2017-05-02 21:28:11,861 - detector - INFO - Starting with process ID 5984
2017-05-02 21:28:11,871 - detector - INFO - Selected Profile Name: Win8SP0x64
2017-05-02 21:28:11,871 - detector - INFO - Selected Driver: C:\Users\LEN'AP~1\AppData\Local\Temp\_MEI45802\drivers\winpmem64.sys
2017-05-02 21:28:11,874 - detector.service - INFO - Launching service destroyer...
2017-05-02 21:28:11,875 - detector.service - DEBUG - Unable to OpenService: (1060, 'OpenService', 'Le service sp\xe9cifi\xe9 n\x92existe pas en tant que service install\xe9.')
2017-05-02 21:28:11,875 - detector.service - INFO - Trying to stop the winpmem service...
2017-05-02 21:28:11,924 - detector.service - INFO - Trying to delete the winpmem service...
2017-05-02 21:28:11,924 - detector.service - DEBUG - Unable to delete the service: (6, 'DeleteService', 'Descripteur non valide')
2017-05-02 21:28:19,167 - detector.service - INFO - Trying to start the winpmem service...
2017-05-02 21:28:19,213 - detector - INFO - Service started
2017-05-02 21:28:19,213 - detector - INFO - Selected Yara signature file at C:\Users\LEN'AP~1\AppData\Local\Temp\_MEI45802\rules\signatures.yar
2017-05-02 21:28:19,213 - detector - INFO - Obtaining address space and generating config for volatility
2017-05-02 21:28:20,836 - detector - INFO - Address space: <volatility.plugins.addrspaces.amd64.AMD64PagedMemory object at 0x078D8490>, Base: <volatility.plugins.addrspaces.win32pmem.Win32FileAddressSpace object at 0x06C4E4B0>
2017-05-02 21:28:20,836 - detector - INFO - Profile: <volatility.plugins.overlays.windows.win8.Win8SP0x64 object at 0x06C4E070>, DTB: 0x1a8000
2017-05-02 21:28:20,842 - detector - INFO - Starting yara scanner...
2017-05-02 21:28:46,494 - detector - DEBUG - Scanning process System, pid: 4
2017-05-02 21:28:46,496 - detector - DEBUG - Unable to scan process: access denied
2017-05-02 21:28:46,496 - detector - DEBUG - Scanning process smss.exe, pid: 384
2017-05-02 21:28:46,499 - detector - DEBUG - Scanning process csrss.exe, pid: 572
2017-05-02 21:28:46,500 - detector - DEBUG - Scanning process wininit.exe, pid: 656
2017-05-02 21:28:46,503 - detector - DEBUG - Scanning process services.exe, pid: 752
2017-05-02 21:28:46,505 - detector - DEBUG - Scanning process lsass.exe, pid: 760
2017-05-02 21:28:46,506 - detector - DEBUG - Scanning process svchost.exe, pid: 880
2017-05-02 21:28:46,507 - detector - DEBUG - Scanning process svchost.exe, pid: 956
2017-05-02 21:28:46,509 - detector - DEBUG - Scanning process svchost.exe, pid: 1008
2017-05-02 21:28:46,767 - detector - DEBUG - Scanning process svchost.exe, pid: 352
2017-05-02 21:28:46,769 - detector - DEBUG - Scanning process svchost.exe, pid: 588
2017-05-02 21:28:46,772 - detector - DEBUG - Scanning process svchost.exe, pid: 748
2017-05-02 21:28:46,773 - detector - DEBUG - Scanning process svchost.exe, pid: 1168
2017-05-02 21:28:46,776 - detector - DEBUG - Scanning process AvastSvc.exe, pid: 1332
2017-05-02 21:29:15,607 - detector - DEBUG - Scanning process spoolsv.exe, pid: 1688
2017-05-02 21:29:19,828 - detector - DEBUG - Scanning process svchost.exe, pid: 1756
