{
    "header": {
        "program": {
            "project": "RogueKiller",
            "version": "12.1.1.0",
            "x64": false,
            "date": "Apr  4 2016",
            "contact": "http://www.adlice.com/contact/",
            "feedback": "http://forum.adlice.com",
            "website": "http://www.adlice.com/fr/logiciels/roguekiller/",
            "blog": "http://www.adlice.com"
        },
        "environment": {
            "operating_system": "Windows 7 (6.1.7601 Service Pack 1) 64 bits version",
            "boot": 0,
            "winpe": false,
            "user": "space",
            "user_admin": true,
            "program_location": "C:\\Users\\space\\Downloads\\Programs\\RogueKiller.exe",
            "x64": true,
            "licensing": "premium"
        },
        "report": {
            "type": 2,
            "aborted": false,
            "date": "12/07/2016 19:21:45",
            "switches": 0,
            "debug": false,
            "count": 22,
            "show_legit_hooks": false,
            "expert_mode": false
        }
    },
    "information": {
        "processes": [
            {
                "name": "[System Process]",
                "name_parent": "",
                "pid": 0,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "System",
                "name_parent": "",
                "pid": 4,
                "path": "",
                "command_line": "",
                "pid_parent": 0,
                "path_parent": ""
            },
            {
                "name": "smss.exe",
                "name_parent": "",
                "pid": 360,
                "path": "C:\\Windows\\System32\\smss.exe",
                "command_line": "\\SystemRoot\\System32\\smss.exe",
                "pid_parent": 4,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 548,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
                "pid_parent": 532,
                "path_parent": ""
            },
            {
                "name": "wininit.exe",
                "name_parent": "",
                "pid": 600,
                "path": "C:\\Windows\\System32\\wininit.exe",
                "command_line": "wininit.exe",
                "pid_parent": 532,
                "path_parent": ""
            },
            {
                "name": "csrss.exe",
                "name_parent": "",
                "pid": 636,
                "path": "C:\\Windows\\System32\\csrss.exe",
                "command_line": "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16",
                "pid_parent": 612,
                "path_parent": ""
            },
            {
                "name": "services.exe",
                "name_parent": "wininit.exe",
                "pid": 676,
                "path": "C:\\Windows\\System32\\services.exe",
                "command_line": "C:\\Windows\\system32\\services.exe",
                "pid_parent": 600,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "winlogon.exe",
                "name_parent": "",
                "pid": 712,
                "path": "C:\\Windows\\System32\\winlogon.exe",
                "command_line": "winlogon.exe",
                "pid_parent": 612,
                "path_parent": ""
            },
            {
                "name": "lsass.exe",
                "name_parent": "wininit.exe",
                "pid": 740,
                "path": "C:\\Windows\\System32\\lsass.exe",
                "command_line": "C:\\Windows\\system32\\lsass.exe",
                "pid_parent": 600,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "lsm.exe",
                "name_parent": "wininit.exe",
                "pid": 748,
                "path": "C:\\Windows\\System32\\lsm.exe",
                "command_line": "C:\\Windows\\system32\\lsm.exe",
                "pid_parent": 600,
                "path_parent": "C:\\Windows\\System32\\wininit.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 840,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k DcomLaunch",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "nvvsvc.exe",
                "name_parent": "services.exe",
                "pid": 908,
                "path": "C:\\Windows\\System32\\nvvsvc.exe",
                "command_line": "\"C:\\Windows\\system32\\nvvsvc.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "nvSCPAPISvr.exe",
                "name_parent": "services.exe",
                "pid": 932,
                "path": "C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe",
                "command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 976,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k RPCSS",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 372,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 540,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 792,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "audiodg.exe",
                "name_parent": "svchost.exe",
                "pid": 1044,
                "path": "C:\\Windows\\System32\\audiodg.exe",
                "command_line": "",
                "pid_parent": 372,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1108,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalService",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "rundll32.exe",
                "name_parent": "services.exe",
                "pid": 1132,
                "path": "C:\\Windows\\System32\\rundll32.exe",
                "command_line": "rundll32 \"C:\\Program Files (x86)\\Common Files\\Services\\iThemes.dll\",fnde_svr",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "rundll32.exe",
                "name_parent": "rundll32.exe",
                "pid": 1152,
                "path": "C:\\Windows\\SysWOW64\\rundll32.exe",
                "command_line": "rundll32 \"C:\\Program Files (x86)\\Common Files\\Services\\iThemes.dll\",fnde_svr",
                "pid_parent": 1132,
                "path_parent": "C:\\Windows\\System32\\rundll32.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1292,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkService",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "nvxdsync.exe",
                "name_parent": "nvvsvc.exe",
                "pid": 1392,
                "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe",
                "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe\"",
                "pid_parent": 908,
                "path_parent": "C:\\Windows\\System32\\nvvsvc.exe"
