Analysis Overview
SHA256
24c617f6c994a7a2f8520020365669fbd3cf5535f893118cefc39401394c2e15
Threat Level: Known bad
The file SecuriteInfo.com.W32.AIDetect.malware2.21162.19131 was found to be: Known bad.
Malicious Activity Summary
Wannacry
Kutaki family
Kutaki Executable
Modifies system executable filetype association
Looks for VirtualBox Guest Additions in registry
Modifies extensions of user files
Registers COM server for autorun
Looks for VMWare Tools registry key
Creates new service(s)
Contacts a large (551) amount of remote hosts
Drops file in Drivers directory
Executes dropped EXE
Downloads MZ/PE file
Drops startup file
Checks BIOS information in registry
Checks computer location settings
Modifies file permissions
Reads user/profile data of web browsers
Loads dropped DLL
Checks whether UAC is enabled
Maps connected drives based on registry
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Drops desktop.ini file(s)
Enumerates connected drives
Checks installed software on the system
Drops file in System32 directory
Sets desktop wallpaper using registry
Launches sc.exe
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Enumerates processes with tasklist
Suspicious use of SetWindowsHookAW
Checks processor information in registry
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Modifies system certificate store
Modifies data under HKEY_USERS
Kills process with taskkill
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-07-18 04:41
Signatures
Kutaki Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kutaki family
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-18 04:41
Reported
2022-07-18 05:21
Platform
win10v2004-20220715-en
Max time kernel
1991s
Max time network
2280s
Command Line
Signatures
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip\ = "{E0D79305-84BE-11CE-9641-444553540000}" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\DragDropHandlers\WinZip | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip\ = "{E0D79305-84BE-11CE-9641-444553540000}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip\ = "{E0D79304-84BE-11CE-9641-444553540000}" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZip\ = "{E0D79304-84BE-11CE-9641-444553540000}" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DragDropHandlers\WinZip | C:\Program Files\WinZip\winzip64.exe | N/A |
Wannacry
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe | N/A |
Contacts a large (551) amount of remote hosts
Creates new service(s)
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\protected_elam.sys | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Windows\system32\drivers\protected_elam.sys | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Windows\system32\drivers\webshieldfilter.sys | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Windows\system32\drivers\protected_elam.sys | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
Executes dropped EXE
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\VMware, Inc.\VMware Tools | C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe | N/A |
Modifies extensions of user files
| Description | Indicator | Process | Target |
| File renamed | C:\Users\Admin\Pictures\GetOut.tif.WNCRYT => C:\Users\Admin\Pictures\GetOut.tif.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File renamed | C:\Users\Admin\Pictures\ResolvePing.png.WNCRYT => C:\Users\Admin\Pictures\ResolvePing.png.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File renamed | C:\Users\Admin\Pictures\PushAdd.png.WNCRYT => C:\Users\Admin\Pictures\PushAdd.png.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File created | C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRYT | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\Pictures\GetOut.tif.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File renamed | C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRYT => C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File renamed | C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRYT => C:\Users\Admin\Pictures\UnregisterFormat.png.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\Pictures\PushAdd.png.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File created | C:\Users\Admin\Pictures\ResolvePing.png.WNCRYT | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\Pictures\ResolvePing.png.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File created | C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRYT | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File renamed | C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRYT => C:\Users\Admin\Pictures\ExpandUnpublish.raw.WNCRY | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File created | C:\Users\Admin\Pictures\GetOut.tif.WNCRYT | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File created | C:\Users\Admin\Pictures\LockUnregister.tiff.WNCRYT | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File created | C:\Users\Admin\Pictures\PushAdd.png.WNCRYT | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\Pictures\LockUnregister.tiff | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32 | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "mscoree.dll" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Both" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Class = "WinZipExpressForOffice.AddinModule" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{523EB855-2A2D-4A56-8581-FF17D9728093}\InProcServer32\ = "oleaut32.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D7930A-84BE-11CE-9641-444553540002}\LocalServer32\ = "C:\\Program Files\\WinZip\\WzPreviewer64.exe" | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\RuntimeVersion = "v2.0.50727" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\WZSHLS64.DLL" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "mscoree.dll" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, Version=3.5.14535.0, Culture=neutral, PublicKeyToken=86e07f6d9d2175ee" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "C:\\Program Files\\WinZip\\adxloader64.WinZipExpressForOffice.dll" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Class = "WinZipExpressForOffice.AddinModule" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Assembly = "WinZipExpressForOffice, Version=3.5.14535.0, Culture=neutral, PublicKeyToken=86e07f6d9d2175ee" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, PublicKeyToken=86E07F6D9D2175EE" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Assembly = "WinZipExpressForOffice, Version=3.5.14535.0, Culture=neutral, PublicKeyToken=86e07f6d9d2175ee" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, PublicKeyToken=86E07F6D9D2175EE" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79304-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{523EB855-2A2D-4A56-8581-FF17D9728093}\InProcServer32\ThreadingModel = "Both" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Class = "WinZipExpressForOffice.AddinModule" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{d79b57ed-727c-4ab8-ba67-e7c6fd30fac1}\LocalServer32\ = "\"C:\\Program Files (x86)\\PCProtect\\PCProtect.exe\" -ToastActivated" | C:\Program Files (x86)\PCProtect\PCProtect.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79307-84BE-11CE-9641-444553540000}\InProcServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79307-84BE-11CE-9641-444553540000}\InProcServer32 | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\WZSHLS64.DLL" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Both" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\RuntimeVersion = "v2.0.50727" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{784C04A3-2E5A-4E7C-A7F7-7D97E27859AD}\LocalServer32\ = "C:\\Program Files\\WinZip\\winzip64.exe" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79307-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\wzshls64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Class = "WinZipExpressForOffice.AddinModule" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\wzshls64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\CodeBase = "file:///C:/Program Files/WinZip/WinZipExpressForOffice.DLL" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9CA9DBE8-C0B1-42c9-B6C7-856BE5756855}\LocalServer32\ = "\"C:\\Program Files\\WinZip\\WzBGTComServer64.exe\"" | C:\Program Files\WinZip\WzBGTComServer64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{784C04A3-2E5A-4E7C-A7F7-7D97E27859AD}\LocalServer32 | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ThreadingModel = "Both" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0\Class = "WinZipExpressForOffice.AddinModule" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32\ = "C:\\Program Files\\WinZip\\wzshls64.dll" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Class = "WinZipExpressForOffice.AddinModule" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\Assembly = "WinZipExpressForOffice, PublicKeyToken=86E07F6D9D2175EE" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{523EB855-2A2D-4A56-8581-FF17D9728093}\InProcServer32\InprocServer32 = 41003000310036004600300046003100310031003700330046004300440031003700440042003600000034006b00480038004800730024006a0049003d00270045006600280049007a00500069005a004700450043004400430036003e004d0035004b0044005900530055006e0066002800480041002a004c005b00780065005800290079002400660031002c004200460079004000580039002d00410045007d0026004d003500500025005900500072006f006700720061006d005f0044006100740061003e004d0035004b0044005900530055006e0066002800480041002a004c005b007800650058002900790000000000 | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0D79305-84BE-11CE-9641-444553540000}\InProcServer32 | C:\Windows\System32\MsiExec.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\International\Geo\Nation | C:\Program Files\WinZip\winzip64.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD355B.tmp | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3572.tmp | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pivepxpsij972 = "\"C:\\Users\\Admin\\Downloads\\WannaCry-main\\WannaCry-main\\tasksche.exe\"" | C:\Windows\SysWOW64\reg.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinZip FAH = "C:\\Program Files\\WinZip\\FAHConsole.exe" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Powder = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\powder-desktop\\Powder.exe\" --start-hidden" | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinZip UN = "\"C:\\Program Files\\WinZip\\WZUpdateNotifier.exe\" -show" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\WinZip\winzip64.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\Documents\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Users\Public\desktop.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db-journal | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SecurityService\SecurityService_Url_0y5odhsgmzbzdute3dv1u0i2p1urm0we\2u50hwmi.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SecurityService\SecurityService_Url_0y5odhsgmzbzdute3dv1u0i2p1urm0we\2u50hwmi.newcfg | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\AppCenter\bb31922a-2e71-4ea5-8b24-36e4a6804bc8\Logs.db-journal | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PCProtect\vdf_1658127478.zip | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" | C:\Users\Admin\Desktop\@[email protected] | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\PCProtect\netstandard.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00160.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00191.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00194.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files\WinZip\en-US\WzWXFcmbpdf64.dll.mui | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\WinZip\AddinExpress.OL.2005.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\WinZip\en-US\USRCOMBO.WJF | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00172.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-13ulrzqk.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files\WinZip\AddinExpress.MSO.2005.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.Reflection.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.Xml.Serialization.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00018.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-n3epflwl.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00201.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00246.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\tmp\avupdate_tmp_19HF1V\savapi4-ave2\win32\en\aeheur_mv.dat.gz | C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe | N/A |
| File created | C:\Program Files\WinZip\BoxService.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\aelidb.dat | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\savapi_post.bat | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00087.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-15z3taj1.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\aesbx.dll | C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe | N/A |
| File created | C:\Program Files\WinZip\WzWXFmfire64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.ComponentModel.Annotations.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\on_access\win32\win7\avkmgr.cat | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.Net.WebSockets.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-01bduzzl.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00139.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-q14zylsd.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00244.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files\WinZip\WzWXFcldme64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\WinZip\wzcab.dll | C:\Windows\System32\MsiExec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\installer.log | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files\WinZip\IMClient.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\WinZip\NASCloudService.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.Runtime.WindowsRuntime.UI.Xaml.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\aebb.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00015.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00064.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-vpu0izrw.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-yb1gdye4.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files\WinZip\en-US\ZipShareService.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\PresentationCore.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.Windows.Presentation.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\avupdate.log | C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\tmp\avupdate_tmp_19HF1V\savapi4-ave2\win32\en\aehelp.dll | C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.Security.Cryptography.Csp.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\mscorrc.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\driver\i386\OemWin2k.inf | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\on_access\win64\win7\avgio.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-qu3q5dku.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files\WinZip\CloudStorageService.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\WinZip\WzWXFln64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\System.Reflection.Emit.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00239.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\tmp\avupdate_tmp_19HF1V\savapi4-ave2\win32\en\aescript.dll | C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-0ir4dw1o.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\DotNetZip-3jhj5yyz.tmp | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\PCProtect\SAVAPI\xbv00176.vdf | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\SAVAPI\aeheur.dll | C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe | N/A |
