com tcp
NL 216.58.214.3:443 udp
NL 142.251.36.14:443 chrome.google.com udp
NL 13.69.68.17:443 tcp
NL 142.250.179.206:443 udp
US 188.114.96.3:443 ultramapsearch.com tcp
US 188.114.96.3:443 tcp
US 8.8.8.8:53 subscription.trk-consulatu.com udp
US 151.139.128.11:443 static-02.veve.com tcp
US 151.139.128.11:443 static-02.veve.com tcp
US 151.139.128.11:443 static-02.veve.com tcp
US 34.96.99.173:443 tcp
US 34.96.99.173:443 tcp
US 151.139.128.11:443 static-02.veve.com tcp
US 151.139.128.11:443 static-02.veve.com tcp
NL 142.251.36.1:443 udp
US 216.239.32.116:443 tcp
US 216.239.34.117:443 tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 216.239.32.116:443 udp
US 216.239.34.117:443 udp
US 8.8.8.8:53 r3---sn-5hne6nzk.gvt1.com udp
NL 172.217.132.136:80 r3---sn-5hne6nzk.gvt1.com tcp
US 104.21.88.28:443 get.spefp.com tcp
US 104.21.24.110:443 install.youradsblocksearch.com tcp
US 69.16.175.42:443 tcp
US 69.16.175.42:443 tcp
US 69.16.175.42:443 tcp
GB 94.31.29.32:443 tcp
NL 142.250.179.142:443 udp
DE 18.193.209.105:443 api.datastattech.com tcp
NL 13.227.219.7:443 ospicalad.buzz tcp
US 35.224.74.90:443 tcp
US 34.117.198.220:443 www.totalav.com tcp
US 35.244.242.197:443 tcp
US 35.244.242.197:443 tcp
US 35.186.251.103:443 tcp
US 35.186.251.103:443 tcp
NL 52.222.139.21:443 widget.trustpilot.com tcp
US 104.16.244.78:443 api.dogefiles.io tcp
US 44.195.137.121:443 tcp
CA 34.130.135.16:443 e2c21.gcp.gvt2.com tcp
NL 172.217.168.227:443 beacons.gvt2.com tcp
NL 142.251.36.45:443 accounts.google.com udp
NL 142.250.179.206:443 udp
DE 18.193.209.105:443 api.datastattech.com tcp
NL 130.117.252.29:443 dogefiles-main.s3.eu-central-1.wasabisys.com tcp
NL 130.117.252.29:443 tcp
NL 142.251.36.14:443 chrome.google.com udp
US 8.8.8.8:53 r5---sn-5hnednsz.gvt1.com udp
NL 74.125.8.234:80 r5---sn-5hnednsz.gvt1.com tcp
US 216.239.32.36:443 udp
NL 142.250.179.163:443 udp
NL 142.250.179.142:443 udp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
IE 212.82.100.137:443 uk.search.yahoo.com tcp
BE 87.248.116.12:443 s.yimg.com tcp
IE 212.82.100.137:443 tcp
IE 212.82.100.137:443 search.yahoo.com tcp
NL 142.251.36.10:443 udp
US 204.79.197.200:443 tcp
US 204.79.197.200:443 tcp
FR 2.16.118.210:443 tcp
US 104.19.147.8:443 script.crazyegg.com tcp
NL 142.250.179.134:443 9717383.fls.doubleclick.net tcp
US 104.16.122.175:443 unpkg.com tcp
FR 2.22.22.209:443 snap.licdn.com tcp
NL 142.250.179.134:443 udp
NL 142.250.179.134:443 udp
NL 23.2.173.2:443 munchkin.marketo.net tcp
US 157.240.240.1:443 tcp
US 104.16.168.82:443 tcp
US 104.16.148.64:443 cdn.cookielaw.org tcp
US 52.71.153.123:443 tcp
US 104.19.147.8:443 script.crazyegg.com tcp
US 13.107.42.14:443 tcp
US 142.250.102.155:443 udp
NL 142.251.36.3:443 udp
US 104.16.148.64:443 cdn.cookielaw.org tcp
CZ 87.249.137.50:443 a.opmnstr.com tcp
US 172.64.155.64:443 cookies-data.onetrust.io tcp
US 104.18.41.98:443 geolocation.onetrust.com tcp
US 40.90.65.7:443 tcp
US 8.8.8.8:53 280-qdk-215.mktoresp.com udp
US 54.231.135.176:443 tcp
CZ 87.249.137.50:443 a.omappapi.com tcp
FR 2.16.118.210:443 tcp
NL 52.222.139.57:443 tcp
US 192.28.147.68:443 280-qdk-215.mktoresp.com tcp
US 192.28.147.68:443 280-qdk-215.mktoresp.com tcp
NL 52.222.139.21:443 pagestates-tracking.crazyegg.com tcp
NL 13.227.219.118:443 assets-tracking.crazyegg.com tcp
US 104.18.31.151:443 signals.aimtell.com tcp
US 104.22.71.231:443 cdn.aimtell.io tcp
US 172.64.146.158:443 privacyportal.onetrust.com tcp
NL 104.110.191.19:443 download.winzip.com tcp
NL 104.110.191.19:443 tcp
US 20.120.124.64:443 tcp
IE 34.252.186.19:443 tcp
US 20.234.93.27:443 tcp
US 8.8.8.8:53 www.installportal.com udp
US 52.34.110.169:443 www.installportal.com tcp
IE 188.125.72.139:443 geo.yahoo.com tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.170:443 safebrowsing.googleapis.com tcp
NL 172.217.168.227:443 udp
US 52.34.110.169:443 www.installportal.com tcp
US 52.34.110.169:443 www.installportal.com tcp
US 8.8.8.8:53 download.winzip.com udp
NL 104.110.191.19:443 download.winzip.com tcp
NL 104.110.191.19:443 download.winzip.com tcp
US 8.8.8.8:53 r2---sn-5hnednsz.gvt1.com udp
NL 74.125.8.231:80 r2---sn-5hnednsz.gvt1.com tcp
US 8.8.8.8:53 r1---sn-5hne6nz6.gvt1.com udp
NL 74.125.100.198:80 r1---sn-5hne6nz6.gvt1.com tcp
NL 142.250.179.163:443 udp
US 108.156.60.73:443 miliated.xyz tcp
DE 136.243.66.133:443 img.cdn.house tcp
DE 136.243.66.133:443 tcp
DE 157.90.32.219:443 tcp
US 104.19.134.78:443 c.mgid.com tcp
DE 157.90.33.71:443 tcp
US 174.137.133.17:443 tcp
US 174.137.133.17:443 tcp
US 151.139.128.11:443 static.pushub.net tcp
US 151.139.128.11:443 tcp
NL 142.250.179.142:443 udp
NL 45.133.44.36:443 i.cdnkimg.com tcp
US 213.174.153.244:443 u.viiadr.com tcp
NL 142.250.179.170:443 udp
DE 157.90.32.219:443 tcp
DE 157.90.33.71:443 tcp
US 216.239.32.116:443 udp
US 8.8.8.8:53 r1---sn-5hneknee.gvt1.com udp
NL 74.125.8.70:80 r1---sn-5hneknee.gvt1.com tcp
NL 142.250.179.163:443 udp
DE 157.90.32.219:443 tcp
DE 157.90.33.71:443 tcp
DE 157.90.32.219:443 tcp
DE 157.90.33.71:443 tcp
US 13.107.21.200:443 tcp
NL 216.58.214.3:443 udp
US 8.8.8.8:53 r5---sn-5hne6nz6.gvt1.com udp
NL 74.125.100.202:80 r5---sn-5hne6nz6.gvt1.com tcp
US 8.8.8.8:53 www.installportal.com udp
US 52.40.3.156:443 www.installportal.com tcp
US 8.8.8.8:53 www.zipshare.com udp
US 18.118.238.66:443 www.zipshare.com tcp
US 8.8.8.8:53 update.winzip.com udp
US 34.230.108.37:443 update.winzip.com tcp
US 8.8.8.8:53 download.winzip.com udp
NL 104.110.191.19:80 download.winzip.com tcp
US 216.239.32.116:443 udp
NL 142.250.179.142:443 udp
US 8.8.8.8:53 www.winzip.com udp
FR 2.16.118.210:443 www.winzip.com tcp
NL 142.250.179.163:443 udp
FR 2.16.118.210:443 www.winzip.com tcp
US 8.8.8.8:53 www.winzip.com udp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 smartscreen-prod.microsoft.com udp
IE 20.82.250.189:443 smartscreen-prod.microsoft.com tcp
IE 20.82.250.189:443 smartscreen-prod.microsoft.com tcp
IE 20.82.250.189:443 smartscreen-prod.microsoft.com tcp
FR 2.16.118.210:443 www.winzip.com tcp
FR 2.16.118.210:443 www.winzip.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 142.250.102.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.134:443 4057990.fls.doubleclick.net tcp
NL 142.250.179.134:443 udp
US 104.16.149.64:443 tcp
US 204.79.197.200:443 www.bing.com tcp
US 104.19.148.8:443 script.crazyegg.com tcp
JP 182.22.24.124:443 tcp
US 104.16.123.175:443 tcp
FR 2.22.22.209:443 snap.licdn.com tcp
NL 23.2.173.2:443 munchkin.marketo.net tcp
US 157.240.240.1:443 tcp
US 54.144.252.31:443 tcp
US 104.16.168.82:443 tcp
US 8.8.8.8:53 update.winzip.com udp
US 34.230.108.37:443 update.winzip.com tcp
US 34.230.108.37:443 update.winzip.com tcp
