start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\Axelle\AppData\Local\Temp\haleng.e
virustotal: C:\Windows\SysWOW64\vp6vfw.dll
virustotal: C:\Windows\SysWOW64\vp6vfw.dll
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [haleng] => C:\Users\Axelle\AppData\Local\Temp\haleng.e <==== ATTENTION
C:\Users\Axelle\AppData\Local\Temp\haleng.e
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-3865090777-2362605195-2025351943-1000\...\MountPoints2: {2e10a3aa-6d35-11e6-9c18-448a5b9a06c3} - "F:\setup.exe"
HKU\S-1-5-21-3865090777-2362605195-2025351943-1000\...\MountPoints2: {38deedcb-31d7-11e7-8066-448a5b9a06c3} - "G:\setup.exe"
HKU\S-1-5-21-3865090777-2362605195-2025351943-1000\...\MountPoints2: {ff115143-5e11-11ea-9cef-448a5b9a06c3} - "H:\setup.exe"
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Tcpip\..\Interfaces\{0f416a4a-7cf0-4311-bf98-60314473b595}: [NameServer] 185.156.172.178,185.93.180.131
cmd: ipconfig /flushdns
emptytemp:
end::