            },
            {
                "name": "nvvsvc.exe",
                "name_parent": "nvvsvc.exe",
                "pid": 1400,
                "path": "C:\\Windows\\System32\\nvvsvc.exe",
                "command_line": "C:\\Windows\\system32\\nvvsvc.exe -session -first",
                "pid_parent": 908,
                "path_parent": "C:\\Windows\\System32\\nvvsvc.exe"
            },
            {
                "name": "spoolsv.exe",
                "name_parent": "services.exe",
                "pid": 1468,
                "path": "C:\\Windows\\System32\\spoolsv.exe",
                "command_line": "C:\\Windows\\System32\\spoolsv.exe",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1528,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "armsvc.exe",
                "name_parent": "services.exe",
                "pid": 1732,
                "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "AdobeUpdateService.exe",
                "name_parent": "services.exe",
                "pid": 1760,
                "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\ElevationManager\\AdobeUpdateService.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "taskhost.exe",
                "name_parent": "services.exe",
                "pid": 1840,
                "path": "C:\\Windows\\System32\\taskhost.exe",
                "command_line": "\"taskhost.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "AGSService.exe",
                "name_parent": "services.exe",
                "pid": 1888,
                "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AGSService.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "avp.exe",
                "name_parent": "services.exe",
                "pid": 1960,
                "path": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avp.exe",
                "command_line": "\"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avp.exe\" -r",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "dwm.exe",
                "name_parent": "svchost.exe",
                "pid": 1976,
                "path": "C:\\Windows\\System32\\dwm.exe",
                "command_line": "\"C:\\Windows\\system32\\Dwm.exe\"",
                "pid_parent": 540,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "explorer.exe",
                "name_parent": "",
                "pid": 1984,
                "path": "C:\\Windows\\explorer.exe",
                "command_line": "C:\\Windows\\Explorer.EXE",
                "pid_parent": 1900,
                "path_parent": ""
            },
            {
                "name": "taskeng.exe",
                "name_parent": "svchost.exe",
                "pid": 2012,
                "path": "C:\\Windows\\System32\\taskeng.exe",
                "command_line": "taskeng.exe {0A64AA2A-F7EB-4A69-AC75-04D59B27AD66}",
                "pid_parent": 792,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "ggdllhost.exe",
                "name_parent": "taskeng.exe",
                "pid": 1572,
                "path": "C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe",
                "command_line": "\"C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe\" \"C:\\Program Files (x86)\\Garena Plus\\ggspawn.dll\",rundll_entry",
                "pid_parent": 2012,
                "path_parent": "C:\\Windows\\System32\\taskeng.exe"
            },
            {
                "name": "HD-LogRotatorService.exe",
                "name_parent": "services.exe",
                "pid": 1616,
                "path": "C:\\Program Files (x86)\\BlueStacks\\HD-LogRotatorService.exe",
                "command_line": "\"C:\\Program Files (x86)\\BlueStacks\\HD-LogRotatorService.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "ggdllhost.exe",
                "name_parent": "ggdllhost.exe",
                "pid": 1708,
                "path": "C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe",
                "command_line": "\"C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe\" \"C:\\Program Files (x86)\\Garena Plus\\ggspawn.dll\",rundll_entry -mmah",
                "pid_parent": 1572,
                "path_parent": "C:\\Program Files (x86)\\Garena Plus\\ggdllhost.exe"
            },
            {
                "name": "HD-UpdaterService.exe",
                "name_parent": "services.exe",
                "pid": 2168,
                "path": "C:\\Program Files (x86)\\BlueStacks\\HD-UpdaterService.exe",
                "command_line": "\"C:\\Program Files (x86)\\BlueStacks\\HD-UpdaterService.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "GfExperienceService.exe",
                "name_parent": "services.exe",
                "pid": 2348,
                "path": "C:\\Program Files\\NVIDIA Corporation\\GeForce Experience Service\\GfExperienceService.exe",
                "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\GeForce Experience Service\\GfExperienceService.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2380,
                "path": "C:\\Windows\\SysWOW64\\svchost.exe",
                "command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k hpdevmgmt",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "HeciServer.exe",
                "name_parent": "services.exe",
                "pid": 2444,
                "path": "C:\\Program Files\\Intel\\iCLS Client\\HeciServer.exe",
                "command_line": "\"C:\\Program Files\\Intel\\iCLS Client\\HeciServer.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "MaConfigAgent.exe",
                "name_parent": "services.exe",
                "pid": 2564,
                "path": "C:\\Program Files\\ma-config.com\\MaConfigAgent.exe",
                "command_line": "\"C:\\Program Files\\ma-config.com\\MaConfigAgent.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2740,
                "path": "C:\\Windows\\SysWOW64\\svchost.exe",
                "command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k Mihethoderly",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2760,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k HPZ12",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "RAVCpl64.exe",
                "name_parent": "explorer.exe",
                "pid": 2320,
                "path": "C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe",
                "command_line": "\"C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe\" -s",