FR 2.16.118.210:443 www.winzip.com tcp
FR 2.16.118.210:443 www.winzip.com tcp
US 8.8.8.8:53 ipm.corel.com udp
NL 104.110.191.39:443 ipm.corel.com tcp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 cdn.amplitude.com udp
NL 52.222.137.141:443 cdn.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 54.213.213.26:443 api.amplitude.com tcp
N/A 239.255.255.250:3702 udp
NL 216.58.214.14:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r3---sn-5hnekn76.gvt1.com udp
NL 209.85.226.8:80 r3---sn-5hnekn76.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 216.239.34.117:443 udp
US 8.8.8.8:443 dns.google udp
US 104.196.0.153:443 udp
US 104.196.0.153:443 udp
US 104.196.0.153:443 tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.163:443 udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 bzu7axyrxjaerrkafrdt-mysql.services.clever-cloud.com udp
FR 185.42.117.115:3306 bzu7axyrxjaerrkafrdt-mysql.services.clever-cloud.com tcp
FR 185.42.117.115:3306 bzu7axyrxjaerrkafrdt-mysql.services.clever-cloud.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:443 dns.google udp
NL 172.217.168.238:443 clients2.google.com udp
NL 216.58.214.14:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r3---sn-5hnednsz.gvt1.com udp
NL 74.125.8.232:80 r3---sn-5hnednsz.gvt1.com tcp
NL 142.250.179.163:443 udp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
IE 212.82.100.137:443 uk.search.yahoo.com tcp
US 8.8.8.8:53 api.getsecuritysuite.com udp
US 8.8.8.8:53 api.ultramapsearch.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com udp
NL 172.217.168.238:443 clients2.google.com udp
US 104.21.80.63:443 api.getsecuritysuite.com tcp
US 188.114.96.0:443 api.ultramapsearch.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 172.217.168.238:443 clients2.google.com tcp
US 8.8.8.8:53 suggestqueries.google.com udp
NL 142.250.179.174:80 suggestqueries.google.com tcp
US 8.8.8.8:53 feed.ultramapsearch.com udp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
US 8.8.8.8:53 uk.search.yahoo.com udp
IE 212.82.100.137:443 uk.search.yahoo.com tcp
US 8.8.8.8:53 sp.yimg.com udp
BE 87.248.116.11:443 sp.yimg.com tcp
BE 87.248.116.11:443 sp.yimg.com tcp
BE 87.248.116.11:443 sp.yimg.com tcp
US 8.8.8.8:53 uk.images.search.yahoo.com udp
US 8.8.8.8:53 r.search.yahoo.com udp
US 8.8.8.8:53 uk.news.search.yahoo.com udp
US 8.8.8.8:53 uk.video.search.yahoo.com udp
US 8.8.8.8:53 s.yimg.com udp
US 8.8.8.8:53 legal.yahoo.com udp
US 8.8.8.8:53 cc.bingj.com udp
US 8.8.8.8:53 uk.help.yahoo.com udp
US 8.8.8.8:53 uk.norton.com udp
US 8.8.8.8:53 uk.pcmag.com udp
US 8.8.8.8:53 www.avast.com udp
US 8.8.8.8:53 www.avg.com udp
US 8.8.8.8:53 www.avira.com udp
US 8.8.8.8:53 www.kaspersky.co.uk udp
US 8.8.8.8:53 www.techradar.com udp
US 8.8.8.8:53 yahoo.uservoice.com udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
NL 142.250.179.163:443 update.googleapis.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
CA 23.227.38.32:443 simplyantivirus.co.uk tcp
US 104.16.255.71:443 cdn.shopify.com tcp
US 104.16.255.71:443 tcp
US 104.16.255.71:443 cdn.shopify.com tcp
NL 216.58.208.106:443 ajax.googleapis.com tcp
NL 52.222.139.85:443 tcp
US 52.217.197.96:443 tcp
CA 23.227.38.33:443 shop.app tcp
US 104.16.255.71:443 monorail-edge.shopifysvc.com tcp
US 157.240.201.15:443 tcp
US 52.217.197.96:443 tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 142.250.102.156:443 stats.g.doubleclick.net udp
US 157.240.247.35:443 tcp
US 172.67.5.146:443 www.powr.io tcp
NL 142.251.36.16:443 tcp
US 185.93.1.242:443 cdn.kilatechapps.com tcp
US 13.107.246.67:443 tcp
NL 13.227.219.102:443 ecommplugins-trustboxsettings.trustpilot.com tcp
NL 13.227.219.4:443 ecommplugins-scripts.trustpilot.com tcp
NL 13.227.219.42:443 invitejs.trustpilot.com tcp
NL 216.58.208.106:443 udp
US 104.16.255.71:443 monorail-edge.shopifysvc.com tcp
NL 142.251.36.38:443 udp
NL 142.251.36.38:443 tcp
NL 142.251.36.42:443 jnn-pa.googleapis.com tcp
NL 142.251.36.42:443 udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.22:443 i.ytimg.com tcp
IE 188.125.72.139:443 geo.yahoo.com tcp
NL 142.251.36.16:443 udp
IE 34.243.171.104:443 tcp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.170:443 safebrowsing.googleapis.com tcp
IE 34.243.171.104:443 tcp
NL 65.9.86.120:443 miliated.xyz tcp
DE 144.76.223.81:443 img.cdn.house tcp
NL 65.9.86.72:443 nedaugha.buzz tcp
US 107.22.28.167:443 tcp
US 35.224.74.90:443 tcp
US 34.117.198.220:443 www.totalav.com tcp
NL 142.250.179.142:443 udp
US 35.244.242.197:443 assets.totalav.com tcp
NL 142.251.36.14:443 chrome.google.com udp
NL 142.251.36.14:443 chrome.google.com tcp
NL 142.251.36.14:443 chrome.google.com udp
NL 142.251.36.14:443 chrome.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.170:443 udp
US 165.227.250.67:443 www.trustedantiviruscompare.com tcp
US 165.227.250.67:443 www.trustedantiviruscompare.com tcp
US 165.227.250.67:443 www.trustedantiviruscompare.com tcp
US 165.227.250.67:443 www.trustedantiviruscompare.com tcp
US 165.227.250.67:443 www.trustedantiviruscompare.com tcp
US 165.227.250.67:443 www.trustedantiviruscompare.com tcp
NL 142.251.36.2:443 udp
NL 142.251.36.3:443 udp
NL 142.250.179.163:443 update.googleapis.com tcp
NL 216.58.214.14:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r1---sn-5hnekn7l.gvt1.com udp
NL 74.125.100.6:80 r1---sn-5hnekn7l.gvt1.com tcp
NL 142.250.179.142:443 udp
NL 142.250.179.142:443 tcp
NL 172.217.168.238:443 clients2.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 142.250.179.163:443 udp
US 8.8.8.8:53 r1---sn-5hnekn7s.gvt1.com udp
NL 74.125.100.38:80 r1---sn-5hnekn7s.gvt1.com tcp
US 8.8.8.8:53 r5---sn-5hneknes.gvt1.com udp
NL 74.125.8.202:80 r5---sn-5hneknes.gvt1.com tcp
US 8.8.8.8:53 r4---sn-5hnednss.gvt1.com udp
NL 172.217.132.201:80 r4---sn-5hnednss.gvt1.com tcp
HK 34.92.0.27:443 tcp
HK 34.92.0.27:443 tcp
US 8.8.8.8:53 r3---sn-5hneknes.gvt1.com udp
NL 74.125.8.200:80 r3---sn-5hneknes.gvt1.com tcp
NL 142.250.179.142:443 udp
NL 142.251.36.35:443 udp
NL 142.251.36.2:443 udp
NL 74.125.8.231:80 r2---sn-5hnednsz.gvt1.com tcp
NL 104.126.126.228:443 www.mcafee.com tcp
IE 34.251.67.138:443 tcp
NL 104.80.224.132:443 tcp
IE 54.74.157.109:443 tcp
NL 95.101.58.226:443 tcp
NL 104.109.143.14:443 tcp
NL 104.109.143.150:443 tcp
NL 104.109.143.153:443 tcp
NL 104.109.143.14:443 tcp
NL 104.80.228.241:443 tcp
NL 13.227.219.125:443 images.scanalert.com tcp
NL 193.67.130.68:443 tcp
NL 193.67.130.68:443 tcp
FR 2.18.108.8:443 tcp
FR 2.18.108.8:443 tcp
NL 52.222.139.19:443 static.hotjar.com tcp
NL 13.227.219.120:443 script.hotjar.com tcp
FR 15.188.95.229:443 smetrics.mcafee.com tcp
US 3.95.114.176:443 tcp
US 3.95.114.176:443 tcp
US 3.95.114.176:443 tcp