| File created | C:\Program Files\WinZip\en-US\WXFSGNPDF.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\PresentationFramework.Luna.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| File created | C:\Program Files (x86)\PCProtect\lib_SCAPI.dll | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSI9FFB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA9E4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\win.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA0C8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB7AA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDA95.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\SbkupStub64_ShortCut_StartMenu.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\win.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\ARPPRODUCTICON.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\Sbkup64_ShortCut_StartMenu.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_StartMenu.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1E35.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA4BA.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA634.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WIN.INI | C:\Program Files\WinZip\winzip64.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_Desktop.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1E34.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAB62.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI517.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1CF8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID74D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID76F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI781.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI14B5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA4DB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5C8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\Sbkup64_ShortCut_Desktop.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1C5B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB942.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID965.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID975.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED87.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\PdfUtil64_ShortCut_StartMenu.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1A83.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA169.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA995.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDAA6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDAD8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_Desktop.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA0A8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAA26.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\ImgUtilStub64_Shortcut_Desktop.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\ImgUtilStub64_Shortcut_StartMenu.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI20A7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID73D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDA46.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\SbkupStub64_ShortCut_StartMenu.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1A94.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_MenuGroup.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\Sbkup64_ShortCut_Desktop.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\WinZip64_Shortcut_Preloader.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1B31.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA118.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC634.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\win.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File created | C:\Windows\Installer\e5a99c1.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID9C4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIDAB7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5A8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C2413F}\PdfUtilStub64_Shortcut_Desktop.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\win.ini | C:\Program Files\WinZip\winzip64.exe | N/A |
| File created | C:\Windows\ELAMBKUP\protected_elam.sys | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\PCProtect\SecurityService.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cd8915632a09e1fe0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cd8915630000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900cd891563000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cd89156300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cd89156300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz | C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3486" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1946" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1237" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "235" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3072" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "111" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3781" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1237" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1946" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "4194" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3073" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "235" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1529" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1244" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "235" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1242" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3486" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "4194" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "235" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3073" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "111" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "820" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1242" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "4194" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\DOMStorage\corel.com | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1943" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1237" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\WebAuthBroker.exe = "10000" | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1946" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3068" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1240" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "1242" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "2655" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3072" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3072" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "124" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "819" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1242" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "111" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3781" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "1237" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "111" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\Software\Microsoft\Internet Explorer\IESettingSync | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1237" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "820" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "1235" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "3781" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3781" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\ipm.corel.com\ = "3072" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\corel.com\Total = "3490" | C:\Program Files\WinZip\winzip64.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\Splitter\Enabled = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\UpdateCheck\Period = "7" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFcmbpdf | C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFdbox | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFzshare\Default | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WinZip | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzAddrgcts | C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\Statistics\Collect = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFcldme\Default\WritableRootFolder = "\\" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\PowerPoint\AddIns\WinZipExpressForOffice.AddinModule | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\winzip\Setup = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\wzshlext\AddToFolder = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Size = "5,R,48,T" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Encrypt = "1,L,18,T" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFcnvp | C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFoned\Default\WritableRootFolder = "\\" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Name = "2,L,216,T" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Path = "10,L,-2,F" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\wzshlext | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\WinZip Computing\WinZip Computing = "Please look in the Nico Mak Computing section for WinZip keys, values, and settings." | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFnas\Default | C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\winzip\ReuseWindows = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFssync\Default | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Word\AddIns\WinZipExpressForOffice.AddinModule\Description = "AddinModule" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFcldme\Default\MaxUploadSizeMB = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFoned | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.BZ2 = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\GridLines = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFgdrv\Default | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\wzshlext\MenuCfgTable = "222222222222222222222222222221" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\Common\Email\Services\ = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><mailservices default=\"Gmail\"><mailservice name=\"Gmail\" login=\"yes\" help=\"yes\" encryption=\"tls\"><smtp server=\"smtp.gmail.com\" port=\"587\"/><domains>gmail.com</domains></mailservice><mailservice name=\"Hotmail\" login=\"yes\" help=\"no\" encryption=\"tls\"><smtp server=\"smtp.live.com\" port=\"587\"/><domains>hotmail.*;live.*;msnhotmail.com</domains></mailservice><mailservice name=\"Yahoo!\" login=\"yes\" help=\"yes\" encryption=\"none\"><smtp server=\"plus.smtp.mail.yahoo.com\" port=\"465\"/><domains>yahoo.com;sbcglobal.com</domains></mailservice><mailservice name=\"Outlook.com\" login=\"yes\" help=\"yes\" encryption=\"tls\"><smtp server=\"smtp-mail.outlook.com\" port=\"587\"/><domains>outlook.com;*.onmicrosoft.com</domains></mailservice></mailservices>" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\WXF\WzWXFivrs | C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.TBZ2 = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\winzip\AlwaysOnTop = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip\Splitter | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\UpdateCheck\AskFirst = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\PowerPoint | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Nico Mak Computing\WinZip | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\WXF\WzWXFbox\Default\MaxUploadSizeMB = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.VHD = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\caution\ErrDelFileCaution = "0" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\ListView\Col_Packed = "7,R,54,T" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\Common\Email\Services | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\Common\Email | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Nico Mak Computing\WinZip\fm\.CAB = "1" | C:\Program Files\WinZip\winzip64.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\MainGUI = "WinZip" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\MediaFireCloud = "CloudSvc" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\1\MRUListEx = ffffffff | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.vhd\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F} | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.wztheme\WinZip.Theme\ShellNew | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.ZipX\ = "WinZip Zipx File" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\PdfUtil = "\x06Applets" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shell\PCProtect\SeparatorAfter | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.B64\ShellEx | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Component Categories\{62C8FE65-4EBB-45e7-B440-6E39B2CDBF29} | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\3.5.14535.0 | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.SetupConfig\shell\open\ = "Configure WinZip" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0D79306-84BE-11CE-9641-444553540000}\InProcServer32 | C:\Windows\System32\MsiExec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ = "WinZip" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\CloudMeCloudFiles = "CloudMeCloud" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\Themes = "WinZip" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.GZ | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip\ = "WinZip File" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.swjf\ = "WinZip.SecureBackup" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\Explorer.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\PdfUtilDesktopIcon = "\x06PdfUtil" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\PCProtect\Icon = "\"C:\\Program Files (x86)\\PCProtect\\PCProtect.exe\"" | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\ImgUtilFiles = "\x06ImgUtil" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinZip\ = "{E0D79305-84BE-11CE-9641-444553540000}" | C:\Windows\System32\MsiExec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.BHX\WinZip\ShellNew | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.MIM\ = "WinZip" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\NASCloudFiles = "NASCloud" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\DropboxCloudFiles = "DropboxCloud" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\Explorer.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\Explorer.EXE | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ShellEx | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1 = 6400310000000000f2543438100057414e4e41437e3100004c0009000400efbef2542938f25434382e0000000b3f020000000b000000000000000000000000000000406d6100570061006e006e0061004300720079002d006d00610069006e00000018000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.hqx\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F}\ = "{E0D7930A-84BE-11CE-9641-444553540002}" | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.jpeg | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.7z | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\SugarSyncCloud = "CloudSvc" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}" | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WzExpForSPExtension\shell\open\command\ = "\"C:\\Program Files\\WinZip\\WzExpForSPExtension.exe\" \"%1\"" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.BZ2 | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.LZS\ShellEx\{8895B1C6-B41F-4C1C-A562-0D564250836F} | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\2 = 8a00310000000000f2547739100052414e534f4d7e312e302d4d00006e0009000400efbef2547739f25478392e000000a42d02000000080000000000000000000000000000009b911f00520041004e0053004f004d0057004100520045002d00570041004e004e0041004300520059002d0032002e0030002d006d006100730074006500720000001c000000 | C:\Windows\Explorer.EXE | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\Previewer = "WinZip" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\RuntimeVersion = "v2.0.50727" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32\ = "C:\\Program Files\\WinZip\\adxloader64.WinZipExpressForOffice.dll" | C:\Program Files\WinZip\adxregistrator.