                "pid_parent": 1984,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "NvNetworkService.exe",
                "name_parent": "services.exe",
                "pid": 1784,
                "path": "C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe",
                "command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "nvstreamsvc.exe",
                "name_parent": "services.exe",
                "pid": 2272,
                "path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe",
                "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2824,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k HPZ12",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "NvBackend.exe",
                "name_parent": "explorer.exe",
                "pid": 3068,
                "path": "C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe",
                "command_line": "\"C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe\" ",
                "pid_parent": 1984,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "BleServicesCtrl.exe",
                "name_parent": "explorer.exe",
                "pid": 1656,
                "path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\BleServicesCtrl.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\BleServicesCtrl.exe\" ",
                "pid_parent": 1984,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "rundll32.exe",
                "name_parent": "explorer.exe",
                "pid": 2812,
                "path": "C:\\Windows\\System32\\rundll32.exe",
                "command_line": "\"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Program Files (x86)\\Intel\\Bluetooth\\btmshellex.dll\",TrayApp",
                "pid_parent": 1984,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "IDMan.exe",
                "name_parent": "explorer.exe",
                "pid": 2500,
                "path": "C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe",
                "command_line": "\"C:\\Program Files (x86)\\Internet Download Manager\\IDMan.exe\" /onboot",
                "pid_parent": 1984,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2652,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k imgsvc",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "TeamViewer_Service.exe",
                "name_parent": "services.exe",
                "pid": 2308,
                "path": "C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe",
                "command_line": "\"C:\\Program Files (x86)\\TeamViewer\\TeamViewer_Service.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "NvStreamNetworkService.exe",
                "name_parent": "nvstreamsvc.exe",
                "pid": 3428,
                "path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamNetworkService.exe",
                "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\NvStreamNetworkService.exe\" e3c27918-175c-4106-9296-8e1c546e5c07 1",
                "pid_parent": 2272,
                "path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe"
            },
            {
                "name": "conhost.exe",
                "name_parent": "csrss.exe",
                "pid": 3436,
                "path": "C:\\Windows\\System32\\conhost.exe",
                "command_line": "\\??\\C:\\Windows\\system32\\conhost.exe",
                "pid_parent": 548,
                "path_parent": "C:\\Windows\\System32\\csrss.exe"
            },
            {
                "name": "nvstreamsvc.exe",
                "name_parent": "nvstreamsvc.exe",
                "pid": 3444,
                "path": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe",
                "command_line": "\"C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe\" serviceapp",
                "pid_parent": 2272,
                "path_parent": "C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe"
            },
            {
                "name": "conhost.exe",
                "name_parent": "csrss.exe",
                "pid": 3456,
                "path": "C:\\Windows\\System32\\conhost.exe",
                "command_line": "\\??\\C:\\Windows\\system32\\conhost.exe",
                "pid_parent": 636,
                "path_parent": "C:\\Windows\\System32\\csrss.exe"
            },
            {
                "name": "nvtray.exe",
                "name_parent": "nvxdsync.exe",
                "pid": 3740,
                "path": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvtray.exe",
                "command_line": "\"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe\" -user_has_logged_in 1",
                "pid_parent": 1392,
                "path_parent": "C:\\Program Files\\NVIDIA Corporation\\Display\\nvxdsync.exe"
            },
            {
                "name": "UploaderService.exe",
                "name_parent": "services.exe",
                "pid": 3768,
                "path": "C:\\Program Files (x86)\\Common Files\\TechSmith Shared\\Uploader\\UploaderService.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\TechSmith Shared\\Uploader\\UploaderService.exe\" /service",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "avpui.exe",
                "name_parent": "avp.exe",
                "pid": 3996,
                "path": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avpui.exe",
                "command_line": "\"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avpui.exe\" -hidden",
                "pid_parent": 1960,
                "path_parent": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\avp.exe"
            },
            {
                "name": "WLIDSVC.EXE",
                "name_parent": "services.exe",
                "pid": 1192,
                "path": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE",
                "command_line": "\"C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "CodeMeter.exe",
                "name_parent": "services.exe",
                "pid": 3800,
                "path": "C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe",
                "command_line": "\"C:\\Program Files (x86)\\CodeMeter\\Runtime\\bin\\CodeMeter.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "WLIDSVCM.EXE",
                "name_parent": "WLIDSVC.EXE",
                "pid": 3024,
                "path": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVCM.EXE",
                "command_line": "WLIDSvcM.exe 1192",
                "pid_parent": 1192,