NL 13.227.219.93:443 vars.hotjar.com tcp
NL 193.67.130.68:443 tcp
NL 216.58.208.106:443 udp
NL 209.85.226.8:80 r3---sn-5hnekn76.gvt1.com tcp
US 8.8.8.8:53 r3---sn-5hne6ns6.gvt1.com udp
NL 209.85.226.104:80 r3---sn-5hne6ns6.gvt1.com tcp
US 104.208.16.0:443 tcp
US 34.117.39.58:443 tcp
US 35.201.112.186:443 tcp
US 54.221.96.38:443 tcp
NL 199.232.148.157:443 tcp
NL 104.123.40.204:443 tcp
US 157.240.240.1:443 tcp
US 216.239.38.21:443 jelly.mdhv.io tcp
DE 91.228.74.208:443 tcp
FR 2.18.99.124:443 cdn1.adoberesources.net tcp
IE 34.251.12.17:443 tcp
US 104.244.42.69:443 t.co tcp
US 104.244.42.131:443 analytics.twitter.com tcp
US 104.208.16.0:443 tcp
US 35.186.194.58:443 rs.fullstory.com tcp
NL 52.222.139.13:443 rules.quantcount.com tcp
FR 13.36.218.177:443 adobedc.demdex.net tcp
US 54.221.96.38:443 tcp
NL 13.227.211.80:443 d6tizftlrpuof.cloudfront.net tcp
US 157.240.247.35:443 www.facebook.com tcp
NL 142.251.36.3:443 tcp
NL 142.251.36.3:443 udp
US 161.69.29.243:443 tcp
US 161.69.29.243:443 tcp
IE 3.251.27.103:443 tcp
IE 34.248.32.199:443 tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
NL 13.227.219.45:443 cdn-live.conductor.com tcp
NL 13.227.219.45:443 cdn-live.conductor.com tcp
NL 142.250.179.142:443 udp
US 216.239.32.116:443 udp
US 216.239.32.116:443 tcp
US 8.8.8.8:53 r2---sn-5hneknes.gvt1.com udp
NL 74.125.8.199:80 r2---sn-5hneknes.gvt1.com tcp
US 45.33.26.104:443 tcp
US 45.33.26.104:443 tcp
US 74.117.183.142:443 tcp
US 199.101.132.243:443 tcp
HK 34.92.0.27:443 tcp
HK 34.92.0.27:443 tcp
US 216.239.34.36:443 udp
US 216.239.34.36:443 tcp
NL 142.251.36.1:443 udp
NL 142.251.36.34:443 cm.g.doubleclick.net tcp
NL 142.251.36.34:443 udp
US 45.33.26.104:443 tcp
US 35.227.233.104:443 totalav-essential-antivirus.en.softonic.com tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
US 151.101.1.91:443 sc.sftcdn.net tcp
NL 23.2.172.179:443 images.sftcdn.net tcp
NL 54.192.85.4:443 c.amazon-adsystem.com tcp
NL 52.222.139.114:443 tcp
FR 2.18.103.174:443 tcp
NL 52.222.139.48:443 cdn-magiclinks.trackonomics.net tcp
US 50.31.142.63:443 tcp
NL 54.192.85.4:443 c.amazon-adsystem.com tcp
FR 2.18.104.95:443 c.aaxads.com tcp
IT 104.212.67.188:443 tcp
NL 142.250.179.174:443 suggestqueries.google.com tcp
US 142.250.102.156:443 stats.g.doubleclick.net udp
NL 142.250.179.134:443 8876029.fls.doubleclick.net tcp
NL 13.227.219.51:443 b-code.liadm.com tcp
NL 142.250.179.134:443 udp
FR 2.18.103.237:443 www.aaxdetect.com tcp
US 3.94.138.127:443 tcp
DE 139.45.240.92:443 tcp
US 20.120.124.64:443 tcp
NL 52.222.139.52:443 trx-hub.com tcp
NL 13.227.219.60:443 api.privacy-center.org tcp
US 104.18.18.126:443 tcp
US 104.18.18.126:443 tcp
NL 185.89.211.12:443 tcp
IE 52.19.67.137:443 tcp
IE 52.19.67.137:443 tcp
NL 213.19.162.51:443 tcp
DE 18.156.195.47:443 tcp
DE 18.156.195.47:443 tcp
DE 18.156.195.47:443 c2shb.pubgw.yahoo.com tcp
DE 18.156.195.47:443 tcp
DE 18.156.195.47:443 tcp
DE 18.156.195.47:443 tcp
NL 185.64.189.112:443 tcp
FR 46.105.202.126:443 cdn.id5-sync.com tcp
IE 52.95.122.74:443 tcp
NL 142.250.179.161:443 aace117fb7d5735f942adfd55968d6af.safeframe.googlesyndication.com tcp
FR 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.69:443 id5-sync.com tcp
NL 142.250.179.161:443 tcp
NL 142.250.179.161:443 tcp
NL 142.250.179.161:443 tcp
NL 142.250.179.161:443 tcp
NL 142.250.179.161:443 tcp
DE 3.121.203.93:443 tcp
US 104.18.18.126:443 ssum-sec.casalemedia.com tcp
US 104.18.19.126:443 r.casalemedia.com tcp
NL 87.248.202.119:443 player.anyclip.com tcp
NL 87.248.202.119:443 player.anyclip.com tcp
FR 2.18.97.238:443 tcp
NL 87.248.202.119:443 config.anyclip.com tcp
NL 142.250.179.170:443 udp
US 52.202.194.25:443 tcp
US 52.202.194.25:443 tcp
NL 104.126.125.209:443 eus.rubiconproject.com tcp
US 35.172.10.216:443 tcp
NL 142.250.179.170:443 tcp
NL 142.250.179.170:443 tcp
US 104.18.114.97:443 tcp
NL 87.248.202.119:443 assets.anyclip.com tcp
NL 142.250.179.166:443 tcp
IE 18.200.222.149:443 tcp
NL 142.250.179.170:443 udp
US 188.114.97.3:443 cdn-av-download.avastbrowser.com tcp
US 35.172.10.216:443 tcp
NL 142.250.179.170:443 udp
NL 142.250.179.166:443 udp
DE 3.126.56.137:443 ups.analytics.yahoo.com tcp
NL 142.250.179.166:443 udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 r1---sn-5hneknek.gvt1.com udp
NL 74.125.8.134:80 r1---sn-5hneknek.gvt1.com tcp
NL 104.126.125.209:443 eus.rubiconproject.com tcp
US 35.227.233.104:443 udp
US 8.8.8.8:443 dns.google udp
US 151.101.1.108:443 tcp
US 35.244.159.8:443 tcp
US 13.248.245.213:443 tcp
US 52.223.40.198:443 tcp
US 52.46.143.56:443 tcp
US 104.21.41.243:443 tcp
FR 185.86.139.104:443 ssbsync.smartadserver.com tcp
FR 2.18.99.184:443 tcp
NL 13.227.219.92:443 ms-cookie-sync.presage.io tcp
NL 13.227.219.92:443 ms-cookie-sync.presage.io tcp
NL 141.226.228.48:443 tcp
US 104.18.18.126:443 tcp
DK 37.157.6.242:443 tcp
IE 52.212.196.36:443 tcp
NL 142.251.36.14:443 chrome.google.com tcp
NL 104.109.143.163:443 ads.stickyadstv.com tcp
NL 87.248.202.119:443 cdn5.anyclip.com tcp
NL 87.248.202.119:443 assets.anyclip.com tcp
NL 213.19.162.90:443 tcp
NL 213.19.162.90:443 tcp
US 13.107.42.14:443 tcp
NL 213.19.162.90:443 tcp
BE 87.248.116.12:443 uk.help.yahoo.com tcp
IE 52.213.136.222:443 tcp
IE 52.213.136.222:443 tcp
US 151.101.2.49:443 tcp
NL 89.207.16.201:443 tcp
DE 135.125.160.77:443 gu.dyntrk.com tcp
US 104.18.19.126:443 dsum.casalemedia.com tcp
NL 193.0.160.129:443 tcp
NL 142.250.179.163:443 udp
GB 185.64.190.78:443 tcp
SE 213.155.156.185:443 d5p.de17a.com tcp
NL 185.29.134.248:443 tcp
NL 185.64.189.110:443 tcp
NL 178.250.2.151:443 dis.criteo.com tcp
GB 185.64.190.81:443 tcp
FR 141.94.171.213:443 pixel.onaudience.com tcp
IE 63.34.67.128:443 tcp
NL 169.50.137.184:443 tcp
NL 104.80.225.228:443 tags.bluekai.com tcp
GB 185.64.190.80:443 tcp
HK 34.92.0.27:443 tcp
US 3.84.65.210:443 tcp
US 3.84.65.210:443 tcp
US 3.84.65.210:443 tcp
US 3.84.65.210:443 tcp
DE 51.89.9.254:443 onetag-sys.com tcp
NL 52.222.139.43:443 s.ad.smaato.net tcp
US 64.202.112.191:443 tcp
DE 52.57.188.199:443 tcp
NL 63.215.202.137:443 tcp
NL 216.52.2.48:443 ap.lijit.com tcp
IE 52.48.133.87:443 tcp
NL 213.19.147.45:443 tcp
US 174.137.133.17:443 tcp
US 174.137.133.17:443 tcp
NL 216.52.2.30:443 ce.lijit.com tcp
NL 213.19.147.44:443 tcp
DE 37.252.172.45:443 tcp
NL 104.123.40.23:443 contextual.media.net tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 3.211.251.13:443 tcp
US 3.211.251.13:443 tcp
US 172.217.214.120:443 csi.gstatic.com tcp
US 172.217.214.120:443 tcp
US 172.217.214.120:443 tcp
US 3.84.65.210:443 tcp
NL 185.89.210.141:443 tcp
DE 157.90.0.13:443 tcp
US 104.21.41.243:443 events.catapultx.com tcp
NL 77.245.57.72:443 tcp
DE 54.93.38.236:443 tcp
