start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
C:\Program Files\ESET\ESET Security
Edge NewTab: Profile 1 -> "active": true,
Edge Extension: (New Tab Changer) - C:\Users\epiat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dlbnebcbaeajdpekcdhmcgdhoodcjpeg
Edge Extension: (New Tab Changer) - C:\Users\epiat\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\occbjkhimchkolibngmcefpjlbknggfh
Edge Extension: (Custom New Tab) - C:\Users\epiat\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\onagfgjlokaciajhjmajljcfanonbmia
CHR HKU\S-1-5-21-876317693-1122689090-4124064570-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
2022-06-07 11:43 - 2022-06-07 11:43 - 000000369 _____ () C:\Users\epiat\AppData\Roaming\SaraBat.bat
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
end::