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\166F59DC4C5A5F446AAACEDD192C14F3\AddressBookEnglishFiles = "AddressBook" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile\shell\open | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E0D7930A-84BE-11CE-9641-444553540002}\LocalServer32\ = "C:\\Program Files\\WinZip\\WzPreviewer64.exe" | C:\Program Files\WinZip\WzPreviewer64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.gz\ = "WinZip" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.wjf\WinZip.JobFile\ShellNew | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.vmdk\WinZip\ShellNew | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\166F59DC4C5A5F446AAACEDD192C14F3\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile\shell\open | C:\Program Files\WinZip\winzip64.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.RegFile\shell\ = "open" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\discord-973501835119837244\DefaultIcon | C:\Users\Admin\AppData\Local\Programs\powder-desktop\PowderRecorderCli.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.wzmul | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WinZip.ZipX\shell\print\command\ = "\"C:\\Program Files\\WinZip\\winzip64.exe\" /print /ni \"%1\"" | C:\Program Files\WinZip\winzip64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.RAR\WinZip | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2280897447-3291712302-3137480060-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\Explorer.EXE | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C4D8249BB310BA6E0A062CB88F91E00716FC6694 | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C4D8249BB310BA6E0A062CB88F91E00716FC6694\Blob = 030000000100000014000000c4d8249bb310ba6e0a062cb88f91e00716fc66942000000001000000320300003082032e30820216a003020102021100bdb09ca1e11fa45c1d7294f3a9d1aa8f300d06092a864886f70d01010b0500303f310b300906035504061302454e3130302e06035504030c27504350726f74656374204d616c6963696f75732055524c2050726f74656374696f6e20434120323020170d3032303732333036353930325a180f32303632303730383036353930325a303f310b300906035504061302454e3130302e06035504030c27504350726f74656374204d616c6963696f75732055524c2050726f74656374696f6e204341203230820122300d06092a864886f70d01010105000382010f003082010a0282010100d102fac59471f2454e80b9ee0861ed6bc62c3adfc79948a74cab6431221d7b71df61aa005a245e6c3327cda20d5c08adb0d221feb6341439cede4d10d764e688b7eabc1894335631312cf2bb7018c589ba265131a95e54f5632f511c7f64f87025a21b0f37aaf37258301de0e6985740c2bc17b760f47b6ce2abce7c04bff132729f8d8813a4a627589f2add6ff03882c301b842988c8437cf996bac4b8052ba490037f68e5c534c9ede75ed439b281ad72ce839e02e73464b10929aa8d1b67302beb4e67d5bb38bfca987818ffe16130e77dc73b89a042671727239f9c7b1dad7e1b249c30f51a713dd9dd7f7eba4617c90ae2c806af2cec304d8759e219fe10203010001a3233021300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106300d06092a864886f70d01010b050003820101006eb668d320d84b9f59d812e9a3068a34722825f733c6696c0c55284315bf3c20c42bbd426d0e3c7e8bd22e5247fd2fb804dfb86d9549d3d8c0cc3bc60b2a74915d6dd4261b511962038e61962c9f3616c2cc77b8a26a42a3fb7e0ac68780c1d56c862a7d5a3561ffb6e4ba1831aef8af3bf77ecfbba594f92f52dda9f651ccef81d9c48004c8994ae66f506f91bfe552ea3504799fda74b92e2345712f7d4ba41bbc8e749d3dd582086e6cdcf45bec67b1e4c561add6cf57efb1927ab416939f6f7a28f9d929ec6fd434b67b4a723a629be6304c57a5ecf2684dcc8a2b45356520917b928b2479bc6273dca8d697f9389947424e6d44a6cd7d2c8588bdf62250 | C:\Program Files (x86)\PCProtect\SecurityService.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\PCProtect_Setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\powder-desktop\PowderRecorderCli.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\@[email protected] | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookAW
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
| N/A | N/A | C:\Program Files\WinZip\winzip64.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\attrib.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.AIDetect.malware2.21162.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5360 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3920 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1104 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6284 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x33c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4588 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6536 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4876 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2488 /prefetch:8
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2424_1845389723\ChromeRecovery.exe
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2424_1845389723\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={fd001846-9245-4a4d-ac8c-461bc36da8f6} --system
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3976 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1456 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6900 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6452 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6168 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7172 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7152 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7924 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7884 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8048 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8084 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8060 /prefetch:8
C:\Users\Admin\Downloads\winzip26-bing.exe
"C:\Users\Admin\Downloads\winzip26-bing.exe"
C:\Users\Admin\AppData\Local\Temp\e59be84\winzip26-bing.exe
run=1 shortcut="C:\Users\Admin\Downloads\winzip26-bing.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7852 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A70ABAC2853BF1C34C609760AAE66E6A
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 8FC3B6A39F956BF4D3E8CD215428223A
C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe
"C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe"
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{DB926FDC-2495-4052-8A37-E5D04A15F3DB}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55FE02C4-DC91-4CED-9EDD-B3E6D76CE618}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7C7545F9-0411-4E55-8F98-B3B15BF7E781}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{850D33F1-3DB1-4942-9471-A57ED9F66177}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FFECB41B-8CEF-448F-A669-FB00C34582D0}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8A3D7CB4-FF6E-40D3-9431-C8A63092B9A0}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6E0A6474-7180-4357-A432-4B23B8D15DDB}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6A6F79CA-46C2-43C6-8FE9-2F2214B18080}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D85ACBA5-C7FC-4EB5-8EC9-B573BCA09651}
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{01014416-0FD7-4A0F-AB45-C50E6225EFAD}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{93794825-D128-4241-8864-1EB783825FED}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9436F9E1-FFC3-48BF-BBC3-8655C5DF3AC8}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AC76CBDD-6BF9-4E4F-94F5-BB9B6B123E56}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10FB2375-A9D3-409E-8655-AAB7D1BAFD63}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{25A40759-80FB-4E3E-9716-D4B39B1F32A8}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EAADA687-71FC-491E-B2AD-D5881467A137}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A0ACA309-A10C-4FFF-867F-AB668D9D2C40}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8127CEAC-1177-43E3-ACC0-125EE9614413}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{25E2C77C-11E2-4EF6-90B7-8231DBB58EBA}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{60BED4D7-EA1B-42AA-A203-523740FFEDAB}
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{7B7A6008-1AF5-4152-A234-63159C18D0C4}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{7ECE8154-631F-4EFC-AD28-2309E3E4698D}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{28944EF5-A45D-4B89-9DB1-0E1801E46695}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{78C1EDAE-6A0C-4DF5-8D0E-D87323A42F2A}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{67C4034F-D9C1-48A1-AB29-330FC6F40031}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{649F78D1-2AE6-4635-9289-DA8AFE0040EC}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C341B77D-F3A1-45B5-AA84-D0C31F7A31CF}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FBE67055-3A49-44A7-BCB6-B560320AC795}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5AE8846A-8C20-4208-B9D6-A1CB03776992}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6E35CDED-5378-4044-823B-7C6D43C80608}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{16B6B4DA-11A2-4929-B214-46E32DB522BB}
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{53862504-F2B8-48AF-9B79-E387D34B1402}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1EBAF034-E359-4B5C-AEC7-32EFBF5B7C73}
C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding 5A9BD59A9DCB3DD2AAA40B10D35E8C5F E Global\MSI0000
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:8
C:\Program Files\WinZip\WzPreviewer64.exe
"C:\Program Files\WinZip\WzPreviewer64.exe" -regserver winzip64
C:\Program Files\WinZip\WzPreloader.exe
"C:\Program Files\WinZip\WzPreloader.exe"
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe" /noqp /nodesktop /nostartmenu /nomenugroup /autoinstall /lang 1033
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 327D0F4B1A9BB552818616FAD8D312A9 E Global\MSI0000
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75F79232-BE5B-4225-9512-011AE1E89C55}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FF42A0AF-B612-4212-AA66-7D5D46F230D9}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{708D0131-4F7D-4A40-A878-2CD46A15CDF7}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{07512CF4-002C-4902-9927-56393319C66A}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B07B3F79-C416-43CB-8856-153D31A2CC5B}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{74A5CD3C-8B24-42B7-BB33-7ACB785032ED}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{89144EEC-82AA-434B-B6A2-3E9FE687F230}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E451FBFE-43AD-4819-981A-FF4A6965A202}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{9EF8B3A1-82E7-4647-992B-819931E926F2}
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{9220585C-B36E-44D9-9645-C0D1B818DFDC}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0567FCD8-48A5-4EAA-A24B-451CC40E41D6}
C:\Program Files\WinZip\FAHConsole.exe
"C:\Program Files\WinZip\FAHConsole.exe"
C:\Program Files\WinZip\FAHWindow64.exe
"C:\Program Files\WinZip\FAHWindow64.exe" register
C:\Program Files\WinZip\adxregistrator.exe
"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=user /GenerateLogFile=false
C:\Program Files\WinZip\adxregistrator.exe
"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=admin /GenerateLogFile=false
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 1" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_9AM\" -show" /ST 09:36 /F
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 2" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_12PM\" -show" /ST 12:36 /F
C:\Windows\SysWOW64\schtasks.exe
C:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 3" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_3PM\" -show" /ST 15:36 /F
C:\Program Files\WinZip\WzBGTComServer64.exe
"C:\Program Files\WinZip\WzBGTComServer64.exe" /REGSERVER
C:\Program Files\WinZip\WZUpdateNotifier.exe
"C:\Program Files\WinZip\WZUpdateNotifier.exe"
C:\Program Files\WinZip\WzBGTools64.exe
"C:\Program Files\WinZip\WzBGTools64.exe" /s
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.winzip.com/instcmplt.cgi?pid=WNZP&ver=26.0.15033.0&lang=en&osbits=64&vid=oemg&x-at=bing
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca25546f8,0x7ffca2554708,0x7ffca2554718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7504 /prefetch:8
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,11421912426387285757,3835321922594497981,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\ZwLoader.zip"
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7160 /prefetch:8
C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe
"C:\Users\Admin\Downloads\ZwLoader\ZwLoader.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1524,5571227426334592936,17368608752593675314,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1996 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2464 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4584 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=888 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1604 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6616 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3632 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=976 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5552 /prefetch:8
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\102.286.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\102.286.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=bar61aL9B0cjXVzUU1M7nhAEe5SIxmVhNZY5DdeE --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=102.286.200 --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0x7ff78de9ecc8,0x7ff78de9ecd8,0x7ff78de9ece8
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_808_BGOMNKPCIOGJJRJP" --sandboxed-process-id=2 --init-done-notifier=760 --sandbox-mojo-pipe-token=3661897917861546039 --mojo-platform-channel-handle=736 --engine=2
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\102.286.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_808_BGOMNKPCIOGJJRJP" --sandboxed-process-id=3 --init-done-notifier=1000 --sandbox-mojo-pipe-token=9853554866268473617 --mojo-platform-channel-handle=996
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6968 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5688 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6808 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6160 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8048 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8028 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8244 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8272 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9464 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10052 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10948 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11032 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11196 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11760 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11608 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12860 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12720 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11632 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13004 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11320 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9828 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12868 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12908 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12912 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12924 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12240 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6460 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7004 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Users\Admin\Downloads\Powder-latest.exe