US 35.227.233.104:443 udp
US 216.239.34.36:443 udp
NL 23.2.172.179:443 images.sftcdn.net tcp
NL 178.250.2.130:443 static.criteo.net tcp
US 50.31.142.63:443 tcp
FR 2.18.104.95:443 c.aaxads.com tcp
NL 185.89.211.12:443 tcp
FR 178.250.0.157:443 gum.criteo.com tcp
FR 46.105.202.126:443 cdn.id5-sync.com tcp
US 157.240.201.35:443 www.facebook.com tcp
NL 178.250.2.151:443 sslwidget.criteo.com tcp
NL 77.245.57.72:443 tcp
FR 2.16.118.158:443 c21lg-d.media.net tcp
FR 2.16.118.158:443 hbx.media.net tcp
NL 142.251.36.3:443 udp
NL 23.2.211.147:443 secure-assets.rubiconproject.com tcp
JP 202.233.84.1:443 tcp
DE 85.114.159.93:443 tcp
NL 173.231.181.122:443 tcp
US 44.205.38.42:443 tcp
IE 52.212.196.36:443 tcp
US 198.148.27.140:443 bh.contextweb.com tcp
US 104.19.173.108:443 csync.loopme.me tcp
NL 213.19.147.45:443 tcp
IE 34.242.8.108:443 tcp
IE 34.242.8.108:443 tcp
IE 52.215.238.82:443 tcp
US 8.8.8.8:53 a.tribalfusion.com udp
US 8.8.8.8:53 matching.truffle.bid udp
US 8.8.8.8:53 green.erne.co udp
US 8.8.8.8:53 core.iprom.net udp
US 5.161.47.120:443 matching.truffle.bid tcp
FR 54.38.38.194:443 green.erne.co tcp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 match.deepintent.com udp
US 8.8.8.8:53 match.bnmla.com udp
US 8.8.8.8:53 pm.w55c.net udp
US 8.8.8.8:53 visitor.fiftyt.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
US 5.161.47.120:443 matching.truffle.bid tcp
FR 54.38.38.194:443 green.erne.co tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 151.101.1.44:443 trc.taboola.com tcp
US 169.197.150.7:443 match.deepintent.com tcp
US 74.222.140.158:443 match.bnmla.com tcp
US 172.64.152.245:443 a.tribalfusion.com tcp
IE 54.194.89.172:443 pm.w55c.net tcp
US 104.22.25.87:443 mwzeom.zeotap.com tcp
NL 178.62.202.251:443 match.adsby.bidtheatre.com tcp
US 35.201.96.126:443 visitor.fiftyt.com tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
DK 77.243.60.138:443 uipglob.semasio.net tcp
DE 3.127.182.213:443 x.bidswitch.net tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 3.224.245.7:443 a.audrte.com tcp
GB 66.155.71.149:443 pixel-sync.sitescout.com tcp
FR 141.94.170.77:443 pixel-eu.onaudience.com tcp
US 54.80.1.197:443 tcp
FR 185.86.137.133:443 rtb-csync.smartadserver.com tcp
US 34.102.253.54:443 ads.playground.xyz tcp
IE 54.229.194.244:443 tcp
DE 3.127.178.105:443 tcp
US 129.158.42.199:443 sync.technoratimedia.com tcp
FR 51.255.68.171:443 dsp.nrich.ai tcp
DE 37.252.172.45:443 tcp
NL 185.64.189.229:443 tcp
US 172.217.214.120:443 udp
US 192.132.33.46:443 tcp
US 64.202.112.191:443 tcp
US 34.192.82.213:443 tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
GB 34.105.225.79:443 e2c15.gcp.gvt2.com tcp
DE 139.45.240.92:443 tcp
US 64.74.236.127:443 tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
DE 52.57.188.199:443 tcp
NL 104.109.249.82:443 criteo-sync.teads.tv tcp
DE 35.156.175.32:443 tcp
IE 212.82.100.181:443 tcp
IE 52.49.242.166:443 tcp
US 34.106.86.104:443 e2c29.gcp.gvt2.com tcp
DE 52.59.116.64:443 tcp
NL 147.75.85.234:443 prebid.a-mo.net tcp
US 150.136.25.38:443 82177.technoratimedia.com tcp
US 18.215.83.8:443 tcp
US 35.224.74.90:443 tcp
US 150.136.25.38:443 82177.technoratimedia.com tcp
FR 178.250.0.162:443 csm.fr.eu.criteo.net tcp
IE 18.200.222.149:443 tcp
FR 178.250.0.157:443 gum.criteo.com tcp
US 50.31.142.63:443 tcp
NL 52.222.139.117:443 tcp
NL 13.227.219.79:443 tcp
US 50.31.142.63:443 tcp
FR 46.105.202.126:443 cdn.id5-sync.com tcp
DE 139.45.240.92:443 tcp
NL 52.222.139.20:443 cdn.intergient.com tcp
DE 3.127.200.184:443 tcp
US 35.227.233.104:443 udp
FR 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 139.45.240.92:443 tcp
DE 141.95.98.69:443 id5-sync.com tcp
FR 2.18.106.161:443 z.moatads.com tcp
US 8.8.8.8:53 config.playwire.com udp
NL 13.227.219.36:443 config.playwire.com tcp
GB 18.169.253.44:443 tcp
US 8.8.8.8:53 r2---sn-5hnekn7z.gvt1.com udp
NL 74.125.100.103:80 r2---sn-5hnekn7z.gvt1.com tcp
NL 77.245.57.72:443 tcp
NL 13.227.219.119:443 cdn.video.playwire.com tcp
JP 202.233.84.1:443 tcp
NL 142.250.179.142:443 udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 64.74.236.127:443 tcp
DE 3.127.182.213:443 x.bidswitch.net tcp
DE 52.57.188.199:443 tcp
FR 185.86.137.133:443 rtb-csync.smartadserver.com tcp
DE 37.252.172.45:443 tcp
NL 142.250.179.206:443 udp
DE 139.45.240.92:443 tcp
US 3.227.250.184:443 tcp
US 3.227.250.184:443 tcp
US 142.250.102.156:443 stats.g.doubleclick.net udp
NL 142.251.36.14:443 chrome.google.com tcp
NL 142.251.36.14:443 chrome.google.com udp
US 3.227.250.184:443 tcp
NL 142.250.179.163:443 udp
NL 74.125.8.234:443 r5---sn-5hnednsz.gvt1.com tcp
US 142.250.102.113:443 s.youtube.com tcp
US 8.8.8.8:53 r2---sn-5hnednss.gvt1.com udp
NL 172.217.132.199:80 r2---sn-5hnednss.gvt1.com tcp
US 142.250.102.113:443 udp
US 151.101.1.195:443 powder.gg tcp
NL 23.209.125.31:443 getbadgecdn.azureedge.net tcp
NL 23.209.125.31:443 getbadgecdn.azureedge.net tcp
US 13.107.246.67:443 tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
NL 13.227.219.92:443 pc-releases.powder.gg tcp
US 151.101.1.140:443 alb.reddit.com tcp
NL 52.222.137.213:443 cdn.amplitude.com tcp
US 44.240.84.34:443 tcp
US 67.202.105.23:443 ssc-cms.33across.com tcp
IE 54.154.238.203:443 tcp
FR 2.18.104.95:443 c.aaxads.com tcp
US 35.227.233.104:443 udp
NL 23.2.172.179:443 images.sftcdn.net tcp
NL 142.250.179.142:443 udp
NL 178.250.2.151:443 sslwidget.criteo.com tcp
FR 178.250.0.157:443 gum.criteo.com tcp
US 50.31.142.63:443 tcp
FR 46.105.202.126:443 cdn.id5-sync.com tcp
US 142.250.102.156:443 stats.g.doubleclick.net udp
NL 96.16.53.200:443 tcp
NL 96.16.53.200:443 tcp
NL 96.16.53.200:443 tcp
NL 96.16.53.200:443 articles-img.sftcdn.net tcp
NL 96.16.53.200:443 tcp
NL 96.16.53.200:443 tcp
DE 139.45.240.92:443 tcp
NL 142.251.36.14:443 chrome.google.com udp
US 172.217.214.120:443 udp
NL 77.245.57.72:443 tcp
FR 2.16.118.158:443 hbx.media.net tcp
US 35.227.233.104:443 udp
NL 142.251.36.34:443 udp
US 64.74.236.127:443 tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
DE 3.127.182.213:443 x.bidswitch.net tcp
DE 37.252.172.45:443 tcp
FR 185.86.139.114:443 rtb-csync.smartadserver.com tcp
DE 35.158.27.81:443 tcp
NL 104.109.249.82:443 criteo-sync.teads.tv tcp
NL 104.123.40.23:443 contextual.media.net tcp
DE 18.156.0.31:443 ups.analytics.yahoo.com tcp
NL 142.251.36.14:443 chrome.google.com udp
FR 178.250.0.162:443 csm.fr.eu.criteo.net tcp
US 50.31.142.63:443 tcp
FR 178.250.0.157:443 gum.criteo.com tcp
DE 52.28.203.152:443 c2shb.pubgw.yahoo.com tcp
IE 54.154.103.240:443 tcp
NL 185.89.211.12:443 tcp
FR 46.105.202.126:443 cdn.id5-sync.com tcp
NL 142.251.39.97:443 udp
NL 142.250.179.134:443 udp
