Publicité
Publicité
Format du document : text/plain
Prévisualisation
{
"header": {
"program": {
"project": "RogueKiller",
"version": "12.11.0.0",
"x64": true,
"date": "May 29 2017",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/fr/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 10 (10.0.15063) 64 bits version",
"boot": 0,
"winpe": false,
"user": "User",
"user_admin": true,
"program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 1,
"aborted": false,
"date": "06/02/2017 15:33:35",
"duration": 1511,
"debug": false,
"count": 0,
"show_legit_hooks": false,
"expert_mode": false,
"switches": []
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 380,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 488,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 480,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 624,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "",
"pid_parent": 480,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 636,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 616,
"path_parent": "",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 728,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 616,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "",
"pid": 776,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "",
"pid": 784,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\WINDOWS\\system32\\lsass.exe",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 888,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -s PlugPlay",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "winlogon.exe",
"pid": 912,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 728,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "",
"pid": 916,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 936,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 336,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k rpcss",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 448,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -s LSM",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "winlogon.exe",
"pid": 68,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"dwm.exe\"",
"pid_parent": 728,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1136,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Schedule",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1176,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s NcbService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1184,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s ProfSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1196,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1276,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s UserManager",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1340,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s hidserv",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "atiesrxx.exe",
"name_parent": "",
"pid": 1444,
"path": "C:\\Windows\\System32\\atiesrxx.exe",
"command_line": "C:\\WINDOWS\\system32\\atiesrxx.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1452,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s EventLog",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "atieclxx.exe",
"name_parent": "atiesrxx.exe",
"pid": 1548,
"path": "C:\\Windows\\System32\\atieclxx.exe",
"command_line": "atieclxx",
"pid_parent": 1444,
"path_parent": "C:\\Windows\\System32\\atiesrxx.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1564,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1600,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1624,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Themes",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1636,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s EventSystem",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1664,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s nsi",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1760,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s SENS",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1772,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s Dhcp",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1856,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s NlaSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "igfxCUIService.exe",
"name_parent": "",
"pid": 1904,
"path": "C:\\Windows\\System32\\igfxCUIService.exe",
"command_line": "C:\\WINDOWS\\system32\\igfxCUIService.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1916,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s Dnscache",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1984,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1992,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s FontCache",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2036,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Winmgmt",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2064,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s netprofm",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "svchost.exe",
"pid": 2180,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b5fe9c67-72b3-47a8-a87f-29470e770fc8 -SystemEventPortName:HostProcess-fdaa64b0-f36e-4712-9563-4066e998093b -IoCancelEventPortName:HostProcess-9b109cb4-ffac-4b67-8144-c8de1697ded5 -NonStateChangingEventPortName:HostProcess-dc578d35-0723-41ee-b1db-e2f89901284c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a298c89c-b9ef-44ce-b9c3-15f3ec744287 -DeviceGroupId:WpdFsGroup",