2017-05-02 21:29:19,828 - detector - DEBUG - Scanning process Fuel.Service.e, pid: 1904
2017-05-02 21:29:20,892 - detector - DEBUG - Scanning process CLMSMonitorSer, pid: 2036
2017-05-02 21:29:21,535 - detector - DEBUG - Scanning process CLMSServer.exe, pid: 1184
2017-05-02 21:29:21,535 - detector - DEBUG - Scanning process CLMSServer.exe, pid: 1252
2017-05-02 21:29:22,877 - detector - DEBUG - Scanning process mcsacore.exe, pid: 2108
2017-05-02 21:29:22,877 - detector - DEBUG - Scanning process dasHost.exe, pid: 2160
2017-05-02 21:29:22,877 - detector - DEBUG - Scanning process RichVideo64.ex, pid: 2204
2017-05-02 21:29:23,578 - detector - DEBUG - Scanning process svchost.exe, pid: 2708
2017-05-02 21:29:23,578 - detector - DEBUG - Scanning process svchost.exe, pid: 3164
2017-05-02 21:29:23,578 - detector - DEBUG - Scanning process aswidsagenta.e, pid: 3988
2017-05-02 21:29:23,734 - detector - DEBUG - Scanning process saUpd.exe, pid: 4108
2017-05-02 21:29:23,750 - detector - DEBUG - Scanning process mfeasins_x64.e, pid: 864
2017-05-02 21:29:26,138 - detector - DEBUG - Scanning process MBAMService.ex, pid: 5056
2017-05-02 21:29:26,295 - detector - DEBUG - Scanning process svchost.exe, pid: 6900
2017-05-02 21:29:26,295 - detector - DEBUG - Scanning process escsvc64.exe, pid: 860
2017-05-02 21:29:27,091 - detector - DEBUG - Scanning process splwow64.exe, pid: 1812
2017-05-02 21:29:27,388 - detector - DEBUG - Scanning process mepService.exe, pid: 4012
2017-05-02 21:29:29,466 - detector - DEBUG - Scanning process mep.exe, pid: 160
2017-05-02 21:29:29,466 - detector - DEBUG - Scanning process mep.exe, pid: 5184
2017-05-02 21:29:29,466 - detector - DEBUG - Scanning process mep.exe, pid: 1576
2017-05-02 21:29:29,466 - detector - DEBUG - Scanning process mep.exe, pid: 7020
2017-05-02 21:29:29,466 - detector - DEBUG - Scanning process mep.exe, pid: 216
2017-05-02 21:29:29,466 - detector - DEBUG - Scanning process mep.exe, pid: 4556
2017-05-02 21:29:29,466 - detector - DEBUG - Scanning process mep.exe, pid: 664
2017-05-02 21:29:29,482 - detector - DEBUG - Scanning process mep.exe, pid: 3344
2017-05-02 21:29:29,482 - detector - DEBUG - Scanning process mep.exe, pid: 3888
2017-05-02 21:29:29,482 - detector - DEBUG - Scanning process mep.exe, pid: 6732
2017-05-02 21:29:29,482 - detector - DEBUG - Scanning process mep.exe, pid: 5296
2017-05-02 21:29:29,482 - detector - DEBUG - Scanning process mep.exe, pid: 5924
2017-05-02 21:29:29,482 - detector - DEBUG - Scanning process Brave.exe, pid: 3492
2017-05-02 21:29:29,482 - detector - DEBUG - Scanning process mep.exe, pid: 4716
2017-05-02 21:29:29,496 - detector - DEBUG - Scanning process mep.exe, pid: 1704
2017-05-02 21:29:29,496 - detector - DEBUG - Scanning process mep.exe, pid: 2876
2017-05-02 21:29:29,496 - detector - DEBUG - Scanning process mep.exe, pid: 6184
2017-05-02 21:29:29,496 - detector - DEBUG - Scanning process mep.exe, pid: 6176
2017-05-02 21:29:29,496 - detector - DEBUG - Scanning process mep.exe, pid: 4564
2017-05-02 21:29:29,496 - detector - DEBUG - Scanning process mep.exe, pid: 7780