FR 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
NL 77.245.57.72:443 tcp
NL 142.251.36.3:443 udp
DE 141.95.98.69:443 id5-sync.com tcp
DE 139.45.240.92:443 tcp
FR 185.86.139.114:443 rtb-csync.smartadserver.com tcp
DE 37.252.172.45:443 tcp
DE 35.158.27.81:443 tcp
US 50.31.142.223:443 tcp
LU 188.42.191.196:443 ads.betweendigital.com tcp
IE 99.81.218.52:443 tcp
US 54.80.1.197:443 tcp
NL 46.228.164.11:443 ad.turn.com tcp
IE 52.213.136.222:443 tcp
IE 63.34.213.220:443 pm.w55c.net tcp
US 64.202.112.191:443 tcp
NL 213.19.162.90:443 tcp
IE 54.170.169.120:443 tcp
FR 178.250.0.162:443 csm.fr.eu.criteo.net tcp
US 50.31.142.63:443 tcp
FR 46.105.202.126:443 cdn.id5-sync.com tcp
NL 77.245.57.72:443 tcp
NL 142.250.179.170:443 udp
NL 142.250.179.166:443 udp
IE 52.30.88.49:443 tcp
NL 142.250.179.170:443 udp
NL 142.250.179.166:443 udp
DE 51.89.9.254:443 onetag-sys.com tcp
DE 141.95.98.69:443 id5-sync.com tcp
DK 37.157.5.142:443 tcp
DE 18.193.54.113:443 tcp
IE 54.155.65.255:443 tcp
US 64.202.112.191:443 tcp
DE 139.45.240.92:443 tcp
US 50.31.142.223:443 tcp
DE 35.158.27.81:443 tcp
FR 185.86.139.114:443 rtb-csync.smartadserver.com tcp
DE 37.252.172.45:443 tcp
NL 142.250.179.142:443 udp
DE 37.252.172.45:443 tcp
FR 178.250.0.162:443 csm.fr.eu.criteo.net tcp
FR 178.250.0.157:443 gum.criteo.com tcp
US 50.31.142.63:443 tcp
FR 46.105.202.126:443 cdn.id5-sync.com tcp
US 35.227.233.104:443 udp
NL 77.245.57.72:443 tcp
DE 139.45.240.92:443 tcp
FR 2.18.106.161:443 px.moatads.com tcp
IE 52.16.76.85:443 tcp
US 3.227.250.176:443 tcp
US 3.227.250.176:443 tcp
US 3.227.250.176:443 tcp
DE 139.45.240.92:443 tcp
US 50.31.142.223:443 tcp
NL 178.250.2.151:443 dis.criteo.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
NL 104.109.249.82:443 criteo-sync.teads.tv tcp
DE 18.196.115.149:443 tcp
NL 104.123.40.23:443 contextual.media.net tcp
DE 35.158.27.81:443 tcp
FR 185.86.139.114:443 rtb-csync.smartadserver.com tcp
DE 37.252.172.45:443 tcp
NL 13.227.219.33:443 config.playwire.com tcp
US 3.227.250.176:443 tcp
US 3.227.250.176:443 tcp
US 3.227.250.176:443 tcp
DE 139.45.240.92:443 tcp
FR 178.250.0.162:443 csm.fr.eu.criteo.net tcp
NL 147.75.85.234:443 prebid.a-mo.net tcp
FR 2.18.104.95:443 c.aaxads.com tcp
NL 142.250.179.142:443 udp
NL 142.250.179.170:443 udp
NL 142.250.179.166:443 udp
US 216.239.32.116:443 tcp
US 216.239.32.116:443 udp
NL 142.251.39.97:443 udp
US 8.8.8.8:443 dns.google udp
NL 142.250.179.170:443 udp
NL 142.251.36.2:443 udp
NL 142.251.36.14:443 chrome.google.com udp
US 172.217.214.120:443 udp
NL 142.250.179.170:443 udp
NL 142.250.179.166:443 udp
US 165.227.250.67:443 www.trustedantiviruscompare.com tcp
NL 142.251.36.2:443 udp
NL 142.251.36.3:443 udp
US 165.227.250.67:443 tcp
NL 142.250.179.142:443 udp
US 35.224.74.90:443 tcp
NL 142.250.179.142:443 udp
US 35.224.74.90:443 tcp
US 35.244.248.161:443 www.pcprotect.com tcp
NL 52.222.139.113:443 widget.trustpilot.com tcp
NL 142.250.179.202:443 udp
NL 142.251.36.49:443 csp.withgoogle.com tcp
US 216.239.32.116:443 tcp
US 216.239.32.116:443 udp
NL 142.251.36.49:443 udp
GB 68.70.192.128:443 install.protected.net tcp
NL 142.251.36.14:443 chrome.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 104.109.248.155:443 tcp
US 52.202.194.25:443 tcp
US 172.217.214.120:443 udp
NL 142.250.179.170:443 udp
NL 142.250.179.166:443 udp
US 8.8.8.8:53 in.appcenter.ms udp
US 40.70.161.7:443 in.appcenter.ms tcp
US 40.70.161.7:443 in.appcenter.ms tcp
US 8.8.8.8:53 api.pcprotect.com udp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 8.8.8.8:53 in.appcenter.ms udp
US 52.177.138.113:443 in.appcenter.ms tcp
US 52.177.138.113:443 in.appcenter.ms tcp
US 8.8.8.8:53 in.appcenter.ms udp
US 52.232.209.85:443 in.appcenter.ms tcp
US 52.232.209.85:443 in.appcenter.ms tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.239.180.202:443 api2.amplitude.com tcp
US 8.8.8.8:53 pc-releases.powder.gg udp
NL 13.227.219.29:443 pc-releases.powder.gg tcp
US 8.8.8.8:53 graph.verse.powder.gg udp
US 174.129.115.39:443 graph.verse.powder.gg tcp
US 44.239.180.202:443 api2.amplitude.com tcp
US 44.239.180.202:443 api2.amplitude.com tcp
US 44.239.180.202:443 api2.amplitude.com tcp
US 44.239.180.202:443 api2.amplitude.com tcp
US 44.239.180.202:443 api2.amplitude.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 44.239.180.202:443 api2.amplitude.com tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 8.8.8.8:53 api.phantom.avira-vpn.com udp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.244.248.161:443 api.pcprotect.com tcp
DE 3.127.191.25:443 api.phantom.avira-vpn.com tcp
DE 3.127.191.25:443 api.phantom.avira-vpn.com tcp
DE 3.127.191.25:443 api.phantom.avira-vpn.com tcp
DE 3.127.191.25:443 api.phantom.avira-vpn.com tcp
DE 3.127.191.25:443 api.phantom.avira-vpn.com tcp
DE 3.127.191.25:443 api.phantom.avira-vpn.com tcp
DE 3.127.191.25:443 api.phantom.avira-vpn.com tcp
US 8.8.8.8:53 definition.protected.net udp
US 35.190.63.3:443 definition.protected.net tcp
US 35.190.63.3:443 definition.protected.net tcp
US 8.8.4.4:443 dns.google udp
US 44.193.152.213:443 tcp
NL 142.251.36.34:443 udp
US 142.251.209.3:443 udp
NL 142.250.179.170:443 udp
NL 142.250.179.166:443 udp
US 35.244.248.161:443 api.pcprotect.com tcp
US 8.8.8.8:53 definition.protected.net udp
US 35.190.63.3:443 definition.protected.net tcp
N/A 127.0.0.1:54752 tcp
N/A 127.0.0.1:54755 tcp
US 35.190.63.3:443 definition.protected.net tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.190.63.3:443 definition.protected.net tcp
US 40.70.161.7:443 in.appcenter.ms tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
N/A 127.0.0.1:54759 tcp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.pcprotect.com udp
US 204.79.197.200:443 www.bing.com tcp
US 35.244.248.161:443 www.pcprotect.com tcp
US 35.244.248.161:443 www.pcprotect.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:53 login.pcprotect.com udp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
US 35.244.248.161:443 login.pcprotect.com udp
IE 20.67.219.150:443 nav.smartscreen.microsoft.com tcp
US 162.159.128.61:443 player.vimeo.com tcp
NL 151.101.38.109:443 tcp
NL 151.101.38.109:443 tcp
US 34.120.202.204:443 tcp
US 8.8.4.4:443 dns.google udp
US 188.114.96.0:443 feed.ultramapsearch.com tcp
US 35.241.17.230:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
BE 87.248.116.12:443 uk.help.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
DE 140.82.121.3:443 github.com tcp
DE 140.82.121.3:443 github.com tcp
NL 142.250.179.170:443 udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 github.githubassets.com tcp
NL 142.250.179.202:443 udp