                "path_parent": "C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WLIDSVC.EXE"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 4232,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "SearchIndexer.exe",
                "name_parent": "services.exe",
                "pid": 4292,
                "path": "C:\\Windows\\System32\\SearchIndexer.exe",
                "command_line": "C:\\Windows\\system32\\SearchIndexer.exe /Embedding",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 4776,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k NetworkServiceNetworkRestricted",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "devmonsrv.exe",
                "name_parent": "services.exe",
                "pid": 2548,
                "path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\devmonsrv.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\devmonsrv.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "obexsrv.exe",
                "name_parent": "services.exe",
                "pid": 5140,
                "path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\obexsrv.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\obexsrv.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "mediasrv.exe",
                "name_parent": "services.exe",
                "pid": 5180,
                "path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\mediasrv.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\mediasrv.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "btplayerctrl.exe",
                "name_parent": "svchost.exe",
                "pid": 5676,
                "path": "C:\\Program Files (x86)\\Intel\\Bluetooth\\BTPlayerCtrl.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Bluetooth\\BTPlayerCtrl.exe\" -Embedding",
                "pid_parent": 840,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "explorer.exe",
                "pid": 6060,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" ",
                "pid_parent": 1984,
                "path_parent": "C:\\Windows\\explorer.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 6076,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=crashpad-handler /prefetch:7 \"--database=C:\\Users\\space\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=54.0.2840.99 --handshake-handle=0x7c",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "msiexec.exe",
                "name_parent": "svchost.exe",
                "pid": 3248,
                "path": "C:\\Windows\\SysWOW64\\msiexec.exe",
                "command_line": "\"C:\\Windows\\System32\\msiexec.exe\" /i \"C:\\Program Files (x86)\\Cluneghtmernersh\\_ALLOWDEL_1d49c\\amuleins.msi\" ",
                "pid_parent": 2740,
                "path_parent": "C:\\Windows\\SysWOW64\\svchost.exe"
            },
            {
                "name": "msiexec.exe",
                "name_parent": "services.exe",
                "pid": 1768,
                "path": "C:\\Windows\\System32\\msiexec.exe",
                "command_line": "C:\\Windows\\system32\\msiexec.exe /V",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4736,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=gpu-process --enable-features=\"*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2\" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/DisallowFetchForDocWrittenScriptsInMainFrame/Control/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/OmniboxBundledExperimentV1/StandardR7/ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledDisableDelayTcpRace/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/SSLPostQuantum/disabled/SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/StrictSecureCookies/Default/SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group2/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=5,15,16,17,20,34,60,74 --gpu-vendor-id=0x10de --gpu-device-id=0x104a --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.4709 --gpu-driver-date=12-13-2014 --mojo-application-channel-token=AC6552DC181310DD70589FB56154604F --mojo-platform-channel-handle=1008 --ignored=\" --type=renderer \" /prefetch:2",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 6140,
                "path": "C:\\Windows\\SysWOW64\\svchost.exe",
                "command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k WinSAPSvc",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 6000,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2\" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledDisableDelayTcpRace/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group2/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=43209E37E3FDE415DE356DA3B576D095 --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=43209E37E3FDE415DE356DA3B576D095 --channel=\"6060.2.1305866399\\312535835\" --mojo-platform-channel-handle=2948 /prefetch:1",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 3416,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2\" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledDisableDelayTcpRace/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group2/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=68A2DB202A1A231F0C7EBC944EF9B4C7 --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=68A2DB202A1A231F0C7EBC944EF9B4C7 --channel=\"6060.3.1151403013\\1949632644\" --mojo-platform-channel-handle=2976 /prefetch:1",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1452,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2\" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/PreconnectMore/Default/*QUIC/EnabledDisableDelayTcpRace/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group2/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/WebFontsInterventionV2/Default/ --primordial-pipe-token=64B799C7733611D8673CB5AD269BA40C --lang=en-US --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=64B799C7733611D8673CB5AD269BA40C --channel=\"6060.4.837035848\\1348081635\" --mojo-platform-channel-handle=3048 /prefetch:1",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2292,
                "path": "C:\\Windows\\SysWOW64\\svchost.exe",
                "command_line": "C:\\Windows\\SysWOW64\\svchost.exe -k ArcherGroupEx",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "cmd.exe",
                "name_parent": "chrome.exe",
                "pid": 2980,
                "path": "C:\\Windows\\System32\\cmd.exe",