2017-05-02 21:29:29,496 - detector - DEBUG - Scanning process mep.exe, pid: 5292
2017-05-02 21:29:29,513 - detector - DEBUG - Scanning process mep.exe, pid: 5688
2017-05-02 21:29:29,513 - detector - DEBUG - Scanning process DbxSvc.exep, pid: 4512
2017-05-02 21:29:29,903 - detector - DEBUG - Scanning process mep.exe, pid: 3428
2017-05-02 21:29:29,917 - detector - DEBUG - Scanning process mep.exe, pid: 3320
2017-05-02 21:29:29,917 - detector - DEBUG - Scanning process mep.exe, pid: 8156
2017-05-02 21:29:29,917 - detector - DEBUG - Scanning process mep.exe, pid: 7772
2017-05-02 21:29:29,917 - detector - DEBUG - Scanning process smss.exe, pid: 3256
2017-05-02 21:29:29,917 - detector - DEBUG - Scanning process csrss.exe, pid: 5388
2017-05-02 21:29:29,917 - detector - DEBUG - Scanning process winlogon.exe, pid: 4704
2017-05-02 21:29:29,917 - detector - DEBUG - Scanning process LogonUI.exe, pid: 1944
2017-05-02 21:29:29,934 - detector - DEBUG - Scanning process dwm.exe, pid: 712
2017-05-02 21:29:29,934 - detector - DEBUG - Scanning process taskhostex.exe, pid: 5256
2017-05-02 21:29:29,934 - detector - DEBUG - Scanning process mep.exe, pid: 2792
2017-05-02 21:29:36,721 - detector - DEBUG - Scanning process explorer.exe, pid: 2856
2017-05-02 21:29:40,548 - detector - DEBUG - Scanning process ClassicStartMe, pid: 2460
2017-05-02 21:29:41,299 - detector - DEBUG - Scanning process splwow64.exe, pid: 4312
2017-05-02 21:29:41,875 - detector - DEBUG - Scanning process RAVCpl64.exe, pid: 1672
2017-05-02 21:29:42,157 - detector - DEBUG - Scanning process AvastUI.exe, pid: 7392
2017-05-02 21:29:48,621 - detector - DEBUG - Scanning process E_YATIRIE.EXE, pid: 6884
2017-05-02 21:29:48,901 - detector - DEBUG - Scanning process EEventManager., pid: 4040
2017-05-02 21:29:49,805 - detector - DEBUG - Scanning process firefox.exe, pid: 6576
2017-05-02 21:29:49,822 - detector - DEBUG - Scanning process MOM.exe, pid: 7848
2017-05-02 21:29:51,117 - detector - DEBUG - Scanning process CCC.exe, pid: 8048
2017-05-02 21:29:59,858 - detector - DEBUG - Scanning process CanRemember.ex, pid: 3264
2017-05-02 21:30:00,326 - detector - DEBUG - Scanning process ZHP2.exe, pid: 5072
2017-05-02 21:30:01,576 - detector - DEBUG - Scanning process plugin-contain, pid: 2468
2017-05-02 21:30:01,592 - detector - DEBUG - Scanning process plugin-contain, pid: 8060
2017-05-02 21:30:01,592 - detector - DEBUG - Scanning process plugin-contain, pid: 7440
2017-05-02 21:30:02,341 - detector - DEBUG - Scanning process WUDFHost.exe, pid: 8012
2017-05-02 21:30:02,341 - detector - DEBUG - Scanning process detekt_2-0_fr_, pid: 4580
2017-05-02 21:30:02,450 - detector - INFO - Scanning finished
2017-05-02 21:30:02,450 - detector.service - INFO - Trying to stop the winpmem service...
2017-05-02 21:30:33,204 - detector.service - WARNING - Timeout hit waiting service for status 1, current status 3
2017-05-02 21:30:33,204 - detector.service - INFO - Trying to delete the winpmem service...
2017-05-02 21:30:33,204 - detector - INFO - Service stopped
2017-05-02 21:30:33,206 - detector - INFO - Analysis finished