DE 140.82.121.3:443 github.com tcp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 188.114.96.0:443 feed.ultramapsearch.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
US 188.114.96.0:443 feed.ultramapsearch.com tcp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
BE 87.248.116.12:443 uk.help.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
DE 140.82.121.3:443 github.com tcp
US 185.199.108.154:443 tcp
US 185.199.108.154:443 tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.114.21:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.10:443 codeload.github.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.36.14:443 chrome.google.com udp
US 35.244.248.161:443 login.pcprotect.com tcp
US 35.244.248.161:443 login.pcprotect.com tcp
DE 140.82.121.5:443 api.github.com tcp
NL 54.192.85.4:443 c.amazon-adsystem.com tcp
US 52.202.194.25:443 tcp
US 3.84.65.210:443 tcp
NL 142.251.36.34:443 udp
US 35.168.42.117:443 tcp
US 142.251.209.3:443 udp
NL 142.250.179.170:443 udp
US 52.202.194.25:443 tcp
NL 87.248.202.119:443 player.anyclip.com tcp
US 3.84.65.210:443 tcp
NL 142.250.179.166:443 udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.142:443 tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
NL 20.73.130.64:443 nav.smartscreen.microsoft.com tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 35.244.248.161:443 login.pcprotect.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
IE 20.82.250.189:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 secure.pcprotect.com udp
US 8.8.4.4:443 dns.google tcp
US 35.244.248.161:443 secure.pcprotect.com tcp
US 35.244.248.161:443 secure.pcprotect.com tcp
US 8.8.8.8:53 update.winzip.com udp
US 34.195.199.88:443 update.winzip.com tcp
US 8.8.8.8:53 www.winzip.com udp
FR 2.16.118.210:443 www.winzip.com tcp
FR 2.16.118.210:443 www.winzip.com tcp
US 35.244.248.161:443 secure.pcprotect.com udp
IE 20.82.250.189:443 nav.smartscreen.microsoft.com tcp
IE 20.82.250.189:443 nav.smartscreen.microsoft.com tcp
IE 20.82.250.189:443 nav.smartscreen.microsoft.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 35.190.78.76:443 tcp
US 35.190.78.76:443 tcp
US 151.101.2.133:443 tcp
US 35.244.250.165:443 tcp
US 35.244.250.165:443 cdn.paymentauth.com tcp
US 35.190.78.76:443 udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 142.250.102.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 ipm.corel.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
NL 52.222.137.205:443 cdn.amplitude.com tcp
US 35.244.248.161:443 secure.pcprotect.com tcp
NL 104.110.191.34:443 ipm.corel.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 52.36.158.160:443 api.amplitude.com tcp
N/A 239.255.255.250:3702 udp
US 8.8.4.4:443 dns.google udp
US 18.65.33.229:443 c.amazon-adsystem.com tcp
NL 216.58.214.3:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.142:443 udp
N/A 239.255.255.250:3702 udp
US 52.73.253.205:443 tcp
US 3.224.87.237:443 tcp
NL 142.251.36.34:443 udp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
NL 13.227.219.120:443 pc-releases.powder.gg tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 174.129.115.39:443 graph.verse.powder.gg tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 fp-vs-nocache.azureedge.net udp
US 152.199.19.161:443 fp-vs-nocache.azureedge.net tcp
US 8.8.8.8:53 s-ring.msedge.net udp
US 13.107.3.254:443 s-ring.msedge.net tcp
US 8.8.4.4:443 dns.google udp
US 3.211.251.13:443 tcp
NL 172.217.168.194:443 udp
NL 172.217.168.194:443 tcp
US 52.73.253.205:443 tcp
US 35.201.70.27:443 udp
US 35.201.70.27:443 beacons.gcp.gvt2.com tcp
US 40.70.161.7:443 in.appcenter.ms tcp
US 8.8.4.4:443 dns.google udp
US 35.190.18.168:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.194:443 udp
DE 139.45.240.92:443 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 104.109.248.155:443 tcp
US 35.241.53.87:443 beacons.gcp.gvt2.com tcp
US 8.8.4.4:443 dns.google udp
US 216.239.36.21:80 virustotal.com tcp
US 216.239.36.21:443 virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.170:443 udp
NL 216.58.214.3:443 ssl.gstatic.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 74.125.34.46:443 www.virustotal.com tcp
US 8.8.4.4:443 dns.google udp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
US 188.114.97.3:443 feed.ultramapsearch.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
BE 87.248.116.12:443 uk.help.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
US 104.21.80.63:443 api.getsecuritysuite.com tcp
BE 87.248.116.12:443 uk.help.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
US 8.8.8.8:53 www.extreme-injector.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 172.67.73.40:443 tcp
US 172.67.73.40:443 tcp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
US 8.8.8.8:53 i.imgur.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
NL 199.232.148.193:443 i.imgur.com tcp
NL 199.232.148.193:443 i.imgur.com tcp
NL 199.232.148.193:443 i.imgur.com tcp
NL 199.232.148.193:443 i.imgur.com tcp
NL 172.217.168.202:443 ajax.googleapis.com udp
US 18.65.33.229:443 tcp
US 208.95.112.2:443 tcp
US 216.239.38.178:443 udp
US 18.65.33.229:443 c.amazon-adsystem.com tcp
US 216.239.32.36:443 udp
NL 142.250.179.170:443 udp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
NL 142.251.39.106:443 udp
US 104.16.164.13:443 tcp
NL 13.227.219.73:443 tcp
NL 142.250.179.161:443 7167f605a24a1949502fb0bd3b5bcf97.safeframe.googlesyndication.com tcp
US 142.250.102.156:443 stats.g.doubleclick.net udp
NL 142.250.179.161:443 udp
NL 142.251.36.1:443 udp
US 8.8.4.4:443 dns.google udp
NL 13.227.219.120:443 pc-releases.powder.gg tcp
US 8.8.4.4:443 dns.google udp
US 52.72.75.172:443 graph.verse.powder.gg tcp
US 185.199.108.153:443 kittenpopo.github.io tcp
US 35.241.53.87:443 beacons.gcp.gvt2.com tcp
US 185.199.108.153:443 tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 172.67.73.40:443 tcp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
US 18.65.33.229:443 tcp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
US 104.16.164.13:443 tcp
NL 13.227.219.73:443 tagan.adlightning.com tcp
NL 142.250.179.161:443 c398065805b2c5fa61b964ccac7cfa9e.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 172.217.168.238:443 clients2.google.com udp
NL 142.251.36.45:443 accounts.google.com udp
NL 172.217.168.238:443 clients2.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
NL 142.250.179.163:443 udp
US 188.114.96.0:443 feed.ultramapsearch.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
BE 87.248.116.11:443 uk.help.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 104.26.13.251:443 tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
US 104.26.13.251:443 tcp
US 188.114.96.0:443 feed.ultramapsearch.com tcp
NL 65.9.78.68:443 c.amazon-adsystem.com tcp