                "command_line": "C:\\Windows\\system32\\cmd.exe /c \"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\plugin-nm-server.exe\" --parent-window=0 chrome-extension://dbhjdbfgekjfcfkkfjjmlmojhbllhbho/ < \\\\.\\pipe\\chrome.nativeMessaging.in.2bd2de9a557ccc4a > \\\\.\\pipe\\chrome.nativeMessaging.out.2bd2de9a557ccc4a",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "conhost.exe",
                "name_parent": "csrss.exe",
                "pid": 2632,
                "path": "C:\\Windows\\System32\\conhost.exe",
                "command_line": "\\??\\C:\\Windows\\system32\\conhost.exe",
                "pid_parent": 636,
                "path_parent": "C:\\Windows\\System32\\csrss.exe"
            },
            {
                "name": "plugin-nm-server.exe",
                "name_parent": "cmd.exe",
                "pid": 4876,
                "path": "C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\plugin-nm-server.exe",
                "command_line": "\"C:\\Program Files (x86)\\Kaspersky Lab\\Kaspersky Internet Security 15.0.2\\plugin-nm-server.exe\"  --parent-window=0 chrome-extension://dbhjdbfgekjfcfkkfjjmlmojhbllhbho/ ",
                "pid_parent": 2980,
                "path_parent": "C:\\Windows\\System32\\cmd.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 1124,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2\" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledDisableDelayTcpRace/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group2/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=B4FA43F17552A45FFAE18CA279A336A2 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=B4FA43F17552A45FFAE18CA279A336A2 --channel=\"6060.6.835789571\\850727491\" --mojo-platform-channel-handle=4912 /prefetch:1",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "chrome.exe",
                "name_parent": "chrome.exe",
                "pid": 4828,
                "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
                "command_line": "\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --type=renderer --enable-features=\"*AutofillCreditCardSigninPromo<AutofillCreditCardSigninPromo,AutomaticTabDiscarding<AutomaticTabDiscarding,BlockSmallPluginContent<PluginPowerSaverTiny,MaterialDesignUserManager<MaterialDesignUserManager,NonValidatingReloadOnNormalReload<NonValidatingReloadOnNormalReload,*OverrideYouTubeFlashEmbed<Override YouTube Flash emed,*PointerEvent<PointerEvent,*PreconnectMore<PreconnectMore,SubresourceFilter<SubresourceFilter,*TranslateUI2016Q2<TranslateUI2016Q2\" --disable-features=DocumentWriteEvaluator<DisallowFetchForDocWrittenScriptsInMainFrame,MetricsReporting<MetricsAndCrashSampling,ParseHTMLOnMainThread<ParseHTMLOnMainThread,SSLPostQuantumExperiment<SSLPostQuantum,SecurityWarningIconUpdate<SecurityWarningIconUpdate,UpdateRendererPriorityOnStartup<UpdateRendererPriorityOnStartup --force-fieldtrials=*AppBannerTriggering/site-engagement-eager/AutofillCreditCardSigninPromo/Default/*AutomaticTabDiscarding/Enabled_Once_10-gen2/CaptivePortalInterstitial/Enabled/*ChildAccountDetection/Enabled/*ChromeChannelStable/Enabled/*ChromeSuggestionsTuning/Default/*ClientSideDetectionModel/Model0/DefaultBrowserPromptStyle/ColoredIconOnWhiteInfoBar3/*DisallowFetchForDocWrittenScriptsInMainFrame/Control/EnableWin32kLockDownMimeTypes/PPAPILockdown_Enabled/*EnforceCTForProblematicRoots/disabled/ExtensionDeveloperModeWarning/Enabled/*GFE/Default/GoogleBrandedContextMenu/default/InstanceID/Enabled/MaterialDesignDownloads/Enabled/MaterialDesignUserManager/Enabled/*MetricsAndCrashSampling/OutOfReportingSample/*NetworkQualityEstimator/Enabled/*NonValidatingReloadOnNormalReload/Enabled2/*OmniboxBundledExperimentV1/StandardR7/*ParseHTMLOnMainThread/Default/PasswordBranding/SmartLockBrandingSavePromptOnly/*PasswordGeneration/Disabled/*PasswordManagerSettingsMigration/Enable/PluginPowerSaverTiny/Enabled2/*PreconnectMore/Default/*QUIC/EnabledDisableDelayTcpRace/ReportCertificateErrors/ShowAndPossiblySend/SHA1IdentityUIWarning/Enabled/SHA1ToolbarUIJanuary2016/Warning/SHA1ToolbarUIJanuary2017/Error/*SRTPromptFieldTrial/On/SSLCommonNameMismatchHandling/Control/*SSLPostQuantum/disabled/*SafeBrowsingIncidentReportingService/Default/SafeBrowsingUnverifiedDownloads/DisableByParameterMostSbTypes2/SafeBrowsingUpdateFrequency/Default/SecurityWarningIconUpdate/Control/SignInPasswordPromo/Enable3/*StrictSecureCookies/Default/*SubresourceFilter/EnabledForPhishingSites/TranslateServerStudy/Default/TranslateUI2016Q2/DefaultTranslateUI2016Q2/*TriggeredResetFieldTrial/On/*UMA-Dynamic-Uniformity-Trial/Group2/*UMA-Population-Restrict/normal/*UMA-Uniformity-Trial-1-Percent/group_31/*UMA-Uniformity-Trial-10-Percent/group_05/*UMA-Uniformity-Trial-100-Percent/group_01/*UMA-Uniformity-Trial-20-Percent/group_01/*UMA-Uniformity-Trial-5-Percent/group_02/*UMA-Uniformity-Trial-50-Percent/default/WebBluetoothBlacklist/BlacklistUpdate1/*WebFontsInterventionV2/Default/ --primordial-pipe-token=5761619C0B97AA88BC75AFDE348EED89 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=false --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553 --mojo-application-channel-token=5761619C0B97AA88BC75AFDE348EED89 --channel=\"6060.7.1652947871\\1308320414\" --mojo-platform-channel-handle=5240 /prefetch:1",
                "pid_parent": 6060,
                "path_parent": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe"
            },
            {
                "name": "Jhi_service.exe",
                "name_parent": "services.exe",
                "pid": 3540,
                "path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\DAL\\jhi_service.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "LMS.exe",
                "name_parent": "services.exe",
                "pid": 3320,
                "path": "C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe",
                "command_line": "\"C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\LMS\\LMS.exe\"",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 1164,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\System32\\svchost.exe -k secsvcs",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "svchost.exe",
                "name_parent": "services.exe",
                "pid": 2412,
                "path": "C:\\Windows\\System32\\svchost.exe",
                "command_line": "C:\\Windows\\system32\\svchost.exe -k SDRSVC",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "rundll32.exe",
                "name_parent": "services.exe",
                "pid": 4068,