"pid_parent": 1600,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2252,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2492,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2500,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2552,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s ShellHWDetection",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2568,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -s StateRepository",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "spoolsv.exe",
"name_parent": "",
"pid": 2660,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2712,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s LanmanWorkstation",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "armsvc.exe",
"name_parent": "",
"pid": 2820,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
"pid_parent": 776,
"path_parent": "",
"is_64": false
},
{
"name": "MBAMService.exe",
"name_parent": "",
"pid": 2828,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe\"",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2836,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s PcaSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2844,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s CryptSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2852,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2860,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s iphlpsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2868,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -s DPS",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2968,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s SysMain",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2976,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3008,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s TrkWks",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3040,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s WpnService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3048,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s LanmanServer",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "MsMpEng.exe",
"name_parent": "",
"pid": 3064,
"path": "C:\\Program Files\\Windows Defender\\MsMpEng.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SecurityHealthService.exe",
"name_parent": "",
"pid": 2540,
"path": "C:\\Windows\\System32\\SecurityHealthService.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "Memory Compression",
"name_parent": "",
"pid": 3152,
"path": "MemCompression",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3320,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s WdiServiceHost",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3512,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -s tiledatamodelsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3708,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4064,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4412,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s CDPUserSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "sihost.exe",
"name_parent": "svchost.exe",
"pid": 4420,
"path": "c:\\Windows\\System32\\sihost.exe",
"command_line": "sihost.exe",
"pid_parent": 1276,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4468,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "PresentationFontCache.exe",
"name_parent": "",
"pid": 4548,
"path": "C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"command_line": "C:\\WINDOWS\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "taskhostw.exe",
"name_parent": "svchost.exe",
"pid": 4792,
"path": "c:\\Windows\\System32\\taskhostw.exe",
"command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
"pid_parent": 1136,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4872,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s TokenBroker",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 5092,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\WINDOWS\\Explorer.EXE",
"pid_parent": 5040,
"path_parent": "",
"is_64": true
},
{
"name": "igfxEM.exe",
"name_parent": "",
"pid": 4680,
"path": "C:\\Windows\\System32\\igfxEM.exe",
"command_line": "igfxEM.exe ",
"pid_parent": 1964,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4580,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Appinfo",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "ClassicStartMenu.exe",
"name_parent": "Explorer.EXE",
"pid": 5148,
"path": "C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe",
"command_line": "ClassicStartMenu.exe -startup",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "NisSrv.exe",
"name_parent": "",
"pid": 5588,
"path": "C:\\Program Files\\Windows Defender\\NisSrv.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SearchIndexer.exe",
"name_parent": "",
"pid": 5776,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "ShellExperienceHost.exe",
"name_parent": "svchost.exe",
"pid": 5932,
"path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
"command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchUI.exe",
"name_parent": "svchost.exe",
"pid": 5964,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 3768,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6308,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s LicenseManager",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6336,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s CDPSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SkypeHost.exe",
"name_parent": "svchost.exe",
"pid": 6436,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\\SkypeHost.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\\SkypeHost.exe\" -ServerName:SkypeHost.ServerServer",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MSASCuiL.exe",
"name_parent": "Explorer.EXE",
"pid": 6376,
"path": "C:\\Program Files\\Windows Defender\\MSASCuiL.exe",
"command_line": "\"C:\\Program Files\\Windows Defender\\MSASCuiL.exe\" ",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "mbamtray.exe",