US 188.114.96.0:443 feed.ultramapsearch.com tcp
US 104.16.160.13:443 tcp
NL 13.227.219.71:443 tagan.adlightning.com tcp
US 142.250.102.157:443 stats.g.doubleclick.net udp
NL 142.250.179.161:443 5c1ab8f6553889471a17711cf61db2c5.safeframe.googlesyndication.com tcp
NL 142.251.36.38:443 udp
NL 142.251.36.1:443 udp
NL 142.251.36.1:443 tcp
US 216.239.34.36:443 udp
US 216.239.34.36:443 tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 update.googleapis.com udp
NL 142.251.36.45:443 accounts.google.com udp
NL 172.217.168.238:443 clients2.google.com udp
NL 142.250.179.163:443 update.googleapis.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 172.217.168.238:443 clients2.google.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 api.ultramapsearch.com udp
US 188.114.97.3:443 api.ultramapsearch.com tcp
US 8.8.8.8:53 suggestqueries.google.com udp
NL 142.250.179.174:80 suggestqueries.google.com tcp
US 8.8.4.4:443 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
US 188.114.96.0:443 feed.ultramapsearch.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
BE 87.248.116.11:443 uk.help.yahoo.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
NL 172.217.168.234:443 content-autofill.googleapis.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
IE 52.213.237.83:443 tcp
DE 185.85.15.46:443 www.kaspersky.co.uk tcp
NL 23.1.121.173:443 service.maxymiser.net tcp
RU 77.74.178.40:443 tcp
RU 77.74.178.40:443 tcp
RU 77.74.178.40:443 tcp
RU 77.74.178.40:443 tcp
RU 77.74.178.40:443 content.kaspersky-labs.com tcp
RU 77.74.178.40:443 tcp
DE 185.85.15.23:443 media.kaspersky.com tcp
NL 216.58.214.3:443 ssl.gstatic.com tcp
NL 172.217.168.234:443 udp
US 216.239.38.21:443 sgtm.kaspersky.co.uk tcp
FR 15.188.95.229:443 kaspersky.d3.sc.omtrdc.net tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
BE 87.248.116.12:443 uk.help.yahoo.com tcp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
US 188.114.97.0:443 feed.ultramapsearch.com tcp
IE 212.82.100.137:443 uk.video.search.yahoo.com tcp
FR 51.91.30.159:443 www.upload.ee tcp
FR 51.91.30.159:443 www.upload.ee tcp
NL 104.80.228.119:443 s7.addthis.com tcp
NL 104.80.228.119:443 tcp
FR 2.18.106.161:443 z.moatads.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.170:443 safebrowsing.googleapis.com tcp
NL 216.58.208.106:443 udp
US 216.239.34.36:443 udp
US 216.239.34.36:443 tcp
US 142.250.102.156:443 stats.g.doubleclick.net udp
EE 212.47.222.21:443 tcp
NL 142.251.36.1:443 udp
NL 142.251.36.1:443 tcp
DE 54.93.153.89:443 tcp
FR 2.22.147.27:443 tcp
DE 54.93.153.89:443 tcp
NL 52.222.137.20:443 dskwugy0u6y9l.cloudfront.net tcp
NL 142.250.179.170:443 udp
DK 37.157.2.236:443 tcp
US 8.8.4.4:443 dns.google tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.36.14:443 chrome.google.com tcp
US 108.156.60.113:443 miliated.xyz tcp
FI 95.216.10.48:443 img.cdn.house tcp
DE 49.12.82.144:443 cp2s.xyz tcp
DE 49.12.82.144:443 cp2s.xyz tcp
DE 157.90.1.66:443 tcp
DE 157.90.33.79:443 tcp
US 18.65.39.88:443 nedaugha.buzz tcp
US 44.195.137.121:443 tcp
NL 142.250.179.142:443 safebrowsing.google.com tcp
US 8.8.8.8:53 update.winzip.com udp
US 34.195.199.88:443 update.winzip.com tcp
US 34.195.199.88:443 update.winzip.com tcp
US 8.8.8.8:53 www.winzip.com udp
FR 2.16.118.210:443 www.winzip.com tcp
FR 2.16.118.210:443 www.winzip.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.163:443 update.googleapis.com tcp
US 8.8.8.8:53 ipm.corel.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
NL 104.110.191.39:443 ipm.corel.com tcp
NL 104.110.191.39:443 ipm.corel.com tcp
NL 52.222.137.213:443 cdn.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 52.35.64.123:443 api.amplitude.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
NL 216.58.214.14:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r3---sn-5hne6nzs.gvt1.com udp
NL 74.125.8.104:80 r3---sn-5hne6nzs.gvt1.com tcp
N/A 239.255.255.250:3702 udp
NL 172.217.132.199:80 r2---sn-5hnednss.gvt1.com tcp
US 8.8.8.8:53 api.pcprotect.com udp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 8.8.8.8:53 definition.protected.net udp
US 35.190.63.3:443 definition.protected.net tcp
US 8.8.8.8:53 in.appcenter.ms udp
US 40.70.161.102:443 in.appcenter.ms tcp
N/A 239.255.255.250:3702 udp
NL 142.250.179.163:443 update.googleapis.com udp
US 8.8.8.8:53 edgedl.me.gvt1.com udp
US 34.104.35.123:80 edgedl.me.gvt1.com tcp
N/A 127.0.0.1:58500 tcp
US 8.8.4.4:443 dns.google udp
NL 142.250.179.142:443 udp
US 35.227.215.13:443 beacons.gcp.gvt2.com tcp
NL 142.250.179.142:443 tcp
NL 142.250.179.174:80 suggestqueries.google.com tcp
US 8.8.4.4:443 dns.google udp
NL 142.251.36.14:443 chrome.google.com udp
NL 142.251.36.14:443 chrome.google.com tcp
NL 142.251.36.14:443 chrome.google.com udp
NL 142.251.39.97:443 udp
NL 142.251.39.97:443 tcp
NL 142.251.39.97:443 tcp
NL 142.250.179.170:443 udp
US 185.199.108.154:443 tcp
DE 140.82.121.4:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
NL 216.58.208.106:443 udp
US 140.82.113.21:443 collector.github.com tcp
DE 140.82.121.6:443 api.github.com tcp
DE 140.82.121.10:443 codeload.github.com tcp
NL 142.251.36.14:443 chrome.google.com udp
US 35.244.248.161:443 api.pcprotect.com tcp
NL 142.250.179.142:443 udp
US 8.8.8.8:53 ipm.corel.com udp
NL 104.110.191.39:443 ipm.corel.com tcp
NL 104.110.191.39:443 ipm.corel.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
NL 52.222.137.70:443 cdn.amplitude.com tcp
NL 52.222.137.70:443 cdn.amplitude.com tcp
US 8.8.8.8:53 api.amplitude.com udp
US 34.211.183.198:443 api.amplitude.com tcp
US 34.211.183.198:443 api.amplitude.com tcp
US 8.8.4.4:443 dns.google udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 ipm.corel.com udp
NL 104.110.191.39:443 ipm.corel.com tcp
NL 104.110.191.39:443 ipm.corel.com tcp
NL 52.222.137.70:443 cdn.amplitude.com tcp
US 34.211.183.198:443 api.amplitude.com tcp
N/A 239.255.255.250:3702 udp
US 35.244.248.161:443 api.pcprotect.com tcp
US 35.190.63.3:443 definition.protected.net tcp
US 40.70.161.102:443 in.appcenter.ms tcp
US 35.244.248.161:443 api.pcprotect.com tcp
US 8.8.4.4:443 dns.google udp
NL 13.227.219.29:443 pc-releases.powder.gg tcp
US 8.8.4.4:443 dns.google udp
US 174.129.115.39:443 graph.verse.powder.gg tcp
US 8.8.4.4:443 dns.google udp
US 216.239.32.116:443 udp
US 35.227.215.13:443 tcp
NL 142.250.179.142:443 udp
US 216.239.32.116:443 tcp
HK 34.92.53.177:443 e2c2.gcp.gvt2.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 34.211.183.198:443 api.amplitude.com tcp
DE 49.12.82.144:443 cp2s.xyz tcp
DE 49.12.82.144:443 cp2s.xyz tcp
DE 157.90.33.79:443 tcp
US 18.65.39.86:443 nedaugha.buzz tcp
US 44.195.137.121:443 tcp
N/A 127.0.0.1:58750 tcp