                "path": "C:\\Windows\\System32\\rundll32.exe",
                "command_line": "C:\\Windows\\system32\\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy",
                "pid_parent": 676,
                "path_parent": "C:\\Windows\\System32\\services.exe"
            },
            {
                "name": "WmiPrvSE.exe",
                "name_parent": "svchost.exe",
                "pid": 4648,
                "path": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
                "command_line": "C:\\Windows\\system32\\wbem\\wmiprvse.exe",
                "pid_parent": 840,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "taskeng.exe",
                "name_parent": "svchost.exe",
                "pid": 5896,
                "path": "C:\\Windows\\System32\\taskeng.exe",
                "command_line": "taskeng.exe {A5A3C2A2-01D6-44BB-B629-69C0005AB522}",
                "pid_parent": 792,
                "path_parent": "C:\\Windows\\System32\\svchost.exe"
            },
            {
                "name": "AdobeGCClient.exe",
                "name_parent": "",
                "pid": 816,
                "path": "C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AdobeGCClient.exe",
                "command_line": "\"C:\\Program Files (x86)\\Common Files\\Adobe\\AdobeGCClient\\AdobeGCClient.exe\" --xmlFilePath=\"C:\\Users\\space\\AppData\\Local\\Temp\\adobegc_a03080\" --workflowInitiator=CSUpdater --xmlFilePath2=\"C:\\Users\\Public\\Documents\\AdobeGC\\adobegc_a03080\"",
                "pid_parent": 4920,
                "path_parent": ""
            },
            {
                "name": "rads_user_kernel.exe",
                "name_parent": "",
                "pid": 2200,
                "path": "C:\\Riot Games\\League of Legends\\RADS\\system\\rads_user_kernel.exe",
                "command_line": "\"C:\\Riot Games\\League of Legends\\RADS\\system\\rads_user_kernel.exe\" updateandrun lol_launcher LoLLauncher.exe",
                "pid_parent": 5784,
                "path_parent": ""
            },
            {
                "name": "LoLLauncher.exe",
                "name_parent": "rads_user_kernel.exe",
                "pid": 2092,
                "path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_launcher\\releases\\0.0.1.34\\deploy\\LoLLauncher.exe",
                "command_line": "LoLLauncher.exe  ",
                "pid_parent": 2200,
                "path_parent": "C:\\Riot Games\\League of Legends\\RADS\\system\\rads_user_kernel.exe"
            },
            {
                "name": "LoLPatcher.exe",
                "name_parent": "LoLLauncher.exe",
                "pid": 5380,
                "path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcher.exe",
                "command_line": "\"C:/Riot Games/League of Legends/RADS/projects/lol_patcher/releases/0.0.0.74/deploy/LoLPatcher.exe\" \"\"",
                "pid_parent": 2092,
                "path_parent": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_launcher\\releases\\0.0.1.34\\deploy\\LoLLauncher.exe"
            },
            {
                "name": "LoLPatcherUx.exe",
                "name_parent": "LoLPatcher.exe",
                "pid": 1448,
                "path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe",
                "command_line": "\"C:/Riot Games/League of Legends/RADS/projects/lol_patcher/releases/0.0.0.74/deploy/LoLPatcherUx.exe\" \"\" \"--force-device-scale-factor=1\" \"--use-http\" \"--remoting-auth-token=InXQk_4GcGuCPBdLc1ZVrQ\" \"--rads-product-directory=C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\" \"--app-port=49499\" \"--install-directory=C:/Riot Games/League of Legends/\" \"--app-name=LoLPatcher\" \"--ux-name=LoLPatcherUx\" \"--ux-helper-name=\" \"--log-dir=Patcher Logs\" \"--bugsplat-name=\" \"--project=\" \"--app-log-file-path=C:/Riot Games/League of Legends/Logs/Patcher Logs/2016-12-07T18-36-20_LoLPatcher.log\" \"--disable-spell-checking\" \"--no-displaying-insecure-content\" \"--app-pid=5380\"",
                "pid_parent": 5380,
                "path_parent": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcher.exe"
            },
            {
                "name": "LoLPatcherUx.exe",
                "name_parent": "LoLPatcherUx.exe",
                "pid": 1036,
                "path": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe",
                "command_line": "\"C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe\" --type=renderer --force-device-scale-factor=1 --no-sandbox --enable-deferred-image-decoding --lang=en-US --lang=en-US --disable-spell-checking --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel=\"1448.1.89388757\\88509977\" --app-name=LoLPatcher --ux-name=LoLPatcherUx --ux-helper-name --log-dir=\"Patcher Logs\" --bugsplat-name --project=Release --app-port=49499 --remoting-auth-token=InXQk_4GcGuCPBdLc1ZVrQ /prefetch:673131151",
                "pid_parent": 1448,
                "path_parent": "C:\\Riot Games\\League of Legends\\RADS\\projects\\lol_patcher\\releases\\0.0.0.74\\deploy\\LoLPatcherUx.exe"
            },
            {
                "name": "RogueKiller.exe",
                "name_parent": "explorer.exe",
                "pid": 2688,
                "path": "C:\\Users\\space\\Downloads\\Programs\\RogueKiller.exe",
                "command_line": "\"C:\\Users\\space\\Downloads\\Programs\\RogueKiller.exe\" ",
                "pid_parent": 1984,
                "path_parent": "C:\\Windows\\explorer.exe"
            }
        ]
    },
    "results": {
        "processes": [],
        "modules": [],
        "services": [
            {
                "scan_what": 0,
                "scan_how": [
                    1,
                    2,
                    3
                ],
                "vendors": [
                    "Suspicious.Path"
                ],
                "name": "gkernel",
                "path": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
                "file_status": "[x]",
                "file_exists": false,
                "file_signed": false,
                "file_signer": "",
                "file_vtscore": -1,
                "status_str": "ERROR [41c]",
                "status_choice": 2,
                "status_removed": 1
            }
        ],
        "registry": [
            {
                "scan_what": 1,
                "scan_how": [
                    5,
                    6,