"name_parent": "Explorer.EXE",
"pid": 1488,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe\" ",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "rundll32.exe",
"name_parent": "Explorer.EXE",
"pid": 2672,
"path": "C:\\Windows\\System32\\rundll32.exe",
"command_line": "\"C:\\WINDOWS\\system32\\RunDll32.exe\" \"C:\\Program Files\\HP\\HP DeskJet 3630 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN5BU1HHSG0658;CONNECTION=USB;MONITOR=1;",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "hpwuschd2.exe",
"name_parent": "",
"pid": 3332,
"path": "C:\\Program Files (x86)\\HP\\HP Software Update\\hpwuschd2.exe",
"command_line": "\"C:\\Program Files (x86)\\HP\\HP Software Update\\hpwuschd2.exe\" ",
"pid_parent": 2616,
"path_parent": "",
"is_64": false
},
{
"name": "MOM.exe",
"name_parent": "",
"pid": 5228,
"path": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe",
"command_line": "\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM\" PriorityLow",
"pid_parent": 4768,
"path_parent": "",
"is_64": true
},
{
"name": "CCleaner64.exe",
"name_parent": "",
"pid": 6216,
"path": "C:\\Program Files\\CCleaner\\CCleaner64.exe",
"command_line": "\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR /uac",
"pid_parent": 5508,
"path_parent": "",
"is_64": true
},
{
"name": "CCC.exe",
"name_parent": "MOM.exe",
"pid": 7080,
"path": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe",
"command_line": "\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe\" 0",
"pid_parent": 5228,
"path_parent": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3720,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s wscsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4640,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "ApplicationFrameHost.exe",
"name_parent": "svchost.exe",
"pid": 6836,
"path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
"command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1960,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s lfsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 7244,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5404,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2740,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s SensorService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7872,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SystemSettings.exe",
"name_parent": "svchost.exe",
"pid": 8312,
"path": "C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe",
"command_line": "\"C:\\WINDOWS\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3936,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService -s WinHttpAutoProxySvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 976,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5644,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s StorSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "MicrosoftEdge.exe",
"name_parent": "svchost.exe",
"pid": 7420,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe\" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "browser_broker.exe",
"name_parent": "svchost.exe",
"pid": 2600,
"path": "C:\\Windows\\System32\\browser_broker.exe",
"command_line": "C:\\WINDOWS\\system32\\browser_broker.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 3880,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 5312,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 4544,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "smartscreen.exe",
"name_parent": "svchost.exe",
"pid": 5204,
"path": "C:\\Windows\\System32\\smartscreen.exe",
"command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 9116,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 5848,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1732,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 4500,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x4ec",
"pid_parent": 2252,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 3544,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7428,
"path": "",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": false
},
{
"name": "DataExchangeHost.exe",
"name_parent": "svchost.exe",
"pid": 7704,
"path": "C:\\Windows\\System32\\DataExchangeHost.exe",
"command_line": "C:\\Windows\\System32\\DataExchangeHost.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 832,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SearchProtocolHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 7788,
"path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe27_ Global\\UsGthrCtrlFltPipeMssGthrPipe27 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" ",
"pid_parent": 5776,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "SearchFilterHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 9192,
"path": "C:\\Windows\\System32\\SearchFilterHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchFilterHost.exe\" 0 688 692 700 8192 696 ",
"pid_parent": 5776,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 5708,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RogueKiller64.exe",
"name_parent": "",
"pid": 8392,
"path": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"command_line": "\"C:\\Program Files\\RogueKiller\\RogueKiller64.exe\" ",
"pid_parent": 4512,
"path_parent": "",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 6392,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchProtocolHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 1500,
"path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe_S-1-5-21-2798650966-3917502356-1212340295-100128_ Global\\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2798650966-3917502356-1212340295-100128 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" \"1\"",