Files

memory/2404-132-0x0000000000000000-mapping.dmp

\??\pipe\crashpad_4768_OKFLABRTSTIQXWOJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4000-135-0x0000000000000000-mapping.dmp

memory/260-136-0x0000000000000000-mapping.dmp

memory/1520-137-0x0000000000000000-mapping.dmp

memory/4264-138-0x0000000000000000-mapping.dmp

memory/3116-139-0x0000000000000000-mapping.dmp

memory/4060-140-0x0000000000000000-mapping.dmp

memory/488-141-0x0000000000000000-mapping.dmp

memory/2076-142-0x0000000000000000-mapping.dmp

memory/5088-143-0x0000000000000000-mapping.dmp

memory/2724-144-0x0000000000000000-mapping.dmp

memory/2704-145-0x0000000000000000-mapping.dmp

memory/3924-146-0x0000000000000000-mapping.dmp

memory/3116-147-0x0000000010000000-0x0000000010112000-memory.dmp

memory/3116-148-0x0000000002F30000-0x00000000030F7000-memory.dmp

memory/828-149-0x0000000000000000-mapping.dmp

memory/3460-150-0x0000000000000000-mapping.dmp

memory/2628-151-0x0000000000000000-mapping.dmp

memory/3204-152-0x0000000000000000-mapping.dmp

memory/2036-153-0x0000000000000000-mapping.dmp

memory/2076-154-0x0000000000000000-mapping.dmp

memory/5088-155-0x0000000000000000-mapping.dmp

memory/444-156-0x0000000000000000-mapping.dmp

memory/2704-157-0x0000000000000000-mapping.dmp

memory/3924-158-0x0000000000000000-mapping.dmp

memory/1512-160-0x0000000000000000-mapping.dmp

memory/3396-161-0x0000000000000000-mapping.dmp

memory/1968-162-0x0000000000000000-mapping.dmp

memory/3776-163-0x0000000000000000-mapping.dmp

memory/4208-164-0x0000000000000000-mapping.dmp

memory/3116-165-0x0000000010000000-0x0000000010112000-memory.dmp

memory/804-166-0x0000000000000000-mapping.dmp

memory/4492-167-0x0000000000000000-mapping.dmp

memory/548-168-0x0000000000000000-mapping.dmp

memory/4776-169-0x0000000000000000-mapping.dmp

memory/2192-170-0x0000000000000000-mapping.dmp

memory/5004-172-0x0000000000000000-mapping.dmp

memory/1524-173-0x0000000000000000-mapping.dmp

memory/1796-174-0x0000000000000000-mapping.dmp

memory/1260-175-0x0000000000000000-mapping.dmp

memory/60-176-0x0000000000000000-mapping.dmp

memory/3116-177-0x0000000010000000-0x0000000010112000-memory.dmp

memory/4492-178-0x0000000000000000-mapping.dmp

memory/1524-179-0x0000000000000000-mapping.dmp

memory/2036-180-0x0000000000000000-mapping.dmp

memory/2036-181-0x0000000000B70000-0x0000000000B94000-memory.dmp

memory/804-182-0x0000000000000000-mapping.dmp

memory/8-183-0x0000000000000000-mapping.dmp

memory/8-184-0x00007FFC9D6F0000-0x00007FFC9D725000-memory.dmp

memory/2036-185-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp

memory/8-187-0x000001D4FC3F0000-0x000001D4FC4F6000-memory.dmp

memory/8-188-0x000001D4FBBC0000-0x000001D4FBC24000-memory.dmp

memory/8-189-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp

memory/8-190-0x000001D4FBC90000-0x000001D4FBCEA000-memory.dmp

memory/8-191-0x000001D4FB8F7000-0x000001D4FB8FB000-memory.dmp

memory/8-192-0x00007FFC9CE30000-0x00007FFC9CE64000-memory.dmp

memory/8-193-0x00007FFC9CDE0000-0x00007FFC9CE28000-memory.dmp

memory/8-194-0x00007FFC9F030000-0x00007FFC9F064000-memory.dmp

memory/8-195-0x000001D4FCCF0000-0x000001D4FCEB2000-memory.dmp

memory/4868-198-0x0000000000000000-mapping.dmp

memory/8-197-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-196-0x000001D4FB8FB000-0x000001D4FB8FF000-memory.dmp

memory/8-199-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-200-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-201-0x000001D4FE4C0000-0x000001D4FFA0C000-memory.dmp

memory/8-202-0x00007FFC9D340000-0x00007FFC9D3F2000-memory.dmp

memory/8-203-0x000001D4FD7F0000-0x000001D4FDB76000-memory.dmp

memory/8-204-0x000001D4FD2E0000-0x000001D4FD352000-memory.dmp

memory/8-205-0x000001D4FCFC0000-0x000001D4FD010000-memory.dmp

memory/8-206-0x000001D4FD460000-0x000001D4FD4B0000-memory.dmp

memory/8-207-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-209-0x000001D4FCF70000-0x000001D4FCF82000-memory.dmp

memory/8-208-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/1812-210-0x0000000000000000-mapping.dmp

memory/8-211-0x00007FFC9E330000-0x00007FFC9E3A4000-memory.dmp

memory/5124-212-0x0000000000000000-mapping.dmp

memory/8-213-0x00007FFC9CFF0000-0x00007FFC9D085000-memory.dmp

memory/8-214-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-215-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-216-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-218-0x00007FFC8D4E0000-0x00007FFC8D553000-memory.dmp

memory/8-219-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-220-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-222-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-223-0x00007FFC8D360000-0x00007FFC8D412000-memory.dmp

memory/8-221-0x00007FFC8D420000-0x00007FFC8D4D2000-memory.dmp

memory/8-224-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-226-0x000001D4FFAC0000-0x000001D4FFB1E000-memory.dmp

memory/5252-228-0x0000000000000000-mapping.dmp

memory/5216-227-0x0000000000000000-mapping.dmp

memory/5288-229-0x0000000000000000-mapping.dmp

memory/8-225-0x00007FFC9ECD0000-0x00007FFC9ECE7000-memory.dmp

memory/8-217-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/4868-231-0x00000000036A0000-0x0000000003867000-memory.dmp

memory/5364-232-0x0000000000000000-mapping.dmp

memory/8-230-0x000001D4FD540000-0x000001D4FD548000-memory.dmp

memory/8-233-0x000001D498060000-0x000001D49809A000-memory.dmp

memory/5404-234-0x0000000000000000-mapping.dmp

memory/8-235-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp

memory/8-236-0x000001D4FE240000-0x000001D4FE252000-memory.dmp

memory/8-237-0x000001D4FE252000-0x000001D4FE264000-memory.dmp

memory/4868-238-0x0000000010000000-0x0000000010112000-memory.dmp

memory/5468-239-0x0000000000000000-mapping.dmp

memory/8-241-0x000001D4FB8F7000-0x000001D4FB8FB000-memory.dmp

memory/5504-240-0x0000000000000000-mapping.dmp

memory/8-242-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp

memory/8-243-0x000001D4FB8FB000-0x000001D4FB8FF000-memory.dmp

memory/5576-244-0x0000000000000000-mapping.dmp

memory/5760-245-0x0000000000000000-mapping.dmp

memory/5780-246-0x0000000000000000-mapping.dmp

memory/5828-247-0x0000000000000000-mapping.dmp

memory/5828-248-0x0000000005C40000-0x0000000006064000-memory.dmp

memory/3052-249-0x00007FFCBE550000-0x00007FFCBE560000-memory.dmp

memory/5828-251-0x0000000006620000-0x0000000006BC4000-memory.dmp

memory/5828-252-0x0000000006120000-0x00000000061B2000-memory.dmp

memory/2036-253-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp

memory/5828-254-0x00000000060F0000-0x00000000060FA000-memory.dmp

memory/5828-255-0x0000000006450000-0x0000000006460000-memory.dmp

memory/6028-256-0x0000000000000000-mapping.dmp

memory/3152-257-0x0000000000000000-mapping.dmp

memory/5160-258-0x0000000000000000-mapping.dmp

memory/5176-259-0x0000000000000000-mapping.dmp

memory/5248-260-0x0000000000000000-mapping.dmp

memory/5216-261-0x0000000000000000-mapping.dmp

memory/5192-262-0x0000000000000000-mapping.dmp

memory/5192-263-0x0000000000D70000-0x0000000000DAC000-memory.dmp

memory/5192-264-0x000000001CBF0000-0x000000001CE06000-memory.dmp

memory/5192-265-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp

memory/5532-266-0x00007FFCB19F0000-0x00007FFCB1A25000-memory.dmp

memory/5532-268-0x000002223B290000-0x000002223B390000-memory.dmp

memory/5532-269-0x00007FFCA23E0000-0x00007FFCA2414000-memory.dmp

memory/4172-476-0x00007FFC7DB70000-0x00007FFC7DB80000-memory.dmp

memory/5880-568-0x0000000010000000-0x0000000010010000-memory.dmp

memory/4256-595-0x000001F5C4D90000-0x000001F5C4DA0000-memory.dmp

memory/6532-596-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-597-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-598-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-599-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-600-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-602-0x00007FFC7DEB0000-0x00007FFC7DEC0000-memory.dmp

memory/6532-605-0x00007FFC7DEB0000-0x00007FFC7DEC0000-memory.dmp

memory/6532-611-0x00007FFC80B80000-0x00007FFC815B6000-memory.dmp

memory/6532-617-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-619-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-618-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp

memory/6532-620-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp