I found this interested virtual Microsoft “zygote” on my own PC that seems to be associated with the official Microsoft Windows Sandbox…
After researching, I found this thing is completely virtual and doesn’t have a hash or anything, so SpyShelter’s data is correct, but it’s still quite strange. I then quarantined the “vmmemCmZygote” and found my Windows Sandbox could not work anymore. I then unquarantined “vmmemCmZygote” and rebooted, and the Sandbox worked again.
We had another team member who also found this and confirmed it’s completely virtual (not running in the Task Manager) and it’s made by Microsoft, in relation to Windows Sandbox.
Strange eh? What strange things have you found with SpyShelter? Please post and let us know.