"pid_parent": 5776,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [],
"tasks": [],
"filesystem": [],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-00WN4A0 +++++\n--- User ---\n[MBR] 0086f36f0b7bc8b257f89fc226376c3d\n[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB\n1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB\n2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB\n3 - Basic data partition | Offset (sectors): 1159168 | Size: 953303 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n"
}
}
}
"header": {
"program": {
"project": "RogueKiller",
"version": "12.11.0.0",
"x64": true,
"date": "May 29 2017",
"contact": "http://www.adlice.com/contact/",
"feedback": "https://forum.adlice.com",
"website": "http://www.adlice.com/fr/download/roguekiller/",
"blog": "http://www.adlice.com"
},
"environment": {
"operating_system": "Windows 10 (10.0.15063) 64 bits version",
"boot": 0,
"winpe": false,
"user": "User",
"user_admin": true,
"program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"x64": true,
"licensing": "free"
},
"report": {
"type": 1,
"aborted": false,
"date": "06/02/2017 15:33:35",
"duration": 1511,
"debug": false,
"count": 0,
"show_legit_hooks": false,
"expert_mode": false,
"switches": []
}
},
"information": {
"processes": [
{
"name": "[System Process]",
"name_parent": "",
"pid": 0,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "System",
"name_parent": "",
"pid": 4,
"path": "",
"command_line": "",
"pid_parent": 0,
"path_parent": "",
"is_64": true
},
{
"name": "smss.exe",
"name_parent": "",
"pid": 380,
"path": "C:\\Windows\\System32\\smss.exe",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 488,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 480,
"path_parent": "",
"is_64": true
},
{
"name": "wininit.exe",
"name_parent": "",
"pid": 624,
"path": "C:\\Windows\\System32\\wininit.exe",
"command_line": "",
"pid_parent": 480,
"path_parent": "",
"is_64": true
},
{
"name": "csrss.exe",
"name_parent": "",
"pid": 636,
"path": "C:\\Windows\\System32\\csrss.exe",
"command_line": "",
"pid_parent": 616,
"path_parent": "",
"is_64": true
},
{
"name": "winlogon.exe",
"name_parent": "",
"pid": 728,
"path": "C:\\Windows\\System32\\winlogon.exe",
"command_line": "winlogon.exe",
"pid_parent": 616,
"path_parent": "",
"is_64": true
},
{
"name": "services.exe",
"name_parent": "",
"pid": 776,
"path": "C:\\Windows\\System32\\services.exe",
"command_line": "",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "lsass.exe",
"name_parent": "",
"pid": 784,
"path": "C:\\Windows\\System32\\lsass.exe",
"command_line": "C:\\WINDOWS\\system32\\lsass.exe",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 888,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -s PlugPlay",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "winlogon.exe",
"pid": 912,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 728,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "fontdrvhost.exe",
"name_parent": "",
"pid": 916,
"path": "C:\\Windows\\System32\\fontdrvhost.exe",
"command_line": "\"fontdrvhost.exe\"",
"pid_parent": 624,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 936,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 336,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k rpcss",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 448,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k dcomlaunch -s LSM",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "dwm.exe",
"name_parent": "winlogon.exe",
"pid": 68,
"path": "C:\\Windows\\System32\\dwm.exe",
"command_line": "\"dwm.exe\"",
"pid_parent": 728,
"path_parent": "C:\\Windows\\System32\\winlogon.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1136,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Schedule",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1176,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s NcbService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1184,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s ProfSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1196,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1276,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s UserManager",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1340,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s hidserv",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "atiesrxx.exe",
"name_parent": "",
"pid": 1444,
"path": "C:\\Windows\\System32\\atiesrxx.exe",
"command_line": "C:\\WINDOWS\\system32\\atiesrxx.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1452,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s EventLog",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "atieclxx.exe",
"name_parent": "atiesrxx.exe",
"pid": 1548,
"path": "C:\\Windows\\System32\\atieclxx.exe",
"command_line": "atieclxx",
"pid_parent": 1444,
"path_parent": "C:\\Windows\\System32\\atiesrxx.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1564,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1600,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalSystemNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1624,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Themes",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1636,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s EventSystem",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1664,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s nsi",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1760,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s SENS",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1772,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s Dhcp",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1856,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s NlaSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "igfxCUIService.exe",