"C:\Users\Admin\Downloads\Powder-latest.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11764 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=175 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12596 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=174 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13976 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11796 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=188 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=193 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=191 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12528 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12044 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14068 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14236 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=197 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11380 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14300 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=201 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11600 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=202 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=203 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=204 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=205 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=206 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=207 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=210 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=209 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11348 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=208 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10496 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=211 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=212 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=213 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=214 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=215 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14216 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=216 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=217 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=218 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=219 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=220 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=221 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=222 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=223 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13140 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=224 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=225 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9684 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10208 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9336 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9680 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=13568 /prefetch:8
C:\Users\Admin\Downloads\PCProtect_Setup.exe
"C:\Users\Admin\Downloads\PCProtect_Setup.exe"
C:\Windows\SysWOW64\Wbem\wmic.exe
wmic.exe path Win32_Process where executablepath="C:\\Program Files (x86)\\PCProtect\\PCProtect.exe" delete
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /f /T /IM "avupdate.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /f /T /IM "Update.Win.exe"
C:\Windows\SysWOW64\taskkill.exe
"taskkill" /f /T /IM "PasswordExtension.Win.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files (x86)\PCProtect\SecurityService.exe
"C:\Program Files (x86)\PCProtect\SecurityService.exe" "--install"
C:\Windows\SysWOW64\sc.exe
"sc" create SecurityService start= auto binpath= "\"C:\Program Files (x86)\PCProtect\SecurityService.exe\"" displayname= "PC Security Management Service" obj= LocalSystem password= ""
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4568 -ip 4568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 4376
C:\Program Files (x86)\PCProtect\PCProtect.exe
"C:\Program Files (x86)\PCProtect\PCProtect.exe" --installed --installer="C:\Users\Admin\Downloads\PCProtect_Setup.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Powder.exe" | %SYSTEMROOT%\System32\find.exe "Powder.exe"
C:\Windows\SysWOW64\find.exe
C:\Windows\System32\find.exe "Powder.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq Powder.exe"
C:\Program Files (x86)\PCProtect\SecurityService.exe
"C:\Program Files (x86)\PCProtect\SecurityService.exe"
C:\Program Files (x86)\PCProtect\PCProtect.exe
"C:\Program Files (x86)\PCProtect\PCProtect.exe"
C:\Program Files (x86)\PCProtect\SecurityService.exe
"C:\Program Files (x86)\PCProtect\SecurityService.exe" --run-service --run-service-id=5240
C:\Users\Admin\AppData\Local\Temp\nst700.tmp\custom-installer.exe
C:\Users\Admin\AppData\Local\Temp\nst700.tmp\custom-installer.exe --vcredist C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe --app-id "gg.powder.desktop" --app-version "2.26.0" --install-folder "C:\Users\Admin\AppData\Local\Programs\powder-desktop"
C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe
C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe /q /norestart
C:\Windows\Temp\{935EB077-FD82-497F-A3CA-1C11056CFE1A}\.cr\vc_redist.x64.exe
"C:\Windows\Temp\{935EB077-FD82-497F-A3CA-1C11056CFE1A}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nst700.tmp\vc_redist.x64.exe" -burn.filehandle.attached=536 -burn.filehandle.self=532 /q /norestart
C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe
"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe"
C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe
"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe
"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --mojo-platform-channel-handle=2000 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
C:\Users\Admin\AppData\Local\Programs\powder-desktop\PowderRecorderCli.exe
./PowderRecorderCli.exe
C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe
"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --app-user-model-id=gg.powder.desktop --app-path="C:\Users\Admin\AppData\Local\Programs\powder-desktop\resources\app.asar" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=3236 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe
"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net
C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe
"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net
C:\Program Files (x86)\PCProtect\SAVAPI\apc_random_id_generator.exe
"C:\Program Files (x86)\PCProtect\SAVAPI\apc_random_id_generator.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe
"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pcprotect.com/video?logintoken=NzdkNzI4MTUtNmZkNy00NDcyLWE0NGYtODA4MzJkOGY3NzcwXzE2NTgxMjc0MzFAcHJvdGVjdGVkLXNpZ251cC5jb206MmMxNzhlMzgyNjcyODBhYzVkNWI5MDUyYzBmYzM4M2Q2OTE5NzA1YzpmY2NmMmVlZTI3MmZiZGQzZDcxOGZmNmNmMjJhMmZlZDg0NmQ5ODRlMDAyMDAyZjAyMzJlNzNkM2EwMWNlNWE3OjU1NjU4MTM0&source=WIN_GUIV2_CREATED_ACCOUNT&action=NONE&sourceGroup=win-app
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x40,0xe4,0xdc,0xe0,0x108,0x7ffca2e746f8,0x7ffca2e74708,0x7ffca2e74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,11969685418901645053,18439074009427313132,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4196 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=231 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13304 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=232 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x33c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=233 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13140 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe
"C:\Users\Admin\AppData\Local\Programs\powder-desktop\Powder.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\powder-desktop" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=780 --field-trial-handle=1716,i,1238844316018624848,113751115895396882,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=234 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=235 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13472 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=12236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=237 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8520 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://secure.pcprotect.com/?logintoken=NzdkNzI4MTUtNmZkNy00NDcyLWE0NGYtODA4MzJkOGY3NzcwXzE2NTgxMjc0MzFAcHJvdGVjdGVkLXNpZ251cC5jb206MmMxNzhlMzgyNjcyODBhYzVkNWI5MDUyYzBmYzM4M2Q2OTE5NzA1YzpmY2NmMmVlZTI3MmZiZGQzZDcxOGZmNmNmMjJhMmZlZDg0NmQ5ODRlMDAyMDAyZjAyMzJlNzNkM2EwMWNlNWE3OjU1NjU4MTM0&source=WIN_GUIV2_FREE_EDITION_REALTIME_ENABLE_ATTEMPT&action=NONE&sourceGroup=win-app&plan=RTP
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2e746f8,0x7ffca2e74708,0x7ffca2e74718
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12948 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2772 /prefetch:3
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\WannaCry-main.zip"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13192 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3120 /prefetch:8
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2508,13700991955992704806,17898664797280352646,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4156 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 270491658127690.bat
C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\@[email protected]
"C:\Users\Admin\Desktop\@[email protected]"
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pivepxpsij972" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pivepxpsij972" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f
C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Music\ResumeApprove.jfif" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Music\UndoImport.xla"
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=241 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\ZwLoader\VAC.exe
"C:\ZwLoader\VAC.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=242 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=243 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=244 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=245 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=247 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=248 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x33c
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=249 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=250 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,5829662426911789161,11102339763090192611,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=251 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1592 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4504 /prefetch:8
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1580,6883771629270540781,12542406400687283221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2794f50,0x7ffca2794f60,0x7ffca2794f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1620 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2040 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4928 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5044 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-databases --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6164 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7036 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2312 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3320 /prefetch:8
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7064 /prefetch:8
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\CSGhost-v4.rar"
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Downloads\CSGhost-v4.exe
"C:\Users\Admin\Downloads\CSGhost-v4.exe"
C:\Users\Admin\Desktop\CSGhost-v4.exe
"C:\Users\Admin\Desktop\CSGhost-v4.exe"
C:\Program Files (x86)\PCProtect\PCProtect.exe
"C:\Program Files (x86)\PCProtect\PCProtect.exe" --custom-scan-context --custom-scan-archives --custom-scan-files="C:\Users\Admin\Desktop\CSGhost-v4.exe" --hide
C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe
"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4860 /prefetch:8
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6628 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4828 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6840 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6640 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=patch.mojom.FilePatcher --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7268 /prefetch:8
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7572 /prefetch:8
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip"
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master.zip"
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
C:\Program Files\WinZip\winzip64.exe
"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\RANSOMWARE-WANNACRY-2.0-master\RANSOMWARE-WANNACRY-2.0-master\Ransomware.WannaCry.zip"
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe
"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Program Files\WinZip\WzWipe32.exe
"C:\Program Files\WinZip\WzWipe32.exe" "C:\Users\Admin\AppData\Local\Temp\wzd406" /nWinZip
C:\Program Files (x86)\PCProtect\PCProtect.exe
"C:\Program Files (x86)\PCProtect\PCProtect.exe" --custom-scan-context --custom-scan-archives --custom-scan-files="C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe" --hide
C:\Program Files (x86)\PCProtect\Savapi\avupdate.exe
"C:\Program Files (x86)\PCProtect\\Savapi\avupdate.exe" --config=avupdate-savapilib-engine.conf --check-product --no-dns-resolve --internet-srvs=https://definition.protected.net --peak-handling-srvs=https://definition.protected.net
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Desktop\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
C:\Windows\SysWOW64\attrib.exe
attrib +h .
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,12274100893667350810,14579566872038565088,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
taskdl.exe
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3e93855 /state1:0x41c64e6d
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 216.58.214.14:80 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5---sn-5hneknek.gvt1.com | udp |
| NL | 74.125.8.138:80 | r5---sn-5hneknek.gvt1.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | chrome.google.com | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 216.58.214.8:443 | ssl.google-analytics.com | tcp |
| NL | 142.251.36.10:443 | content-autofill.googleapis.com | tcp |
| NL | 216.58.214.8:443 | udp | |
| NL | 216.58.214.3:443 | ssl.gstatic.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | udp |
| NL | 142.251.39.97:443 | udp | |
| US | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| NL | 142.251.36.10:443 | udp | |
| NL | 216.58.214.3:443 | udp | |
| NL | 142.251.39.106:443 | scone-pa.clients6.google.com | tcp |
| NL | 142.251.39.106:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 216.58.214.14:443 | apis.google.com | tcp |
| NL | 216.58.214.14:443 | apis.google.com | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 216.58.214.3:443 | id.google.com | tcp |
| DE | 142.132.203.69:443 | cheatersoul.com | tcp |
| DE | 142.132.203.69:443 | tcp | |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 104.110.191.182:80 | apps.identrust.com | tcp |
| NL | 142.251.36.10:443 | udp | |
| US | 192.0.73.2:443 | www.gravatar.com | tcp |
| US | 151.139.242.29:443 | tcp | |
| US | 104.18.22.52:443 | kit.fontawesome.com | tcp |
| DE | 136.243.63.184:443 | tcp | |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 104.18.22.52:443 | kit.fontawesome.com | tcp |
| US | 104.21.30.41:443 | tcp | |
| US | 104.21.30.41:443 | ka-f.fontawesome.com | tcp |
| US | 104.21.30.41:443 | tcp | |
| DE | 136.243.63.186:443 | tcp | |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 93.184.220.29:80 | tcp | |
| US | 8.247.210.254:80 | tcp | |
| NL | 142.251.36.1:443 | tcp | |
| NL | 142.251.36.1:443 | udp | |
| US | 216.239.32.36:443 | udp | |
| NL | 142.251.36.38:443 | static.doubleclick.net | tcp |
| US | 169.62.154.242:443 | www.dreamstime.com | tcp |
| US | 169.62.154.242:443 | tcp | |
| US | 40.76.84.176:443 | tcp | |
| US | 192.229.233.122:443 | tcp | |
| US | 192.229.233.122:443 | tcp | |
| US | 192.229.233.122:443 | tcp | |
| US | 157.240.240.1:443 | tcp | |
| RU | 77.88.21.119:443 | tcp | |
| FR | 2.22.147.89:443 | client.px-cloud.net | tcp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 104.26.13.59:443 | www.clickcease.com | tcp |
| US | 35.244.240.189:443 | seoab.io | tcp |