                    7
                ],
                "scan_how_trigger": 7,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "RUN",
                "view": 256,
                "value": "Windows Update Installer",
                "subkey": "",
                "value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
                "value_data": "",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
                "extra": "",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
                        "path_compressed": "%APPDATA%\\WindowsUpdate\\Updater.exe",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Supprimé(e)",
                "status_choice": 2,
                "status_removed": 5
            },
            {
                "scan_what": 1,
                "scan_how": [
                    5,
                    6,
                    7
                ],
                "scan_how_trigger": 7,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "RUN",
                "view": 256,
                "value": "Gosesk",
                "subkey": "",
                "value_old_data": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
                "value_data": "",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
                "extra": "",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
                        "path_compressed": "%APPDATA%\\Microsoft\\Windows\\Gosesk.exe",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Supprimé(e)",
                "status_choice": 2,
                "status_removed": 5
            },
            {
                "scan_what": 1,
                "scan_how": [
                    5,
                    6,
                    7
                ],
                "scan_how_trigger": 7,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "RUN",
                "view": 256,
                "value": "Windows Live Installer",
                "subkey": "",
                "value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
                "value_data": "",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
                "extra": "",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
                        "path_compressed": "%APPDATA%\\WindowsUpdate\\Live.exe",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Supprimé(e)",
                "status_choice": 2,
                "status_removed": 5
            },
            {
                "scan_what": 1,
                "scan_how": [
                    5,
                    6,
                    7
                ],
                "scan_how_trigger": 7,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "RUN",
                "view": 512,
                "value": "Windows Update Installer",
                "subkey": "",
                "value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
                "value_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
                "extra": "",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Updater.exe",
                        "path_compressed": "%APPDATA%\\WindowsUpdate\\Updater.exe",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "ERROR [2]",
                "status_choice": 2,
                "status_removed": 1
            },
            {
                "scan_what": 1,
                "scan_how": [
                    5,
                    6,
                    7
                ],
                "scan_how_trigger": 7,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "RUN",
                "view": 512,
                "value": "Gosesk",
                "subkey": "",
                "value_old_data": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
                "value_data": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
                "extra": "",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Roaming\\Microsoft\\Windows\\Gosesk.exe",
                        "path_compressed": "%APPDATA%\\Microsoft\\Windows\\Gosesk.exe",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "ERROR [2]",
                "status_choice": 2,
                "status_removed": 1
            },
            {
                "scan_what": 1,
                "scan_how": [
                    5,
                    6,
                    7
                ],
                "scan_how_trigger": 7,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "RUN",
                "view": 512,
                "value": "Windows Live Installer",
                "subkey": "",
                "value_old_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
                "value_data": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
                "extra": "",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Roaming\\WindowsUpdate\\Live.exe",
                        "path_compressed": "%APPDATA%\\WindowsUpdate\\Live.exe",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "ERROR [2]",
                "status_choice": 2,
                "status_removed": 1
            },
            {
                "scan_what": 2,
                "scan_how": [
                    4
                ],
                "scan_how_trigger": 4,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "Services",
                "view": 256,
                "value": "",
                "subkey": "gkernel",
                "value_old_data": "",
                "value_data": "",
                "path": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services",
                "extra": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
                        "path_compressed": "%localappdata%\\Temp\\gkernel.sys",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Supprimé(e)",
                "status_choice": 2,
                "status_removed": 3
            },
            {
                "scan_what": 2,
                "scan_how": [
                    4
                ],
                "scan_how_trigger": 4,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "Services",
                "view": 256,
                "value": "",
                "subkey": "gkernel",
                "value_old_data": "",
                "value_data": "",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Services",
                "extra": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
                        "path_compressed": "%localappdata%\\Temp\\gkernel.sys",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Supprimé(e)",