"name_parent": "",
"pid": 1904,
"path": "C:\\Windows\\System32\\igfxCUIService.exe",
"command_line": "C:\\WINDOWS\\system32\\igfxCUIService.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1916,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s Dnscache",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1984,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1992,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s FontCache",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2036,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Winmgmt",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2064,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s netprofm",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "WUDFHost.exe",
"name_parent": "svchost.exe",
"pid": 2180,
"path": "C:\\Windows\\System32\\WUDFHost.exe",
"command_line": "\"C:\\Windows\\System32\\WUDFHost.exe\" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b5fe9c67-72b3-47a8-a87f-29470e770fc8 -SystemEventPortName:HostProcess-fdaa64b0-f36e-4712-9563-4066e998093b -IoCancelEventPortName:HostProcess-9b109cb4-ffac-4b67-8144-c8de1697ded5 -NonStateChangingEventPortName:HostProcess-dc578d35-0723-41ee-b1db-e2f89901284c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a298c89c-b9ef-44ce-b9c3-15f3ec744287 -DeviceGroupId:WpdFsGroup",
"pid_parent": 1600,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2252,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2492,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2500,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2552,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s ShellHWDetection",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2568,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -s StateRepository",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "spoolsv.exe",
"name_parent": "",
"pid": 2660,
"path": "C:\\Windows\\System32\\spoolsv.exe",
"command_line": "C:\\WINDOWS\\System32\\spoolsv.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2712,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s LanmanWorkstation",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "armsvc.exe",
"name_parent": "",
"pid": 2820,
"path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
"command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
"pid_parent": 776,
"path_parent": "",
"is_64": false
},
{
"name": "MBAMService.exe",
"name_parent": "",
"pid": 2828,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamservice.exe\"",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2836,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s PcaSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2844,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservice -s CryptSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2852,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k utcsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2860,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s iphlpsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2868,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenonetwork -s DPS",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2968,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s SysMain",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2976,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k imgsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3008,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s TrkWks",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3040,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s WpnService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3048,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s LanmanServer",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "MsMpEng.exe",
"name_parent": "",
"pid": 3064,
"path": "C:\\Program Files\\Windows Defender\\MsMpEng.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SecurityHealthService.exe",
"name_parent": "",
"pid": 2540,
"path": "C:\\Windows\\System32\\SecurityHealthService.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "Memory Compression",
"name_parent": "",
"pid": 3152,
"path": "MemCompression",
"command_line": "",
"pid_parent": 4,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3320,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s WdiServiceHost",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3512,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k appmodel -s tiledatamodelsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3708,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4064,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4412,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s CDPUserSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "sihost.exe",
"name_parent": "svchost.exe",
"pid": 4420,
"path": "c:\\Windows\\System32\\sihost.exe",
"command_line": "sihost.exe",
"pid_parent": 1276,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4468,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup -s WpnUserService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "PresentationFontCache.exe",
"name_parent": "",
"pid": 4548,
"path": "C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"command_line": "C:\\WINDOWS\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "taskhostw.exe",
"name_parent": "svchost.exe",
"pid": 4792,
"path": "c:\\Windows\\System32\\taskhostw.exe",
"command_line": "taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}",
"pid_parent": 1136,