| US | 35.186.220.184:443 | collector-px2e972lwz.px-cloud.net | tcp |
| US | 142.250.102.155:443 | udp | |
| US | 35.244.240.189:443 | seoab.io | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.251.36.3:443 | www.google.nl | tcp |
| US | 35.186.220.184:443 | tcp | |
| NL | 142.251.36.38:443 | udp | |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 216.58.214.14:80 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.202:80 | r5---sn-5hnednss.gvt1.com | tcp |
| NL | 216.58.214.3:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| US | 76.76.21.21:443 | dogefiles.io | tcp |
| US | 76.76.21.93:443 | www.dogefiles.io | tcp |
| NL | 13.227.211.212:443 | dw55pg05c2rl5.cloudfront.net | tcp |
| NL | 52.222.137.80:443 | dba9ytko5p72r.cloudfront.net | tcp |
| US | 104.21.45.207:443 | tcp | |
| US | 104.21.45.207:443 | freychang.fun | tcp |
| NL | 13.227.219.7:443 | ospicalad.buzz | tcp |
| US | 172.67.139.211:443 | tcp | |
| NL | 52.222.139.88:443 | tcp | |
| NL | 52.222.137.80:443 | dba9ytko5p72r.cloudfront.net | tcp |
| US | 157.240.240.35:443 | tcp | |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| US | 192.243.59.20:443 | tcp | |
| DE | 52.29.132.48:443 | tcp | |
| US | 192.243.59.13:443 | tcp | |
| US | 192.243.59.13:443 | tcp | |
| US | 192.243.59.13:443 | tcp | |
| US | 192.243.59.13:443 | tcp | |
| US | 192.243.59.13:443 | tcp | |
| US | 192.243.59.13:443 | tcp | |
| NL | 130.117.252.16:443 | s3.eu-central-1.wasabisys.com | tcp |
| NL | 45.133.44.9:443 | tcp | |
| NL | 45.133.44.9:443 | cdn.cloudimagesb.com | tcp |
| NL | 31.220.27.134:443 | s.viinxd.com | tcp |
| US | 172.67.217.88:443 | xml.serve-servee.com | tcp |
| NL | 45.133.44.36:443 | i.cdnkimg.com | tcp |
| US | 76.76.21.93:443 | www.dogefiles.io | tcp |
| DE | 18.193.209.105:443 | api.datastattech.com | tcp |
| US | 172.67.174.187:443 | getsecuritysuite.com | tcp |
| US | 104.17.24.14:443 | tcp | |
| NL | 142.251.39.97:443 | udp | |
| FR | 2.18.228.108:443 | tcp | |
| NL | 216.58.214.8:443 | udp | |
| NL | 216.58.214.14:443 | redirector.gvt1.com | udp |
| NL | 142.251.39.106:443 | udp | |
| NL | 142.251.39.97:443 | udp | |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | r2---sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.71:80 | r2---sn-5hneknee.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | google.com | tcp |
| US | 108.156.60.105:443 | tcp | |
| US | 108.156.60.105:443 | mepositis.com | tcp |
| US | 188.114.97.0:443 | get.cehdw.com | tcp |
| US | 188.114.97.0:443 | install.ultramapsearch.com | tcp |
| US | 69.16.175.42:443 | tcp | |
| US | 69.16.175.42:443 | tcp | |
| US | 69.16.175.42:443 | tcp | |
| US | 188.114.97.3:443 | trk-consulatu.com | tcp |
| US | 69.16.175.42:443 | tcp | |
| US | 69.16.175.42:443 | tcp | |
| US | 69.16.175.42:443 | tcp | |
| US | 188.114.97.0:443 | install.ultramapsearch.com | tcp |
| US | 188.114.97.0:443 | event.trk-consulatu.com | tcp |
| NL | 216.58.214.3:443 | udp | |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| NL | 13.69.68.17:443 | tcp | |
| NL | 142.250.179.206:443 | udp | |
| US | 188.114.96.3:443 | ultramapsearch.com | tcp |
| US | 188.114.96.3:443 | tcp | |
| US | 8.8.8.8:53 | subscription.trk-consulatu.com | udp |
| US | 151.139.128.11:443 | static-02.veve.com | tcp |
| US | 151.139.128.11:443 | static-02.veve.com | tcp |
| US | 151.139.128.11:443 | static-02.veve.com | tcp |
| US | 34.96.99.173:443 | tcp | |
| US | 34.96.99.173:443 | tcp | |
| US | 151.139.128.11:443 | static-02.veve.com | tcp |
| US | 151.139.128.11:443 | static-02.veve.com | tcp |
| NL | 142.251.36.1:443 | udp | |
| US | 216.239.32.116:443 | tcp | |
| US | 216.239.34.117:443 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 216.239.32.116:443 | udp | |
| US | 216.239.34.117:443 | udp | |
| US | 8.8.8.8:53 | r3---sn-5hne6nzk.gvt1.com | udp |
| NL | 172.217.132.136:80 | r3---sn-5hne6nzk.gvt1.com | tcp |
| US | 104.21.88.28:443 | get.spefp.com | tcp |
| US | 104.21.24.110:443 | install.youradsblocksearch.com | tcp |
| US | 69.16.175.42:443 | tcp | |
| US | 69.16.175.42:443 | tcp | |
| US | 69.16.175.42:443 | tcp | |
| GB | 94.31.29.32:443 | tcp | |
| NL | 142.250.179.142:443 | udp | |
| DE | 18.193.209.105:443 | api.datastattech.com | tcp |
| NL | 13.227.219.7:443 | ospicalad.buzz | tcp |
| US | 35.224.74.90:443 | tcp | |
| US | 34.117.198.220:443 | www.totalav.com | tcp |
| US | 35.244.242.197:443 | tcp | |
| US | 35.244.242.197:443 | tcp | |
| US | 35.186.251.103:443 | tcp | |
| US | 35.186.251.103:443 | tcp | |
| NL | 52.222.139.21:443 | widget.trustpilot.com | tcp |
| US | 104.16.244.78:443 | api.dogefiles.io | tcp |
| US | 44.195.137.121:443 | tcp | |
| CA | 34.130.135.16:443 | e2c21.gcp.gvt2.com | tcp |
| NL | 172.217.168.227:443 | beacons.gvt2.com | tcp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| NL | 142.250.179.206:443 | udp | |
| DE | 18.193.209.105:443 | api.datastattech.com | tcp |
| NL | 130.117.252.29:443 | dogefiles-main.s3.eu-central-1.wasabisys.com | tcp |
| NL | 130.117.252.29:443 | tcp | |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 8.8.8.8:53 | r5---sn-5hnednsz.gvt1.com | udp |
| NL | 74.125.8.234:80 | r5---sn-5hnednsz.gvt1.com | tcp |
| US | 216.239.32.36:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| NL | 142.250.179.142:443 | udp | |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| IE | 212.82.100.137:443 | uk.search.yahoo.com | tcp |
| BE | 87.248.116.12:443 | s.yimg.com | tcp |
| IE | 212.82.100.137:443 | tcp | |
| IE | 212.82.100.137:443 | search.yahoo.com | tcp |
| NL | 142.251.36.10:443 | udp | |
| US | 204.79.197.200:443 | tcp | |
| US | 204.79.197.200:443 | tcp | |
| FR | 2.16.118.210:443 | tcp | |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| NL | 142.250.179.134:443 | 9717383.fls.doubleclick.net | tcp |
| US | 104.16.122.175:443 | unpkg.com | tcp |
| FR | 2.22.22.209:443 | snap.licdn.com | tcp |
| NL | 142.250.179.134:443 | udp | |
| NL | 142.250.179.134:443 | udp | |
| NL | 23.2.173.2:443 | munchkin.marketo.net | tcp |
| US | 157.240.240.1:443 | tcp | |
| US | 104.16.168.82:443 | tcp | |
| US | 104.16.148.64:443 | cdn.cookielaw.org | tcp |
| US | 52.71.153.123:443 | tcp | |
| US | 104.19.147.8:443 | script.crazyegg.com | tcp |
| US | 13.107.42.14:443 | tcp | |
| US | 142.250.102.155:443 | udp | |
| NL | 142.251.36.3:443 | udp | |
| US | 104.16.148.64:443 | cdn.cookielaw.org | tcp |
| CZ | 87.249.137.50:443 | a.opmnstr.com | tcp |
| US | 172.64.155.64:443 | cookies-data.onetrust.io | tcp |
| US | 104.18.41.98:443 | geolocation.onetrust.com | tcp |
| US | 40.90.65.7:443 | tcp | |
| US | 8.8.8.8:53 | 280-qdk-215.mktoresp.com | udp |
| US | 54.231.135.176:443 | tcp | |
| CZ | 87.249.137.50:443 | a.omappapi.com | tcp |
| FR | 2.16.118.210:443 | tcp | |
| NL | 52.222.139.57:443 | tcp | |
| US | 192.28.147.68:443 | 280-qdk-215.mktoresp.com | tcp |
| US | 192.28.147.68:443 | 280-qdk-215.mktoresp.com | tcp |
| NL | 52.222.139.21:443 | pagestates-tracking.crazyegg.com | tcp |
| NL | 13.227.219.118:443 | assets-tracking.crazyegg.com | tcp |
| US | 104.18.31.151:443 | signals.aimtell.com | tcp |
| US | 104.22.71.231:443 | cdn.aimtell.io | tcp |
| US | 172.64.146.158:443 | privacyportal.onetrust.com | tcp |
| NL | 104.110.191.19:443 | download.winzip.com | tcp |
| NL | 104.110.191.19:443 | tcp | |
| US | 20.120.124.64:443 | tcp | |
| IE | 34.252.186.19:443 | tcp | |
| US | 20.234.93.27:443 | tcp | |
| US | 8.8.8.8:53 | www.installportal.com | udp |
| US | 52.34.110.169:443 | www.installportal.com | tcp |
| IE | 188.125.72.139:443 | geo.yahoo.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.170:443 | safebrowsing.googleapis.com | tcp |
| NL | 172.217.168.227:443 | udp | |
| US | 52.34.110.169:443 | www.installportal.com | tcp |
| US | 52.34.110.169:443 | www.installportal.com | tcp |
| US | 8.8.8.8:53 | download.winzip.com | udp |
| NL | 104.110.191.19:443 | download.winzip.com | tcp |
| NL | 104.110.191.19:443 | download.winzip.com | tcp |
| US | 8.8.8.8:53 | r2---sn-5hnednsz.gvt1.com | udp |
| NL | 74.125.8.231:80 | r2---sn-5hnednsz.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1---sn-5hne6nz6.gvt1.com | udp |
| NL | 74.125.100.198:80 | r1---sn-5hne6nz6.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 108.156.60.73:443 | miliated.xyz | tcp |
| DE | 136.243.66.133:443 | img.cdn.house | tcp |
| DE | 136.243.66.133:443 | tcp | |
| DE | 157.90.32.219:443 | tcp | |
| US | 104.19.134.78:443 | c.mgid.com | tcp |
| DE | 157.90.33.71:443 | tcp | |
| US | 174.137.133.17:443 | tcp | |
| US | 174.137.133.17:443 | tcp | |
| US | 151.139.128.11:443 | static.pushub.net | tcp |
| US | 151.139.128.11:443 | tcp | |
| NL | 142.250.179.142:443 | udp | |
| NL | 45.133.44.36:443 | i.cdnkimg.com | tcp |
| US | 213.174.153.244:443 | u.viiadr.com | tcp |
| NL | 142.250.179.170:443 | udp | |
| DE | 157.90.32.219:443 | tcp | |
| DE | 157.90.33.71:443 | tcp | |
| US | 216.239.32.116:443 | udp | |
| US | 8.8.8.8:53 | r1---sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.70:80 | r1---sn-5hneknee.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| DE | 157.90.32.219:443 | tcp | |
| DE | 157.90.33.71:443 | tcp | |
| DE | 157.90.32.219:443 | tcp | |
| DE | 157.90.33.71:443 | tcp | |
| US | 13.107.21.200:443 | tcp | |
| NL | 216.58.214.3:443 | udp | |
| US | 8.8.8.8:53 | r5---sn-5hne6nz6.gvt1.com | udp |
| NL | 74.125.100.202:80 | r5---sn-5hne6nz6.gvt1.com | tcp |
| US | 8.8.8.8:53 | www.installportal.com | udp |
| US | 52.40.3.156:443 | www.installportal.com | tcp |
| US | 8.8.8.8:53 | www.zipshare.com | udp |
| US | 18.118.238.66:443 | www.zipshare.com | tcp |
| US | 8.8.8.8:53 | update.winzip.com | udp |
| US | 34.230.108.37:443 | update.winzip.com | tcp |
| US | 8.8.8.8:53 | download.winzip.com | udp |
| NL | 104.110.191.19:80 | download.winzip.com | tcp |
| US | 216.239.32.116:443 | udp | |
| NL | 142.250.179.142:443 | udp | |
| US | 8.8.8.8:53 | www.winzip.com | udp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| US | 8.8.8.8:53 | www.winzip.com | udp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| IE | 20.82.250.189:443 | smartscreen-prod.microsoft.com | tcp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.134:443 | 4057990.fls.doubleclick.net | tcp |
| NL | 142.250.179.134:443 | udp | |
| US | 104.16.149.64:443 | tcp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 104.19.148.8:443 | script.crazyegg.com | tcp |
| JP | 182.22.24.124:443 | tcp | |
| US | 104.16.123.175:443 | tcp | |
| FR | 2.22.22.209:443 | snap.licdn.com | tcp |
| NL | 23.2.173.2:443 | munchkin.marketo.net | tcp |
| US | 157.240.240.1:443 | tcp | |
| US | 54.144.252.31:443 | tcp | |
| US | 104.16.168.82:443 | tcp | |
| US | 8.8.8.8:53 | update.winzip.com | udp |
| US | 34.230.108.37:443 | update.winzip.com | tcp |
| US | 34.230.108.37:443 | update.winzip.com | tcp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| US | 8.8.8.8:53 | ipm.corel.com | udp |
| NL | 104.110.191.39:443 | ipm.corel.com | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| NL | 52.222.137.141:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 54.213.213.26:443 | api.amplitude.com | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| NL | 216.58.214.14:80 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-5hnekn76.gvt1.com | udp |
| NL | 209.85.226.8:80 | r3---sn-5hnekn76.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 216.239.34.117:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.196.0.153:443 | udp | |
| US | 104.196.0.153:443 | udp | |
| US | 104.196.0.153:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | bzu7axyrxjaerrkafrdt-mysql.services.clever-cloud.com | udp |
| FR | 185.42.117.115:3306 | bzu7axyrxjaerrkafrdt-mysql.services.clever-cloud.com | tcp |
| FR | 185.42.117.115:3306 | bzu7axyrxjaerrkafrdt-mysql.services.clever-cloud.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 216.58.214.14:80 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-5hnednsz.gvt1.com | udp |
| NL | 74.125.8.232:80 | r3---sn-5hnednsz.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| IE | 212.82.100.137:443 | uk.search.yahoo.com | tcp |
| US | 8.8.8.8:53 | api.getsecuritysuite.com | udp |
| US | 8.8.8.8:53 | api.ultramapsearch.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| US | 104.21.80.63:443 | api.getsecuritysuite.com | tcp |
| US | 188.114.96.0:443 | api.ultramapsearch.com | tcp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | suggestqueries.google.com | udp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| US | 8.8.8.8:53 | feed.ultramapsearch.com | udp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| US | 8.8.8.8:53 | uk.search.yahoo.com | udp |
| IE | 212.82.100.137:443 | uk.search.yahoo.com | tcp |
| US | 8.8.8.8:53 | sp.yimg.com | udp |
| BE | 87.248.116.11:443 | sp.yimg.com | tcp |
| BE | 87.248.116.11:443 | sp.yimg.com | tcp |
| BE | 87.248.116.11:443 | sp.yimg.com | tcp |
| US | 8.8.8.8:53 | uk.images.search.yahoo.com | udp |
| US | 8.8.8.8:53 | r.search.yahoo.com | udp |
| US | 8.8.8.8:53 | uk.news.search.yahoo.com | udp |
| US | 8.8.8.8:53 | uk.video.search.yahoo.com | udp |
| US | 8.8.8.8:53 | s.yimg.com | udp |
| US | 8.8.8.8:53 | legal.yahoo.com | udp |
| US | 8.8.8.8:53 | cc.bingj.com | udp |
| US | 8.8.8.8:53 | uk.help.yahoo.com | udp |
| US | 8.8.8.8:53 | uk.norton.com | udp |
| US | 8.8.8.8:53 | uk.pcmag.com | udp |
| US | 8.8.8.8:53 | www.avast.com | udp |
| US | 8.8.8.8:53 | www.avg.com | udp |
| US | 8.8.8.8:53 | www.avira.com | udp |
| US | 8.8.8.8:53 | www.kaspersky.co.uk | udp |
| US | 8.8.8.8:53 | www.techradar.com | udp |
| US | 8.8.8.8:53 | yahoo.uservoice.com | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| CA | 23.227.38.32:443 | simplyantivirus.co.uk | tcp |
| US | 104.16.255.71:443 | cdn.shopify.com | tcp |
| US | 104.16.255.71:443 | tcp | |
| US | 104.16.255.71:443 | cdn.shopify.com | tcp |
| NL | 216.58.208.106:443 | ajax.googleapis.com | tcp |
| NL | 52.222.139.85:443 | tcp | |
| US | 52.217.197.96:443 | tcp | |
| CA | 23.227.38.33:443 | shop.app | tcp |
| US | 104.16.255.71:443 | monorail-edge.shopifysvc.com | tcp |
| US | 157.240.201.15:443 | tcp | |
| US | 52.217.197.96:443 | tcp | |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| US | 157.240.247.35:443 | tcp | |
| US | 172.67.5.146:443 | www.powr.io | tcp |
| NL | 142.251.36.16:443 | tcp | |
| US | 185.93.1.242:443 | cdn.kilatechapps.com | tcp |
| US | 13.107.246.67:443 | tcp | |
| NL | 13.227.219.102:443 | ecommplugins-trustboxsettings.trustpilot.com | tcp |
| NL | 13.227.219.4:443 | ecommplugins-scripts.trustpilot.com | tcp |
| NL | 13.227.219.42:443 | invitejs.trustpilot.com | tcp |
| NL | 216.58.208.106:443 | udp | |
| US | 104.16.255.71:443 | monorail-edge.shopifysvc.com | tcp |
| NL | 142.251.36.38:443 | udp | |
| NL | 142.251.36.38:443 | tcp | |
| NL | 142.251.36.42:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.42:443 | udp | |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.22:443 | i.ytimg.com | tcp |
| IE | 188.125.72.139:443 | geo.yahoo.com | tcp |
| NL | 142.251.36.16:443 | udp | |
| IE | 34.243.171.104:443 | tcp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.170:443 | safebrowsing.googleapis.com | tcp |
| IE | 34.243.171.104:443 | tcp | |
| NL | 65.9.86.120:443 | miliated.xyz | tcp |
| DE | 144.76.223.81:443 | img.cdn.house | tcp |
| NL | 65.9.86.72:443 | nedaugha.buzz | tcp |
| US | 107.22.28.167:443 | tcp | |
| US | 35.224.74.90:443 | tcp | |
| US | 34.117.198.220:443 | www.totalav.com | tcp |
| NL | 142.250.179.142:443 | udp | |
| US | 35.244.242.197:443 | assets.totalav.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.170:443 | udp | |
| US | 165.227.250.67:443 | www.trustedantiviruscompare.com | tcp |
| US | 165.227.250.67:443 | www.trustedantiviruscompare.com | tcp |
| US | 165.227.250.67:443 | www.trustedantiviruscompare.com | tcp |
| US | 165.227.250.67:443 | www.trustedantiviruscompare.com | tcp |
| US | 165.227.250.67:443 | www.trustedantiviruscompare.com | tcp |
| US | 165.227.250.67:443 | www.trustedantiviruscompare.com | tcp |
| NL | 142.251.36.2:443 | udp | |
