start::
closeprocesses:
createrestorepoint:
virustotal: C:\Users\noeln\AppData\Roaming\Microsoft\Zkdmcmbg.exe
deletekey: hklm\software\policies\microsoft\windows defender\spynet
cmd: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender"
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-846776622-2796765394-856973693-1001\...\Run: [com.blitz.app] => C:\Users\noeln\AppData\Local\Programs\Blitz\Blitz.exe [0 2022-08-28] () <==== ATTENTION [zéro octet Fichier/Dossier]
cmd: sfc /scannow
emptytemp:
end::