"path_parent": "c:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4872,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s TokenBroker",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "explorer.exe",
"name_parent": "",
"pid": 5092,
"path": "C:\\Windows\\explorer.exe",
"command_line": "C:\\WINDOWS\\Explorer.EXE",
"pid_parent": 5040,
"path_parent": "",
"is_64": true
},
{
"name": "igfxEM.exe",
"name_parent": "",
"pid": 4680,
"path": "C:\\Windows\\System32\\igfxEM.exe",
"command_line": "igfxEM.exe ",
"pid_parent": 1964,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4580,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s Appinfo",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "ClassicStartMenu.exe",
"name_parent": "Explorer.EXE",
"pid": 5148,
"path": "C:\\Program Files\\Classic Shell\\ClassicStartMenu.exe",
"command_line": "ClassicStartMenu.exe -startup",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "NisSrv.exe",
"name_parent": "",
"pid": 5588,
"path": "C:\\Program Files\\Windows Defender\\NisSrv.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SearchIndexer.exe",
"name_parent": "",
"pid": 5776,
"path": "C:\\Windows\\System32\\SearchIndexer.exe",
"command_line": "C:\\WINDOWS\\system32\\SearchIndexer.exe /Embedding",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "ShellExperienceHost.exe",
"name_parent": "svchost.exe",
"pid": 5932,
"path": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe",
"command_line": "\"C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe\" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchUI.exe",
"name_parent": "svchost.exe",
"pid": 5964,
"path": "C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe\" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RuntimeBroker.exe",
"name_parent": "svchost.exe",
"pid": 3768,
"path": "C:\\Windows\\System32\\RuntimeBroker.exe",
"command_line": "C:\\Windows\\System32\\RuntimeBroker.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6308,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s LicenseManager",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 6336,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservice -s CDPSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SkypeHost.exe",
"name_parent": "svchost.exe",
"pid": 6436,
"path": "C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\\SkypeHost.exe",
"command_line": "\"C:\\Program Files\\WindowsApps\\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\\SkypeHost.exe\" -ServerName:SkypeHost.ServerServer",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MSASCuiL.exe",
"name_parent": "Explorer.EXE",
"pid": 6376,
"path": "C:\\Program Files\\Windows Defender\\MSASCuiL.exe",
"command_line": "\"C:\\Program Files\\Windows Defender\\MSASCuiL.exe\" ",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "mbamtray.exe",
"name_parent": "Explorer.EXE",
"pid": 1488,
"path": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe",
"command_line": "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbamtray.exe\" ",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": false
},
{
"name": "rundll32.exe",
"name_parent": "Explorer.EXE",
"pid": 2672,
"path": "C:\\Windows\\System32\\rundll32.exe",
"command_line": "\"C:\\WINDOWS\\system32\\RunDll32.exe\" \"C:\\Program Files\\HP\\HP DeskJet 3630 series\\bin\\HPStatusBL.dll\",RunDLLEntry SERIALNUMBER=CN5BU1HHSG0658;CONNECTION=USB;MONITOR=1;",
"pid_parent": 5092,
"path_parent": "C:\\Windows\\explorer.exe",
"is_64": true
},
{
"name": "hpwuschd2.exe",
"name_parent": "",
"pid": 3332,
"path": "C:\\Program Files (x86)\\HP\\HP Software Update\\hpwuschd2.exe",
"command_line": "\"C:\\Program Files (x86)\\HP\\HP Software Update\\hpwuschd2.exe\" ",
"pid_parent": 2616,
"path_parent": "",
"is_64": false
},
{
"name": "MOM.exe",
"name_parent": "",
"pid": 5228,
"path": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe",
"command_line": "\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM\" PriorityLow",
"pid_parent": 4768,
"path_parent": "",
"is_64": true
},
{
"name": "CCleaner64.exe",
"name_parent": "",
"pid": 6216,
"path": "C:\\Program Files\\CCleaner\\CCleaner64.exe",
"command_line": "\"C:\\Program Files\\CCleaner\\CCleaner.exe\" /MONITOR /uac",
"pid_parent": 5508,
"path_parent": "",
"is_64": true
},
{
"name": "CCC.exe",
"name_parent": "MOM.exe",
"pid": 7080,
"path": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe",
"command_line": "\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CCC.exe\" 0",
"pid_parent": 5228,
"path_parent": "C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\MOM.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3720,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localservicenetworkrestricted -s wscsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 4640,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k unistacksvcgroup",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "ApplicationFrameHost.exe",
"name_parent": "svchost.exe",
"pid": 6836,
"path": "C:\\Windows\\System32\\ApplicationFrameHost.exe",
"command_line": "C:\\WINDOWS\\system32\\ApplicationFrameHost.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1960,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs -s lfsvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "dllhost.exe",
"name_parent": "svchost.exe",
"pid": 7244,
"path": "C:\\Windows\\System32\\dllhost.exe",
"command_line": "C:\\WINDOWS\\system32\\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5404,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 2740,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s SensorService",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7872,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k netsvcs",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SystemSettings.exe",