| NL | 142.251.36.3:443 | udp | |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| NL | 216.58.214.14:80 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1---sn-5hnekn7l.gvt1.com | udp |
| NL | 74.125.100.6:80 | r1---sn-5hnekn7l.gvt1.com | tcp |
| NL | 142.250.179.142:443 | udp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:53 | r1---sn-5hnekn7s.gvt1.com | udp |
| NL | 74.125.100.38:80 | r1---sn-5hnekn7s.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5---sn-5hneknes.gvt1.com | udp |
| NL | 74.125.8.202:80 | r5---sn-5hneknes.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.201:80 | r4---sn-5hnednss.gvt1.com | tcp |
| HK | 34.92.0.27:443 | tcp | |
| HK | 34.92.0.27:443 | tcp | |
| US | 8.8.8.8:53 | r3---sn-5hneknes.gvt1.com | udp |
| NL | 74.125.8.200:80 | r3---sn-5hneknes.gvt1.com | tcp |
| NL | 142.250.179.142:443 | udp | |
| NL | 142.251.36.35:443 | udp | |
| NL | 142.251.36.2:443 | udp | |
| NL | 74.125.8.231:80 | r2---sn-5hnednsz.gvt1.com | tcp |
| NL | 104.126.126.228:443 | www.mcafee.com | tcp |
| IE | 34.251.67.138:443 | tcp | |
| NL | 104.80.224.132:443 | tcp | |
| IE | 54.74.157.109:443 | tcp | |
| NL | 95.101.58.226:443 | tcp | |
| NL | 104.109.143.14:443 | tcp | |
| NL | 104.109.143.150:443 | tcp | |
| NL | 104.109.143.153:443 | tcp | |
| NL | 104.109.143.14:443 | tcp | |
| NL | 104.80.228.241:443 | tcp | |
| NL | 13.227.219.125:443 | images.scanalert.com | tcp |
| NL | 193.67.130.68:443 | tcp | |
| NL | 193.67.130.68:443 | tcp | |
| FR | 2.18.108.8:443 | tcp | |
| FR | 2.18.108.8:443 | tcp | |
| NL | 52.222.139.19:443 | static.hotjar.com | tcp |
| NL | 13.227.219.120:443 | script.hotjar.com | tcp |
| FR | 15.188.95.229:443 | smetrics.mcafee.com | tcp |
| US | 3.95.114.176:443 | tcp | |
| US | 3.95.114.176:443 | tcp | |
| US | 3.95.114.176:443 | tcp | |
| NL | 13.227.219.93:443 | vars.hotjar.com | tcp |
| NL | 193.67.130.68:443 | tcp | |
| NL | 216.58.208.106:443 | udp | |
| NL | 209.85.226.8:80 | r3---sn-5hnekn76.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-5hne6ns6.gvt1.com | udp |
| NL | 209.85.226.104:80 | r3---sn-5hne6ns6.gvt1.com | tcp |
| US | 104.208.16.0:443 | tcp | |
| US | 34.117.39.58:443 | tcp | |
| US | 35.201.112.186:443 | tcp | |
| US | 54.221.96.38:443 | tcp | |
| NL | 199.232.148.157:443 | tcp | |
| NL | 104.123.40.204:443 | tcp | |
| US | 157.240.240.1:443 | tcp | |
| US | 216.239.38.21:443 | jelly.mdhv.io | tcp |
| DE | 91.228.74.208:443 | tcp | |
| FR | 2.18.99.124:443 | cdn1.adoberesources.net | tcp |
| IE | 34.251.12.17:443 | tcp | |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 104.244.42.131:443 | analytics.twitter.com | tcp |
| US | 104.208.16.0:443 | tcp | |
| US | 35.186.194.58:443 | rs.fullstory.com | tcp |
| NL | 52.222.139.13:443 | rules.quantcount.com | tcp |
| FR | 13.36.218.177:443 | adobedc.demdex.net | tcp |
| US | 54.221.96.38:443 | tcp | |
| NL | 13.227.211.80:443 | d6tizftlrpuof.cloudfront.net | tcp |
| US | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 142.251.36.3:443 | tcp | |
| NL | 142.251.36.3:443 | udp | |
| US | 161.69.29.243:443 | tcp | |
| US | 161.69.29.243:443 | tcp | |
| IE | 3.251.27.103:443 | tcp | |
| IE | 34.248.32.199:443 | tcp | |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| NL | 13.227.219.45:443 | cdn-live.conductor.com | tcp |
| NL | 13.227.219.45:443 | cdn-live.conductor.com | tcp |
| NL | 142.250.179.142:443 | udp | |
| US | 216.239.32.116:443 | udp | |
| US | 216.239.32.116:443 | tcp | |
| US | 8.8.8.8:53 | r2---sn-5hneknes.gvt1.com | udp |
| NL | 74.125.8.199:80 | r2---sn-5hneknes.gvt1.com | tcp |
| US | 45.33.26.104:443 | tcp | |
| US | 45.33.26.104:443 | tcp | |
| US | 74.117.183.142:443 | tcp | |
| US | 199.101.132.243:443 | tcp | |
| HK | 34.92.0.27:443 | tcp | |
| HK | 34.92.0.27:443 | tcp | |
| US | 216.239.34.36:443 | udp | |
| US | 216.239.34.36:443 | tcp | |
| NL | 142.251.36.1:443 | udp | |
| NL | 142.251.36.34:443 | cm.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | udp | |
| US | 45.33.26.104:443 | tcp | |
| US | 35.227.233.104:443 | totalav-essential-antivirus.en.softonic.com | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| US | 151.101.1.91:443 | sc.sftcdn.net | tcp |
| NL | 23.2.172.179:443 | images.sftcdn.net | tcp |
| NL | 54.192.85.4:443 | c.amazon-adsystem.com | tcp |
| NL | 52.222.139.114:443 | tcp | |
| FR | 2.18.103.174:443 | tcp | |
| NL | 52.222.139.48:443 | cdn-magiclinks.trackonomics.net | tcp |
| US | 50.31.142.63:443 | tcp | |
| NL | 54.192.85.4:443 | c.amazon-adsystem.com | tcp |
| FR | 2.18.104.95:443 | c.aaxads.com | tcp |
| IT | 104.212.67.188:443 | tcp | |
| NL | 142.250.179.174:443 | suggestqueries.google.com | tcp |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| NL | 142.250.179.134:443 | 8876029.fls.doubleclick.net | tcp |
| NL | 13.227.219.51:443 | b-code.liadm.com | tcp |
| NL | 142.250.179.134:443 | udp | |
| FR | 2.18.103.237:443 | www.aaxdetect.com | tcp |
| US | 3.94.138.127:443 | tcp | |
| DE | 139.45.240.92:443 | tcp | |
| US | 20.120.124.64:443 | tcp | |
| NL | 52.222.139.52:443 | trx-hub.com | tcp |
| NL | 13.227.219.60:443 | api.privacy-center.org | tcp |
| US | 104.18.18.126:443 | tcp | |
| US | 104.18.18.126:443 | tcp | |
| NL | 185.89.211.12:443 | tcp | |
| IE | 52.19.67.137:443 | tcp | |
| IE | 52.19.67.137:443 | tcp | |
| NL | 213.19.162.51:443 | tcp | |
| DE | 18.156.195.47:443 | tcp | |
| DE | 18.156.195.47:443 | tcp | |
| DE | 18.156.195.47:443 | c2shb.pubgw.yahoo.com | tcp |
| DE | 18.156.195.47:443 | tcp | |
| DE | 18.156.195.47:443 | tcp | |
| DE | 18.156.195.47:443 | tcp | |
| NL | 185.64.189.112:443 | tcp | |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| IE | 52.95.122.74:443 | tcp | |
| NL | 142.250.179.161:443 | aace117fb7d5735f942adfd55968d6af.safeframe.googlesyndication.com | tcp |
| FR | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 141.95.98.69:443 | id5-sync.com | tcp |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| DE | 3.121.203.93:443 | tcp | |
| US | 104.18.18.126:443 | ssum-sec.casalemedia.com | tcp |
| US | 104.18.19.126:443 | r.casalemedia.com | tcp |
| NL | 87.248.202.119:443 | player.anyclip.com | tcp |
| NL | 87.248.202.119:443 | player.anyclip.com | tcp |
| FR | 2.18.97.238:443 | tcp | |
| NL | 87.248.202.119:443 | config.anyclip.com | tcp |
| NL | 142.250.179.170:443 | udp | |
| US | 52.202.194.25:443 | tcp | |
| US | 52.202.194.25:443 | tcp | |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| US | 35.172.10.216:443 | tcp | |
| NL | 142.250.179.170:443 | tcp | |
| NL | 142.250.179.170:443 | tcp | |
| US | 104.18.114.97:443 | tcp | |
| NL | 87.248.202.119:443 | assets.anyclip.com | tcp |
| NL | 142.250.179.166:443 | tcp | |
| IE | 18.200.222.149:443 | tcp | |
| NL | 142.250.179.170:443 | udp | |
| US | 188.114.97.3:443 | cdn-av-download.avastbrowser.com | tcp |
| US | 35.172.10.216:443 | tcp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.166:443 | udp | |
| DE | 3.126.56.137:443 | ups.analytics.yahoo.com | tcp |
| NL | 142.250.179.166:443 | udp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | r1---sn-5hneknek.gvt1.com | udp |
| NL | 74.125.8.134:80 | r1---sn-5hneknek.gvt1.com | tcp |
| NL | 104.126.125.209:443 | eus.rubiconproject.com | tcp |
| US | 35.227.233.104:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 151.101.1.108:443 | tcp | |
| US | 35.244.159.8:443 | tcp | |
| US | 13.248.245.213:443 | tcp | |
| US | 52.223.40.198:443 | tcp | |
| US | 52.46.143.56:443 | tcp | |
| US | 104.21.41.243:443 | tcp | |
| FR | 185.86.139.104:443 | ssbsync.smartadserver.com | tcp |
| FR | 2.18.99.184:443 | tcp | |
| NL | 13.227.219.92:443 | ms-cookie-sync.presage.io | tcp |
| NL | 13.227.219.92:443 | ms-cookie-sync.presage.io | tcp |
| NL | 141.226.228.48:443 | tcp | |
| US | 104.18.18.126:443 | tcp | |
| DK | 37.157.6.242:443 | tcp | |
| IE | 52.212.196.36:443 | tcp | |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 104.109.143.163:443 | ads.stickyadstv.com | tcp |
| NL | 87.248.202.119:443 | cdn5.anyclip.com | tcp |
| NL | 87.248.202.119:443 | assets.anyclip.com | tcp |
| NL | 213.19.162.90:443 | tcp | |
| NL | 213.19.162.90:443 | tcp | |
| US | 13.107.42.14:443 | tcp | |
| NL | 213.19.162.90:443 | tcp | |
| BE | 87.248.116.12:443 | uk.help.yahoo.com | tcp |
| IE | 52.213.136.222:443 | tcp | |
| IE | 52.213.136.222:443 | tcp | |
| US | 151.101.2.49:443 | tcp | |
| NL | 89.207.16.201:443 | tcp | |
| DE | 135.125.160.77:443 | gu.dyntrk.com | tcp |
| US | 104.18.19.126:443 | dsum.casalemedia.com | tcp |
| NL | 193.0.160.129:443 | tcp | |
| NL | 142.250.179.163:443 | udp | |
| GB | 185.64.190.78:443 | tcp | |
| SE | 213.155.156.185:443 | d5p.de17a.com | tcp |
| NL | 185.29.134.248:443 | tcp | |
| NL | 185.64.189.110:443 | tcp | |
| NL | 178.250.2.151:443 | dis.criteo.com | tcp |
| GB | 185.64.190.81:443 | tcp | |
| FR | 141.94.171.213:443 | pixel.onaudience.com | tcp |
| IE | 63.34.67.128:443 | tcp | |
| NL | 169.50.137.184:443 | tcp | |
| NL | 104.80.225.228:443 | tags.bluekai.com | tcp |
| GB | 185.64.190.80:443 | tcp | |
| HK | 34.92.0.27:443 | tcp | |
| US | 3.84.65.210:443 | tcp | |
| US | 3.84.65.210:443 | tcp | |
| US | 3.84.65.210:443 | tcp | |
| US | 3.84.65.210:443 | tcp | |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| NL | 52.222.139.43:443 | s.ad.smaato.net | tcp |
| US | 64.202.112.191:443 | tcp | |
| DE | 52.57.188.199:443 | tcp | |
| NL | 63.215.202.137:443 | tcp | |
| NL | 216.52.2.48:443 | ap.lijit.com | tcp |
| IE | 52.48.133.87:443 | tcp | |
| NL | 213.19.147.45:443 | tcp | |
| US | 174.137.133.17:443 | tcp | |
| US | 174.137.133.17:443 | tcp | |
| NL | 216.52.2.30:443 | ce.lijit.com | tcp |
| NL | 213.19.147.44:443 | tcp | |
| DE | 37.252.172.45:443 | tcp | |
| NL | 104.123.40.23:443 | contextual.media.net | tcp |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| US | 3.211.251.13:443 | tcp | |
| US | 3.211.251.13:443 | tcp | |
| US | 172.217.214.120:443 | csi.gstatic.com | tcp |
| US | 172.217.214.120:443 | tcp | |
| US | 172.217.214.120:443 | tcp | |
| US | 3.84.65.210:443 | tcp | |
| NL | 185.89.210.141:443 | tcp | |
| DE | 157.90.0.13:443 | tcp | |
| US | 104.21.41.243:443 | events.catapultx.com | tcp |
| NL | 77.245.57.72:443 | tcp | |
| DE | 54.93.38.236:443 | tcp | |
| US | 35.227.233.104:443 | udp | |
| US | 216.239.34.36:443 | udp | |
| NL | 23.2.172.179:443 | images.sftcdn.net | tcp |
| NL | 178.250.2.130:443 | static.criteo.net | tcp |
| US | 50.31.142.63:443 | tcp | |
| FR | 2.18.104.95:443 | c.aaxads.com | tcp |
| NL | 185.89.211.12:443 | tcp | |
| FR | 178.250.0.157:443 | gum.criteo.com | tcp |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| US | 157.240.201.35:443 | www.facebook.com | tcp |
| NL | 178.250.2.151:443 | sslwidget.criteo.com | tcp |
| NL | 77.245.57.72:443 | tcp | |
| FR | 2.16.118.158:443 | c21lg-d.media.net | tcp |
| FR | 2.16.118.158:443 | hbx.media.net | tcp |
| NL | 142.251.36.3:443 | udp | |
| NL | 23.2.211.147:443 | secure-assets.rubiconproject.com | tcp |
| JP | 202.233.84.1:443 | tcp | |
| DE | 85.114.159.93:443 | tcp | |
| NL | 173.231.181.122:443 | tcp | |
| US | 44.205.38.42:443 | tcp | |
| IE | 52.212.196.36:443 | tcp | |
| US | 198.148.27.140:443 | bh.contextweb.com | tcp |
| US | 104.19.173.108:443 | csync.loopme.me | tcp |
| NL | 213.19.147.45:443 | tcp | |
| IE | 34.242.8.108:443 | tcp | |
| IE | 34.242.8.108:443 | tcp | |
| IE | 52.215.238.82:443 | tcp | |
| US | 8.8.8.8:53 | a.tribalfusion.com | udp |
| US | 8.8.8.8:53 | matching.truffle.bid | udp |
| US | 8.8.8.8:53 | green.erne.co | udp |
| US | 8.8.8.8:53 | core.iprom.net | udp |
| US | 5.161.47.120:443 | matching.truffle.bid | tcp |
| FR | 54.38.38.194:443 | green.erne.co | tcp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 8.8.8.8:53 | match.deepintent.com | udp |
| US | 8.8.8.8:53 | match.bnmla.com | udp |
| US | 8.8.8.8:53 | pm.w55c.net | udp |
| US | 8.8.8.8:53 | visitor.fiftyt.com | udp |
| US | 8.8.8.8:53 | uipglob.semasio.net | udp |
| US | 8.8.8.8:53 | x.bidswitch.net | udp |
| US | 8.8.8.8:53 | a.audrte.com | udp |
| US | 8.8.8.8:53 | ad.turn.com | udp |
| US | 8.8.8.8:53 | pubmatic-match.dotomi.com | udp |
| US | 8.8.8.8:53 | mwzeom.zeotap.com | udp |
| US | 8.8.8.8:53 | match.adsby.bidtheatre.com | udp |
| US | 5.161.47.120:443 | matching.truffle.bid | tcp |
| FR | 54.38.38.194:443 | green.erne.co | tcp |
| SI | 195.5.165.20:443 | core.iprom.net | tcp |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 74.222.140.158:443 | match.bnmla.com | tcp |
| US | 172.64.152.245:443 | a.tribalfusion.com | tcp |
| IE | 54.194.89.172:443 | pm.w55c.net | tcp |
| US | 104.22.25.87:443 | mwzeom.zeotap.com | tcp |
| NL | 178.62.202.251:443 | match.adsby.bidtheatre.com | tcp |
| US | 35.201.96.126:443 | visitor.fiftyt.com | tcp |
| US | 8.8.8.8:53 | pixel-sync.sitescout.com | udp |
| DK | 77.243.60.138:443 | uipglob.semasio.net | tcp |
| DE | 3.127.182.213:443 | x.bidswitch.net | tcp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 3.224.245.7:443 | a.audrte.com | tcp |
| GB | 66.155.71.149:443 | pixel-sync.sitescout.com | tcp |
| FR | 141.94.170.77:443 | pixel-eu.onaudience.com | tcp |
| US | 54.80.1.197:443 | tcp | |
| FR | 185.86.137.133:443 | rtb-csync.smartadserver.com | tcp |
| US | 34.102.253.54:443 | ads.playground.xyz | tcp |
| IE | 54.229.194.244:443 | tcp | |
| DE | 3.127.178.105:443 | tcp | |
| US | 129.158.42.199:443 | sync.technoratimedia.com | tcp |
| FR | 51.255.68.171:443 | dsp.nrich.ai | tcp |
| DE | 37.252.172.45:443 | tcp | |
| NL | 185.64.189.229:443 | tcp | |
| US | 172.217.214.120:443 | udp | |
| US | 192.132.33.46:443 | tcp | |
| US | 64.202.112.191:443 | tcp | |
| US | 34.192.82.213:443 | tcp | |
| US | 34.111.129.221:443 | cr.frontend.weborama.fr | tcp |
| GB | 34.105.225.79:443 | e2c15.gcp.gvt2.com | tcp |
| DE | 139.45.240.92:443 | tcp | |
| US | 64.74.236.127:443 | tcp | |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| DE | 52.57.188.199:443 | tcp | |
| NL | 104.109.249.82:443 | criteo-sync.teads.tv | tcp |
| DE | 35.156.175.32:443 | tcp | |
| IE | 212.82.100.181:443 | tcp | |
| IE | 52.49.242.166:443 | tcp | |
| US | 34.106.86.104:443 | e2c29.gcp.gvt2.com | tcp |
| DE | 52.59.116.64:443 | tcp | |
| NL | 147.75.85.234:443 | prebid.a-mo.net | tcp |
| US | 150.136.25.38:443 | 82177.technoratimedia.com | tcp |
| US | 18.215.83.8:443 | tcp | |
| US | 35.224.74.90:443 | tcp | |
| US | 150.136.25.38:443 | 82177.technoratimedia.com | tcp |
| FR | 178.250.0.162:443 | csm.fr.eu.criteo.net | tcp |
| IE | 18.200.222.149:443 | tcp | |
| FR | 178.250.0.157:443 | gum.criteo.com | tcp |
| US | 50.31.142.63:443 | tcp | |
| NL | 52.222.139.117:443 | tcp | |
| NL | 13.227.219.79:443 | tcp | |
| US | 50.31.142.63:443 | tcp | |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| DE | 139.45.240.92:443 | tcp | |
| NL | 52.222.139.20:443 | cdn.intergient.com | tcp |
| DE | 3.127.200.184:443 | tcp | |
| US | 35.227.233.104:443 | udp | |
| FR | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 139.45.240.92:443 | tcp | |
| DE | 141.95.98.69:443 | id5-sync.com | tcp |
| FR | 2.18.106.161:443 | z.moatads.com | tcp |
| US | 8.8.8.8:53 | config.playwire.com | udp |
| NL | 13.227.219.36:443 | config.playwire.com | tcp |
| GB | 18.169.253.44:443 | tcp | |
| US | 8.8.8.8:53 | r2---sn-5hnekn7z.gvt1.com | udp |
| NL | 74.125.100.103:80 | r2---sn-5hnekn7z.gvt1.com | tcp |
| NL | 77.245.57.72:443 | tcp | |
| NL | 13.227.219.119:443 | cdn.video.playwire.com | tcp |
| JP | 202.233.84.1:443 | tcp | |
| NL | 142.250.179.142:443 | udp | |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 64.74.236.127:443 | tcp | |
| DE | 3.127.182.213:443 | x.bidswitch.net | tcp |
| DE | 52.57.188.199:443 | tcp | |
| FR | 185.86.137.133:443 | rtb-csync.smartadserver.com | tcp |
| DE | 37.252.172.45:443 | tcp | |
| NL | 142.250.179.206:443 | udp | |
| DE | 139.45.240.92:443 | tcp | |
| US | 3.227.250.184:443 | tcp | |
| US | 3.227.250.184:443 | tcp | |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 3.227.250.184:443 | tcp | |
| NL | 142.250.179.163:443 | udp | |
| NL | 74.125.8.234:443 | r5---sn-5hnednsz.gvt1.com | tcp |
| US | 142.250.102.113:443 | s.youtube.com | tcp |
| US | 8.8.8.8:53 | r2---sn-5hnednss.gvt1.com | udp |