                "status_choice": 2,
                "status_removed": 3
            },
            {
                "scan_what": 2,
                "scan_how": [
                    4
                ],
                "scan_how_trigger": 4,
                "vendors": [
                    "Suspicious.Path"
                ],
                "rule_name": "Services",
                "view": 256,
                "value": "",
                "subkey": "gkernel",
                "value_old_data": "",
                "value_data": "",
                "path": "HKEY_LOCAL_MACHINE\\System\\ControlSet002\\Services",
                "extra": "\\??\\C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
                "files_status": "[x]",
                "vtscore": -1,
                "files": [
                    {
                        "path_expanded": "C:\\Users\\space\\AppData\\Local\\Temp\\gkernel.sys",
                        "path_compressed": "%localappdata%\\Temp\\gkernel.sys",
                        "md5": "",
                        "exists": false,
                        "signed": false,
                        "signer": "",
                        "vtscore": -1
                    }
                ],
                "status_str": "Supprimé(e)",
                "status_choice": 2,
                "status_removed": 3
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.HomePage"
                ],
                "rule_name": "IE Settings",
                "view": 256,
                "value": "Start Page",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.HomePage"
                ],
                "rule_name": "IE Settings",
                "view": 512,
                "value": "Start Page",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://go.microsoft.com/fwlink/p/?LinkId=255141",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/p/?LinkId=255141)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.HomePage"
                ],
                "rule_name": "IE Settings",
                "view": 256,
                "value": "Default_Page_URL",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.HomePage"
                ],
                "rule_name": "IE Settings",
                "view": 512,
                "value": "Default_Page_URL",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.HomePage"
                ],
                "rule_name": "IE Settings",
                "view": 256,
                "value": "Default_Page_URL",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.HomePage"
                ],
                "rule_name": "IE Settings",
                "view": 512,
                "value": "Default_Page_URL",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome",
                "path": "HKEY_USERS\\S-1-5-21-3992479630-2482588009-2382292733-1000\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.SearchPage"
                ],
                "rule_name": "IE Settings",
                "view": 256,
                "value": "Search Page",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://go.microsoft.com/fwlink/?LinkId=54896",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.SearchPage"
                ],
                "rule_name": "IE Settings",
                "view": 512,
                "value": "Search Page",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://go.microsoft.com/fwlink/?LinkId=54896",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://go.microsoft.com/fwlink/?LinkId=54896)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.SearchPage"
                ],
                "rule_name": "IE Settings",
                "view": 256,
                "value": "Default_Search_URL",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    13
                ],
                "scan_how_trigger": 13,
                "vendors": [
                    "PUM.SearchPage"
                ],
                "rule_name": "IE Settings",
                "view": 512,
                "value": "Default_Search_URL",
                "subkey": "",
                "value_old_data": "",
                "value_data": "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    8
                ],
                "scan_how_trigger": 8,
                "vendors": [
                    "PUM.Policies"
                ],
                "rule_name": "Policies",
                "view": 256,
                "value": "ConsentPromptBehaviorAdmin",
                "subkey": "",
                "value_old_data": "0",
                "value_data": "2",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (2)",
                "status_choice": 2,
                "status_removed": 6
            },
            {
                "scan_what": 1,
                "scan_how": [
                    8
                ],
                "scan_how_trigger": 8,
                "vendors": [
                    "PUM.Policies"
                ],
                "rule_name": "Policies",
                "view": 512,
                "value": "ConsentPromptBehaviorAdmin",
                "subkey": "",
                "value_old_data": "0",
                "value_data": "2",
                "path": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
                "extra": "",
                "files_status": "",
                "vtscore": -1,
                "files": [],
                "status_str": "Remplacé(e) (2)",
                "status_choice": 2,
                "status_removed": 6
            }
        ],
        "tasks": [],
        "filesystem": [],
        "hosts": {
            "is_too_big": false,
            "lines": []
        },
        "antirootkit": {
            "is_driver_loaded": false,
            "driver_error": 3221226347,
            "results": []
        },
        "web_browsers": [],
        "disk": {
            "results": [],
            "mbr": "+++++ PhysicalDrive0: ST3750640NS ATA Device +++++\n--- User ---\n[MBR] d54850191bafc943eb77d44e64d01593\n[BSP] 3cfc57663abb2195f66e045b394cdbf0 : Windows Vista/7/8 MBR Code\nPartition table:\n0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 2470 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 5060475 | Size: 343828 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\n2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 709221555 | Size: 369102 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]\nUser = LL1 ... OK\nUser = LL2 ... OK\n\n"
        }
    }
}