"name_parent": "svchost.exe",
"pid": 8312,
"path": "C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe",
"command_line": "\"C:\\WINDOWS\\ImmersiveControlPanel\\SystemSettings.exe\" -ServerName:microsoft.windows.immersivecontrolpanel",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 3936,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\system32\\svchost.exe -k LocalService -s WinHttpAutoProxySvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 976,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 5644,
"path": "c:\\Windows\\System32\\svchost.exe",
"command_line": "c:\\windows\\system32\\svchost.exe -k localsystemnetworkrestricted -s StorSvc",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "MicrosoftEdge.exe",
"name_parent": "svchost.exe",
"pid": 7420,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdge.exe\" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "browser_broker.exe",
"name_parent": "svchost.exe",
"pid": 2600,
"path": "C:\\Windows\\System32\\browser_broker.exe",
"command_line": "C:\\WINDOWS\\system32\\browser_broker.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 3880,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 5312,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 4544,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "smartscreen.exe",
"name_parent": "svchost.exe",
"pid": 5204,
"path": "C:\\Windows\\System32\\smartscreen.exe",
"command_line": "C:\\Windows\\System32\\smartscreen.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 9116,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 5848,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 1732,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "audiodg.exe",
"name_parent": "svchost.exe",
"pid": 4500,
"path": "C:\\Windows\\System32\\audiodg.exe",
"command_line": "C:\\WINDOWS\\system32\\AUDIODG.EXE 0x4ec",
"pid_parent": 2252,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 3544,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 7428,
"path": "",
"command_line": "",
"pid_parent": 776,
"path_parent": "",
"is_64": false
},
{
"name": "DataExchangeHost.exe",
"name_parent": "svchost.exe",
"pid": 7704,
"path": "C:\\Windows\\System32\\DataExchangeHost.exe",
"command_line": "C:\\Windows\\System32\\DataExchangeHost.exe -Embedding",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "svchost.exe",
"name_parent": "",
"pid": 832,
"path": "C:\\Windows\\System32\\svchost.exe",
"command_line": "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost",
"pid_parent": 776,
"path_parent": "",
"is_64": true
},
{
"name": "SearchProtocolHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 7788,
"path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe27_ Global\\UsGthrCtrlFltPipeMssGthrPipe27 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" ",
"pid_parent": 5776,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "SearchFilterHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 9192,
"path": "C:\\Windows\\System32\\SearchFilterHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchFilterHost.exe\" 0 688 692 700 8192 696 ",
"pid_parent": 5776,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
},
{
"name": "backgroundTaskHost.exe",
"name_parent": "svchost.exe",
"pid": 5708,
"path": "C:\\Windows\\System32\\backgroundTaskHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\backgroundTaskHost.exe\" -ServerName:CortanaUI.AppXy7vb4pc2dr3kc93kfc509b1d0arkfb2x.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "RogueKiller64.exe",
"name_parent": "",
"pid": 8392,
"path": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe",
"command_line": "\"C:\\Program Files\\RogueKiller\\RogueKiller64.exe\" ",
"pid_parent": 4512,
"path_parent": "",
"is_64": true
},
{
"name": "MicrosoftEdgeCP.exe",
"name_parent": "svchost.exe",
"pid": 6392,
"path": "C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe",
"command_line": "\"C:\\Windows\\SystemApps\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\MicrosoftEdgeCP.exe\" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca",
"pid_parent": 936,
"path_parent": "C:\\Windows\\System32\\svchost.exe",
"is_64": true
},
{
"name": "SearchProtocolHost.exe",
"name_parent": "SearchIndexer.exe",
"pid": 1500,
"path": "C:\\Windows\\System32\\SearchProtocolHost.exe",
"command_line": "\"C:\\WINDOWS\\system32\\SearchProtocolHost.exe\" Global\\UsGthrFltPipeMssGthrPipe_S-1-5-21-2798650966-3917502356-1212340295-100128_ Global\\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-2798650966-3917502356-1212340295-100128 1 -2147483646 \"Software\\Microsoft\\Windows Search\" \"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)\" \"C:\\ProgramData\\Microsoft\\Search\\Data\\Temp\\usgthrsvc\" \"DownLevelDaemon\" \"1\"",
"pid_parent": 5776,
"path_parent": "C:\\Windows\\System32\\SearchIndexer.exe",
"is_64": true
}
]
},
"results": {
"processes": [],
"modules": [],
"services": [],
"registry": [],
"tasks": [],
"filesystem": [],
"wmi": [],
"hosts": {
"is_too_big": false,
"lines": []
},
"antirootkit": {
"is_driver_loaded": true,
"driver_error": 0,
"results": []
},
"web_browsers": [],
"disk": {
"results": [],
"mbr": "+++++ PhysicalDrive0: WDC WD10EZEX-00WN4A0 +++++\n--- User ---\n[MBR] 0086f36f0b7bc8b257f89fc226376c3d\n[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB\n1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 99 MB\n2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1126400 | Size: 16 MB\n3 - Basic data partition | Offset (sectors): 1159168 | Size: 953303 MB\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++\nError reading User MBR! ([15] Le périphérique n?est pas prêt. )\nError reading LL1 MBR! NOT VALID!\nError reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )\n\n"
}
}
}