| NL | 172.217.132.199:80 | r2---sn-5hnednss.gvt1.com | tcp |
| US | 142.250.102.113:443 | udp | |
| US | 151.101.1.195:443 | powder.gg | tcp |
| NL | 23.209.125.31:443 | getbadgecdn.azureedge.net | tcp |
| NL | 23.209.125.31:443 | getbadgecdn.azureedge.net | tcp |
| US | 13.107.246.67:443 | tcp | |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 13.227.219.92:443 | pc-releases.powder.gg | tcp |
| US | 151.101.1.140:443 | alb.reddit.com | tcp |
| NL | 52.222.137.213:443 | cdn.amplitude.com | tcp |
| US | 44.240.84.34:443 | tcp | |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| IE | 54.154.238.203:443 | tcp | |
| FR | 2.18.104.95:443 | c.aaxads.com | tcp |
| US | 35.227.233.104:443 | udp | |
| NL | 23.2.172.179:443 | images.sftcdn.net | tcp |
| NL | 142.250.179.142:443 | udp | |
| NL | 178.250.2.151:443 | sslwidget.criteo.com | tcp |
| FR | 178.250.0.157:443 | gum.criteo.com | tcp |
| US | 50.31.142.63:443 | tcp | |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| NL | 96.16.53.200:443 | tcp | |
| NL | 96.16.53.200:443 | tcp | |
| NL | 96.16.53.200:443 | tcp | |
| NL | 96.16.53.200:443 | articles-img.sftcdn.net | tcp |
| NL | 96.16.53.200:443 | tcp | |
| NL | 96.16.53.200:443 | tcp | |
| DE | 139.45.240.92:443 | tcp | |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 172.217.214.120:443 | udp | |
| NL | 77.245.57.72:443 | tcp | |
| FR | 2.16.118.158:443 | hbx.media.net | tcp |
| US | 35.227.233.104:443 | udp | |
| NL | 142.251.36.34:443 | udp | |
| US | 64.74.236.127:443 | tcp | |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| DE | 3.127.182.213:443 | x.bidswitch.net | tcp |
| DE | 37.252.172.45:443 | tcp | |
| FR | 185.86.139.114:443 | rtb-csync.smartadserver.com | tcp |
| DE | 35.158.27.81:443 | tcp | |
| NL | 104.109.249.82:443 | criteo-sync.teads.tv | tcp |
| NL | 104.123.40.23:443 | contextual.media.net | tcp |
| DE | 18.156.0.31:443 | ups.analytics.yahoo.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| FR | 178.250.0.162:443 | csm.fr.eu.criteo.net | tcp |
| US | 50.31.142.63:443 | tcp | |
| FR | 178.250.0.157:443 | gum.criteo.com | tcp |
| DE | 52.28.203.152:443 | c2shb.pubgw.yahoo.com | tcp |
| IE | 54.154.103.240:443 | tcp | |
| NL | 185.89.211.12:443 | tcp | |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| NL | 142.251.39.97:443 | udp | |
| NL | 142.250.179.134:443 | udp | |
| FR | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| NL | 77.245.57.72:443 | tcp | |
| NL | 142.251.36.3:443 | udp | |
| DE | 141.95.98.69:443 | id5-sync.com | tcp |
| DE | 139.45.240.92:443 | tcp | |
| FR | 185.86.139.114:443 | rtb-csync.smartadserver.com | tcp |
| DE | 37.252.172.45:443 | tcp | |
| DE | 35.158.27.81:443 | tcp | |
| US | 50.31.142.223:443 | tcp | |
| LU | 188.42.191.196:443 | ads.betweendigital.com | tcp |
| IE | 99.81.218.52:443 | tcp | |
| US | 54.80.1.197:443 | tcp | |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| IE | 52.213.136.222:443 | tcp | |
| IE | 63.34.213.220:443 | pm.w55c.net | tcp |
| US | 64.202.112.191:443 | tcp | |
| NL | 213.19.162.90:443 | tcp | |
| IE | 54.170.169.120:443 | tcp | |
| FR | 178.250.0.162:443 | csm.fr.eu.criteo.net | tcp |
| US | 50.31.142.63:443 | tcp | |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| NL | 77.245.57.72:443 | tcp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.166:443 | udp | |
| IE | 52.30.88.49:443 | tcp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.166:443 | udp | |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| DE | 141.95.98.69:443 | id5-sync.com | tcp |
| DK | 37.157.5.142:443 | tcp | |
| DE | 18.193.54.113:443 | tcp | |
| IE | 54.155.65.255:443 | tcp | |
| US | 64.202.112.191:443 | tcp | |
| DE | 139.45.240.92:443 | tcp | |
| US | 50.31.142.223:443 | tcp | |
| DE | 35.158.27.81:443 | tcp | |
| FR | 185.86.139.114:443 | rtb-csync.smartadserver.com | tcp |
| DE | 37.252.172.45:443 | tcp | |
| NL | 142.250.179.142:443 | udp | |
| DE | 37.252.172.45:443 | tcp | |
| FR | 178.250.0.162:443 | csm.fr.eu.criteo.net | tcp |
| FR | 178.250.0.157:443 | gum.criteo.com | tcp |
| US | 50.31.142.63:443 | tcp | |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| US | 35.227.233.104:443 | udp | |
| NL | 77.245.57.72:443 | tcp | |
| DE | 139.45.240.92:443 | tcp | |
| FR | 2.18.106.161:443 | px.moatads.com | tcp |
| IE | 52.16.76.85:443 | tcp | |
| US | 3.227.250.176:443 | tcp | |
| US | 3.227.250.176:443 | tcp | |
| US | 3.227.250.176:443 | tcp | |
| DE | 139.45.240.92:443 | tcp | |
| US | 50.31.142.223:443 | tcp | |
| NL | 178.250.2.151:443 | dis.criteo.com | tcp |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| NL | 104.109.249.82:443 | criteo-sync.teads.tv | tcp |
| DE | 18.196.115.149:443 | tcp | |
| NL | 104.123.40.23:443 | contextual.media.net | tcp |
| DE | 35.158.27.81:443 | tcp | |
| FR | 185.86.139.114:443 | rtb-csync.smartadserver.com | tcp |
| DE | 37.252.172.45:443 | tcp | |
| NL | 13.227.219.33:443 | config.playwire.com | tcp |
| US | 3.227.250.176:443 | tcp | |
| US | 3.227.250.176:443 | tcp | |
| US | 3.227.250.176:443 | tcp | |
| DE | 139.45.240.92:443 | tcp | |
| FR | 178.250.0.162:443 | csm.fr.eu.criteo.net | tcp |
| NL | 147.75.85.234:443 | prebid.a-mo.net | tcp |
| FR | 2.18.104.95:443 | c.aaxads.com | tcp |
| NL | 142.250.179.142:443 | udp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.166:443 | udp | |
| US | 216.239.32.116:443 | tcp | |
| US | 216.239.32.116:443 | udp | |
| NL | 142.251.39.97:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.251.36.2:443 | udp | |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 172.217.214.120:443 | udp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.166:443 | udp | |
| US | 165.227.250.67:443 | www.trustedantiviruscompare.com | tcp |
| NL | 142.251.36.2:443 | udp | |
| NL | 142.251.36.3:443 | udp | |
| US | 165.227.250.67:443 | tcp | |
| NL | 142.250.179.142:443 | udp | |
| US | 35.224.74.90:443 | tcp | |
| NL | 142.250.179.142:443 | udp | |
| US | 35.224.74.90:443 | tcp | |
| US | 35.244.248.161:443 | www.pcprotect.com | tcp |
| NL | 52.222.139.113:443 | widget.trustpilot.com | tcp |
| NL | 142.250.179.202:443 | udp | |
| NL | 142.251.36.49:443 | csp.withgoogle.com | tcp |
| US | 216.239.32.116:443 | tcp | |
| US | 216.239.32.116:443 | udp | |
| NL | 142.251.36.49:443 | udp | |
| GB | 68.70.192.128:443 | install.protected.net | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 104.109.248.155:443 | tcp | |
| US | 52.202.194.25:443 | tcp | |
| US | 172.217.214.120:443 | udp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.166:443 | udp | |
| US | 8.8.8.8:53 | in.appcenter.ms | udp |
| US | 40.70.161.7:443 | in.appcenter.ms | tcp |
| US | 40.70.161.7:443 | in.appcenter.ms | tcp |
| US | 8.8.8.8:53 | api.pcprotect.com | udp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 8.8.8.8:53 | in.appcenter.ms | udp |
| US | 52.177.138.113:443 | in.appcenter.ms | tcp |
| US | 52.177.138.113:443 | in.appcenter.ms | tcp |
| US | 8.8.8.8:53 | in.appcenter.ms | udp |
| US | 52.232.209.85:443 | in.appcenter.ms | tcp |
| US | 52.232.209.85:443 | in.appcenter.ms | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 44.239.180.202:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | pc-releases.powder.gg | udp |
| NL | 13.227.219.29:443 | pc-releases.powder.gg | tcp |
| US | 8.8.8.8:53 | graph.verse.powder.gg | udp |
| US | 174.129.115.39:443 | graph.verse.powder.gg | tcp |
| US | 44.239.180.202:443 | api2.amplitude.com | tcp |
| US | 44.239.180.202:443 | api2.amplitude.com | tcp |
| US | 44.239.180.202:443 | api2.amplitude.com | tcp |
| US | 44.239.180.202:443 | api2.amplitude.com | tcp |
| US | 44.239.180.202:443 | api2.amplitude.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 44.239.180.202:443 | api2.amplitude.com | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 8.8.8.8:53 | api.phantom.avira-vpn.com | udp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| DE | 3.127.191.25:443 | api.phantom.avira-vpn.com | tcp |
| DE | 3.127.191.25:443 | api.phantom.avira-vpn.com | tcp |
| DE | 3.127.191.25:443 | api.phantom.avira-vpn.com | tcp |
| DE | 3.127.191.25:443 | api.phantom.avira-vpn.com | tcp |
| DE | 3.127.191.25:443 | api.phantom.avira-vpn.com | tcp |
| DE | 3.127.191.25:443 | api.phantom.avira-vpn.com | tcp |
| DE | 3.127.191.25:443 | api.phantom.avira-vpn.com | tcp |
| US | 8.8.8.8:53 | definition.protected.net | udp |
| US | 35.190.63.3:443 | definition.protected.net | tcp |
| US | 35.190.63.3:443 | definition.protected.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 44.193.152.213:443 | tcp | |
| NL | 142.251.36.34:443 | udp | |
| US | 142.251.209.3:443 | udp | |
| NL | 142.250.179.170:443 | udp | |
| NL | 142.250.179.166:443 | udp | |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 8.8.8.8:53 | definition.protected.net | udp |
| US | 35.190.63.3:443 | definition.protected.net | tcp |
| N/A | 127.0.0.1:54752 | tcp | |
| N/A | 127.0.0.1:54755 | tcp | |
| US | 35.190.63.3:443 | definition.protected.net | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.190.63.3:443 | definition.protected.net | tcp |
| US | 40.70.161.7:443 | in.appcenter.ms | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 127.0.0.1:54759 | tcp | |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.pcprotect.com | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 35.244.248.161:443 | www.pcprotect.com | tcp |
| US | 35.244.248.161:443 | www.pcprotect.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | login.pcprotect.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 35.244.248.161:443 | login.pcprotect.com | udp |
| IE | 20.67.219.150:443 | nav.smartscreen.microsoft.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| NL | 151.101.38.109:443 | tcp | |
| NL | 151.101.38.109:443 | tcp | |
| US | 34.120.202.204:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 188.114.96.0:443 | feed.ultramapsearch.com | tcp |
| US | 35.241.17.230:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| BE | 87.248.116.12:443 | uk.help.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| NL | 142.250.179.170:443 | udp | |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| NL | 142.250.179.202:443 | udp | |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 188.114.96.0:443 | feed.ultramapsearch.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| US | 188.114.96.0:443 | feed.ultramapsearch.com | tcp |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| BE | 87.248.116.12:443 | uk.help.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.154:443 | tcp | |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 35.244.248.161:443 | login.pcprotect.com | tcp |
| US | 35.244.248.161:443 | login.pcprotect.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| NL | 54.192.85.4:443 | c.amazon-adsystem.com | tcp |
| US | 52.202.194.25:443 | tcp | |
| US | 3.84.65.210:443 | tcp | |
| NL | 142.251.36.34:443 | udp | |
| US | 35.168.42.117:443 | tcp | |
| US | 142.251.209.3:443 | udp | |
| NL | 142.250.179.170:443 | udp | |
| US | 52.202.194.25:443 | tcp | |
| NL | 87.248.202.119:443 | player.anyclip.com | tcp |
| US | 3.84.65.210:443 | tcp | |
| NL | 142.250.179.166:443 | udp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.142:443 | tcp | |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| NL | 20.73.130.64:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 35.244.248.161:443 | login.pcprotect.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| IE | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | secure.pcprotect.com | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 35.244.248.161:443 | secure.pcprotect.com | tcp |
| US | 35.244.248.161:443 | secure.pcprotect.com | tcp |
| US | 8.8.8.8:53 | update.winzip.com | udp |
| US | 34.195.199.88:443 | update.winzip.com | tcp |
| US | 8.8.8.8:53 | www.winzip.com | udp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| US | 35.244.248.161:443 | secure.pcprotect.com | udp |
| IE | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| IE | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| IE | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 35.190.78.76:443 | tcp | |
| US | 35.190.78.76:443 | tcp | |
| US | 151.101.2.133:443 | tcp | |
| US | 35.244.250.165:443 | tcp | |
| US | 35.244.250.165:443 | cdn.paymentauth.com | tcp |
| US | 35.190.78.76:443 | udp | |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ipm.corel.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| NL | 52.222.137.205:443 | cdn.amplitude.com | tcp |
| US | 35.244.248.161:443 | secure.pcprotect.com | tcp |
| NL | 104.110.191.34:443 | ipm.corel.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.36.158.160:443 | api.amplitude.com | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 18.65.33.229:443 | c.amazon-adsystem.com | tcp |
| NL | 216.58.214.3:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.179.142:443 | udp | |
| N/A | 239.255.255.250:3702 | udp | |
| US | 52.73.253.205:443 | tcp | |
| US | 3.224.87.237:443 | tcp | |
| NL | 142.251.36.34:443 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| NL | 13.227.219.120:443 | pc-releases.powder.gg | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 174.129.115.39:443 | graph.verse.powder.gg | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | fp-vs-nocache.azureedge.net | udp |
| US | 152.199.19.161:443 | fp-vs-nocache.azureedge.net | tcp |
| US | 8.8.8.8:53 | s-ring.msedge.net | udp |
| US | 13.107.3.254:443 | s-ring.msedge.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 3.211.251.13:443 | tcp | |
| NL | 172.217.168.194:443 | udp | |
| NL | 172.217.168.194:443 | tcp | |
| US | 52.73.253.205:443 | tcp | |
| US | 35.201.70.27:443 | udp | |
| US | 35.201.70.27:443 | beacons.gcp.gvt2.com | tcp |
| US | 40.70.161.7:443 | in.appcenter.ms | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 35.190.18.168:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.194:443 | udp | |
| DE | 139.45.240.92:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 104.109.248.155:443 | tcp | |
| US | 35.241.53.87:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 216.239.36.21:80 | virustotal.com | tcp |
| US | 216.239.36.21:443 | virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| NL | 142.250.179.163:443 | www.recaptcha.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.170:443 | udp | |
| NL | 216.58.214.3:443 | ssl.gstatic.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| US | 188.114.97.3:443 | feed.ultramapsearch.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| BE | 87.248.116.12:443 | uk.help.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| US | 104.21.80.63:443 | api.getsecuritysuite.com | tcp |
| BE | 87.248.116.12:443 | uk.help.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| US | 8.8.8.8:53 | www.extreme-injector.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 172.67.73.40:443 | tcp | |
| US | 172.67.73.40:443 | tcp | |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| US | 8.8.8.8:53 | i.imgur.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 199.232.148.193:443 | i.imgur.com | tcp |
| NL | 172.217.168.202:443 | ajax.googleapis.com | udp |
| US | 18.65.33.229:443 | tcp | |
| US | 208.95.112.2:443 | tcp | |
| US | 216.239.38.178:443 | udp | |
| US | 18.65.33.229:443 | c.amazon-adsystem.com | tcp |
| US | 216.239.32.36:443 | udp | |
| NL | 142.250.179.170:443 | udp | |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| NL | 142.251.39.106:443 | udp | |
| US | 104.16.164.13:443 | tcp | |
| NL | 13.227.219.73:443 | tcp | |
| NL | 142.250.179.161:443 | 7167f605a24a1949502fb0bd3b5bcf97.safeframe.googlesyndication.com | tcp |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| NL | 142.250.179.161:443 | udp | |
| NL | 142.251.36.1:443 | udp | |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 13.227.219.120:443 | pc-releases.powder.gg | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 52.72.75.172:443 | graph.verse.powder.gg | tcp |
| US | 185.199.108.153:443 | kittenpopo.github.io | tcp |
| US | 35.241.53.87:443 | beacons.gcp.gvt2.com | tcp |
| US | 185.199.108.153:443 | tcp | |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 172.67.73.40:443 | tcp | |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| US | 18.65.33.229:443 | tcp | |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| US | 104.16.164.13:443 | tcp | |
| NL | 13.227.219.73:443 | tagan.adlightning.com | tcp |
| NL | 142.250.179.161:443 | c398065805b2c5fa61b964ccac7cfa9e.safeframe.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 188.114.96.0:443 | feed.ultramapsearch.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| BE | 87.248.116.11:443 | uk.help.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 104.26.13.251:443 | tcp | |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| US | 104.26.13.251:443 | tcp | |
| US | 188.114.96.0:443 | feed.ultramapsearch.com | tcp |
| NL | 65.9.78.68:443 | c.amazon-adsystem.com | tcp |
| US | 188.114.96.0:443 | feed.ultramapsearch.com | tcp |
| US | 104.16.160.13:443 | tcp | |
| NL | 13.227.219.71:443 | tagan.adlightning.com | tcp |
| US | 142.250.102.157:443 | stats.g.doubleclick.net | udp |
| NL | 142.250.179.161:443 | 5c1ab8f6553889471a17711cf61db2c5.safeframe.googlesyndication.com | tcp |
| NL | 142.251.36.38:443 | udp | |
| NL | 142.251.36.1:443 | udp | |
| NL | 142.251.36.1:443 | tcp | |
| US | 216.239.34.36:443 | udp | |
| US | 216.239.34.36:443 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | udp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | api.ultramapsearch.com | udp |
| US | 188.114.97.3:443 | api.ultramapsearch.com | tcp |
| US | 8.8.8.8:53 | suggestqueries.google.com | udp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 188.114.96.0:443 | feed.ultramapsearch.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| BE | 87.248.116.11:443 | uk.help.yahoo.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| NL | 172.217.168.234:443 | content-autofill.googleapis.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| IE | 52.213.237.83:443 | tcp | |
| DE | 185.85.15.46:443 | www.kaspersky.co.uk | tcp |
| NL | 23.1.121.173:443 | service.maxymiser.net | tcp |
| RU | 77.74.178.40:443 | tcp | |
| RU | 77.74.178.40:443 | tcp | |
| RU | 77.74.178.40:443 | tcp | |
| RU | 77.74.178.40:443 | tcp | |
| RU | 77.74.178.40:443 | content.kaspersky-labs.com | tcp |
| RU | 77.74.178.40:443 | tcp | |
| DE | 185.85.15.23:443 | media.kaspersky.com | tcp |
| NL | 216.58.214.3:443 | ssl.gstatic.com | tcp |
| NL | 172.217.168.234:443 | udp | |
| US | 216.239.38.21:443 | sgtm.kaspersky.co.uk | tcp |
| FR | 15.188.95.229:443 | kaspersky.d3.sc.omtrdc.net | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| BE | 87.248.116.12:443 | uk.help.yahoo.com | tcp |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| US | 188.114.97.0:443 | feed.ultramapsearch.com | tcp |
| IE | 212.82.100.137:443 | uk.video.search.yahoo.com | tcp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| FR | 51.91.30.159:443 | www.upload.ee | tcp |
| NL | 104.80.228.119:443 | s7.addthis.com | tcp |
| NL | 104.80.228.119:443 | tcp | |
| FR | 2.18.106.161:443 | z.moatads.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.170:443 | safebrowsing.googleapis.com | tcp |
| NL | 216.58.208.106:443 | udp | |
| US | 216.239.34.36:443 | udp | |
| US | 216.239.34.36:443 | tcp | |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| EE | 212.47.222.21:443 | tcp | |
| NL | 142.251.36.1:443 | udp | |
| NL | 142.251.36.1:443 | tcp | |
| DE | 54.93.153.89:443 | tcp | |
| FR | 2.22.147.27:443 | tcp | |
| DE | 54.93.153.89:443 | tcp | |
| NL | 52.222.137.20:443 | dskwugy0u6y9l.cloudfront.net | tcp |
| NL | 142.250.179.170:443 | udp | |
| DK | 37.157.2.236:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| US | 108.156.60.113:443 | miliated.xyz | tcp |
| FI | 95.216.10.48:443 | img.cdn.house | tcp |
| DE | 49.12.82.144:443 | cp2s.xyz | tcp |
| DE | 49.12.82.144:443 | cp2s.xyz | tcp |
| DE | 157.90.1.66:443 | tcp | |
| DE | 157.90.33.79:443 | tcp | |
| US | 18.65.39.88:443 | nedaugha.buzz | tcp |
| US | 44.195.137.121:443 | tcp | |
| NL | 142.250.179.142:443 | safebrowsing.google.com | tcp |
| US | 8.8.8.8:53 | update.winzip.com | udp |
| US | 34.195.199.88:443 | update.winzip.com | tcp |
| US | 34.195.199.88:443 | update.winzip.com | tcp |
| US | 8.8.8.8:53 | www.winzip.com | udp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| FR | 2.16.118.210:443 | www.winzip.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | ipm.corel.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| NL | 104.110.191.39:443 | ipm.corel.com | tcp |
| NL | 104.110.191.39:443 | ipm.corel.com | tcp |
| NL | 52.222.137.213:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.35.64.123:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| NL | 216.58.214.14:80 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | r3---sn-5hne6nzs.gvt1.com | udp |
| NL | 74.125.8.104:80 | r3---sn-5hne6nzs.gvt1.com | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| NL | 172.217.132.199:80 | r2---sn-5hnednss.gvt1.com | tcp |
| US | 8.8.8.8:53 | api.pcprotect.com | udp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 8.8.8.8:53 | definition.protected.net | udp |
| US | 35.190.63.3:443 | definition.protected.net | tcp |
| US | 8.8.8.8:53 | in.appcenter.ms | udp |
| US | 40.70.161.102:443 | in.appcenter.ms | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| NL | 142.250.179.163:443 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 127.0.0.1:58500 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.142:443 | udp | |
| US | 35.227.215.13:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.174:80 | suggestqueries.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| NL | 142.251.36.14:443 | chrome.google.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| NL | 142.251.39.97:443 | udp | |
| NL | 142.251.39.97:443 | tcp | |
| NL | 142.251.39.97:443 | tcp | |
| NL | 142.250.179.170:443 | udp | |
| US | 185.199.108.154:443 | tcp | |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| NL | 216.58.208.106:443 | udp | |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| DE | 140.82.121.10:443 | codeload.github.com | tcp |
| NL | 142.251.36.14:443 | chrome.google.com | udp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| NL | 142.250.179.142:443 | udp | |
| US | 8.8.8.8:53 | ipm.corel.com | udp |
| NL | 104.110.191.39:443 | ipm.corel.com | tcp |
| NL | 104.110.191.39:443 | ipm.corel.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| NL | 52.222.137.70:443 | cdn.amplitude.com | tcp |
| NL | 52.222.137.70:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 34.211.183.198:443 | api.amplitude.com | tcp |
| US | 34.211.183.198:443 | api.amplitude.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| N/A | 239.255.255.250:3702 | udp | |
| US | 8.8.8.8:53 | ipm.corel.com | udp |
| NL | 104.110.191.39:443 | ipm.corel.com | tcp |
| NL | 104.110.191.39:443 | ipm.corel.com | tcp |
| NL | 52.222.137.70:443 | cdn.amplitude.com | tcp |
| US | 34.211.183.198:443 | api.amplitude.com | tcp |
| N/A | 239.255.255.250:3702 | udp | |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 35.190.63.3:443 | definition.protected.net | tcp |
| US | 40.70.161.102:443 | in.appcenter.ms | tcp |
| US | 35.244.248.161:443 | api.pcprotect.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 13.227.219.29:443 | pc-releases.powder.gg | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 174.129.115.39:443 | graph.verse.powder.gg | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 216.239.32.116:443 | udp | |
| US | 35.227.215.13:443 | tcp | |
| NL | 142.250.179.142:443 | udp | |
| US | 216.239.32.116:443 | tcp | |
| HK | 34.92.53.177:443 | e2c2.gcp.gvt2.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 34.211.183.198:443 | api.amplitude.com | tcp |
| DE | 49.12.82.144:443 | cp2s.xyz | tcp |
| DE | 49.12.82.144:443 | cp2s.xyz | tcp |
| DE | 157.90.33.79:443 | tcp | |
| US | 18.65.39.86:443 | nedaugha.buzz | tcp |
| US | 44.195.137.121:443 | tcp | |
| N/A | 127.0.0.1:58750 | tcp |
Files
memory/2404-132-0x0000000000000000-mapping.dmp
\??\pipe\crashpad_4768_OKFLABRTSTIQXWOJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/4000-135-0x0000000000000000-mapping.dmp
memory/260-136-0x0000000000000000-mapping.dmp
memory/1520-137-0x0000000000000000-mapping.dmp
memory/4264-138-0x0000000000000000-mapping.dmp
memory/3116-139-0x0000000000000000-mapping.dmp
memory/4060-140-0x0000000000000000-mapping.dmp
memory/488-141-0x0000000000000000-mapping.dmp
memory/2076-142-0x0000000000000000-mapping.dmp
memory/5088-143-0x0000000000000000-mapping.dmp
memory/2724-144-0x0000000000000000-mapping.dmp
memory/2704-145-0x0000000000000000-mapping.dmp
memory/3924-146-0x0000000000000000-mapping.dmp
memory/3116-147-0x0000000010000000-0x0000000010112000-memory.dmp
memory/3116-148-0x0000000002F30000-0x00000000030F7000-memory.dmp
memory/828-149-0x0000000000000000-mapping.dmp
memory/3460-150-0x0000000000000000-mapping.dmp
memory/2628-151-0x0000000000000000-mapping.dmp
memory/3204-152-0x0000000000000000-mapping.dmp
memory/2036-153-0x0000000000000000-mapping.dmp
memory/2076-154-0x0000000000000000-mapping.dmp
memory/5088-155-0x0000000000000000-mapping.dmp
memory/444-156-0x0000000000000000-mapping.dmp
memory/2704-157-0x0000000000000000-mapping.dmp
memory/3924-158-0x0000000000000000-mapping.dmp
memory/1512-160-0x0000000000000000-mapping.dmp
memory/3396-161-0x0000000000000000-mapping.dmp
memory/1968-162-0x0000000000000000-mapping.dmp
memory/3776-163-0x0000000000000000-mapping.dmp
memory/4208-164-0x0000000000000000-mapping.dmp
memory/3116-165-0x0000000010000000-0x0000000010112000-memory.dmp
memory/804-166-0x0000000000000000-mapping.dmp
memory/4492-167-0x0000000000000000-mapping.dmp
memory/548-168-0x0000000000000000-mapping.dmp
memory/4776-169-0x0000000000000000-mapping.dmp
memory/2192-170-0x0000000000000000-mapping.dmp
memory/5004-172-0x0000000000000000-mapping.dmp
memory/1524-173-0x0000000000000000-mapping.dmp
memory/1796-174-0x0000000000000000-mapping.dmp
memory/1260-175-0x0000000000000000-mapping.dmp
memory/60-176-0x0000000000000000-mapping.dmp
memory/3116-177-0x0000000010000000-0x0000000010112000-memory.dmp
memory/4492-178-0x0000000000000000-mapping.dmp
memory/1524-179-0x0000000000000000-mapping.dmp
memory/2036-180-0x0000000000000000-mapping.dmp
memory/2036-181-0x0000000000B70000-0x0000000000B94000-memory.dmp
memory/804-182-0x0000000000000000-mapping.dmp
memory/8-183-0x0000000000000000-mapping.dmp
memory/8-184-0x00007FFC9D6F0000-0x00007FFC9D725000-memory.dmp
memory/2036-185-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp
memory/8-187-0x000001D4FC3F0000-0x000001D4FC4F6000-memory.dmp
memory/8-188-0x000001D4FBBC0000-0x000001D4FBC24000-memory.dmp
memory/8-189-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp
memory/8-190-0x000001D4FBC90000-0x000001D4FBCEA000-memory.dmp
memory/8-191-0x000001D4FB8F7000-0x000001D4FB8FB000-memory.dmp
memory/8-192-0x00007FFC9CE30000-0x00007FFC9CE64000-memory.dmp
memory/8-193-0x00007FFC9CDE0000-0x00007FFC9CE28000-memory.dmp
memory/8-194-0x00007FFC9F030000-0x00007FFC9F064000-memory.dmp
memory/8-195-0x000001D4FCCF0000-0x000001D4FCEB2000-memory.dmp
memory/4868-198-0x0000000000000000-mapping.dmp
memory/8-197-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-196-0x000001D4FB8FB000-0x000001D4FB8FF000-memory.dmp
memory/8-199-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-200-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-201-0x000001D4FE4C0000-0x000001D4FFA0C000-memory.dmp
memory/8-202-0x00007FFC9D340000-0x00007FFC9D3F2000-memory.dmp
memory/8-203-0x000001D4FD7F0000-0x000001D4FDB76000-memory.dmp
memory/8-204-0x000001D4FD2E0000-0x000001D4FD352000-memory.dmp
memory/8-205-0x000001D4FCFC0000-0x000001D4FD010000-memory.dmp
memory/8-206-0x000001D4FD460000-0x000001D4FD4B0000-memory.dmp
memory/8-207-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-209-0x000001D4FCF70000-0x000001D4FCF82000-memory.dmp
memory/8-208-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/1812-210-0x0000000000000000-mapping.dmp
memory/8-211-0x00007FFC9E330000-0x00007FFC9E3A4000-memory.dmp
memory/5124-212-0x0000000000000000-mapping.dmp
memory/8-213-0x00007FFC9CFF0000-0x00007FFC9D085000-memory.dmp
memory/8-214-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-215-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-216-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-218-0x00007FFC8D4E0000-0x00007FFC8D553000-memory.dmp
memory/8-219-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-220-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-222-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-223-0x00007FFC8D360000-0x00007FFC8D412000-memory.dmp
memory/8-221-0x00007FFC8D420000-0x00007FFC8D4D2000-memory.dmp
memory/8-224-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-226-0x000001D4FFAC0000-0x000001D4FFB1E000-memory.dmp
memory/5252-228-0x0000000000000000-mapping.dmp
memory/5216-227-0x0000000000000000-mapping.dmp
memory/5288-229-0x0000000000000000-mapping.dmp
memory/8-225-0x00007FFC9ECD0000-0x00007FFC9ECE7000-memory.dmp
memory/8-217-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/4868-231-0x00000000036A0000-0x0000000003867000-memory.dmp
memory/5364-232-0x0000000000000000-mapping.dmp
memory/8-230-0x000001D4FD540000-0x000001D4FD548000-memory.dmp
memory/8-233-0x000001D498060000-0x000001D49809A000-memory.dmp
memory/5404-234-0x0000000000000000-mapping.dmp
memory/8-235-0x000001D4FC940000-0x000001D4FCA40000-memory.dmp
memory/8-236-0x000001D4FE240000-0x000001D4FE252000-memory.dmp
memory/8-237-0x000001D4FE252000-0x000001D4FE264000-memory.dmp
memory/4868-238-0x0000000010000000-0x0000000010112000-memory.dmp
memory/5468-239-0x0000000000000000-mapping.dmp
memory/8-241-0x000001D4FB8F7000-0x000001D4FB8FB000-memory.dmp
memory/5504-240-0x0000000000000000-mapping.dmp
memory/8-242-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp
memory/8-243-0x000001D4FB8FB000-0x000001D4FB8FF000-memory.dmp
memory/5576-244-0x0000000000000000-mapping.dmp
memory/5760-245-0x0000000000000000-mapping.dmp
memory/5780-246-0x0000000000000000-mapping.dmp
memory/5828-247-0x0000000000000000-mapping.dmp
memory/5828-248-0x0000000005C40000-0x0000000006064000-memory.dmp
memory/3052-249-0x00007FFCBE550000-0x00007FFCBE560000-memory.dmp
memory/5828-251-0x0000000006620000-0x0000000006BC4000-memory.dmp
memory/5828-252-0x0000000006120000-0x00000000061B2000-memory.dmp
memory/2036-253-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp
memory/5828-254-0x00000000060F0000-0x00000000060FA000-memory.dmp
memory/5828-255-0x0000000006450000-0x0000000006460000-memory.dmp
memory/6028-256-0x0000000000000000-mapping.dmp
memory/3152-257-0x0000000000000000-mapping.dmp
memory/5160-258-0x0000000000000000-mapping.dmp
memory/5176-259-0x0000000000000000-mapping.dmp
memory/5248-260-0x0000000000000000-mapping.dmp
memory/5216-261-0x0000000000000000-mapping.dmp
memory/5192-262-0x0000000000000000-mapping.dmp
memory/5192-263-0x0000000000D70000-0x0000000000DAC000-memory.dmp
memory/5192-264-0x000000001CBF0000-0x000000001CE06000-memory.dmp
memory/5192-265-0x00007FFC9D850000-0x00007FFC9E311000-memory.dmp
memory/5532-266-0x00007FFCB19F0000-0x00007FFCB1A25000-memory.dmp
memory/5532-268-0x000002223B290000-0x000002223B390000-memory.dmp
memory/5532-269-0x00007FFCA23E0000-0x00007FFCA2414000-memory.dmp
memory/4172-476-0x00007FFC7DB70000-0x00007FFC7DB80000-memory.dmp
memory/5880-568-0x0000000010000000-0x0000000010010000-memory.dmp
memory/4256-595-0x000001F5C4D90000-0x000001F5C4DA0000-memory.dmp
memory/6532-596-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-597-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-598-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-599-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-600-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-602-0x00007FFC7DEB0000-0x00007FFC7DEC0000-memory.dmp
memory/6532-605-0x00007FFC7DEB0000-0x00007FFC7DEC0000-memory.dmp
memory/6532-611-0x00007FFC80B80000-0x00007FFC815B6000-memory.dmp
memory/6532-617-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-619-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-618-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp
memory/6532-620-0x00007FFC7FF10000-0x00007FFC7FF20000-memory.dmp