Fondue.exe

  • File Path: C:\Windows\system32\Fondue.exe
  • Description: Windows Features on Demand UX

Screenshot

Fondue.exe

Hashes

Type Hash
MD5 EEE0F4A169799F00BAD87C7D0834E348
SHA1 32739C7A48F6EC534BD4A371D1838246BCCCA114
SHA256 E86B8997664E14FB6D0972D1E9D394A99AFE9E877A7911CBE7A0E575EF04791E
SHA384 E3FC368FAB4C8648530E0272D4B3D8040394DED57674CF5ADEA18147B2E61016C790AB6092F3B0D921A962B7B34D9625
SHA512 691923223EE63DFE76E42342EC02FA385D358E328A53964FEC60BFE6B6CB4C1175BFF2AAE3FBDD66C82F0C3B77965C368E0258AB56FE73692A5C77AF73F29EA1
SSDEEP 3072:SyQQtGibEaznWfH22ZsuX2xKwMPTnaSrIrvD2:SyHG0znWjZnXeKwMLnaqY
IMP E8309E14FD0CD5D0959FCC7F5E47D546
PESHA1 4FCA7FAFE331AED4789633D5EA018B4DD0376FC2
PE256 F7AA832D64AE5609C5D6EE347F2BB8CAF3D91D1A3F5153EA46E81CFA39B36811

Runtime Data

Window Title:

Windows Features

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\System32\en-US\appwiz.cpl.mui File
(R-D) C:\Windows\System32\en-US\Fondue.exe.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567 File
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\System32\advapi32.dll
C:\Windows\system32\APPWIZ.CPL
C:\Windows\System32\bcrypt.dll
C:\Windows\System32\bcryptPrimitives.dll
C:\Windows\System32\cfgmgr32.dll
C:\Windows\System32\combase.dll
C:\Windows\System32\CRYPT32.dll
C:\Windows\System32\cryptsp.dll
C:\Windows\system32\DUser.dll
C:\Windows\system32\dwmapi.dll
C:\Windows\system32\Fondue.exe
C:\Windows\System32\GDI32.dll
C:\Windows\System32\gdi32full.dll
C:\Windows\System32\IMM32.DLL
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\KERNEL32.DLL
C:\Windows\System32\KERNELBASE.dll
C:\Windows\System32\MSASN1.dll
C:\Windows\System32\MSCTF.dll
C:\Windows\system32\msi.dll
C:\Windows\System32\msvcp_win.dll
C:\Windows\System32\msvcrt.dll
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\ole32.dll
C:\Windows\System32\OLEAUT32.dll
C:\Windows\system32\osbaseln.dll
C:\Windows\System32\powrprof.dll
C:\Windows\System32\profapi.dll
C:\Windows\system32\PROPSYS.dll
C:\Windows\System32\RPCRT4.dll
C:\Windows\System32\sechost.dll
C:\Windows\System32\SHCORE.dll
C:\Windows\System32\SHELL32.dll
C:\Windows\System32\shlwapi.dll
C:\Windows\System32\ucrtbase.dll
C:\Windows\System32\USER32.dll
C:\Windows\system32\uxtheme.dll
C:\Windows\System32\win32u.dll
C:\Windows\System32\windows.storage.dll
C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567\comctl32.dll

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Fondue.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.1 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 64-bit

File Scan

  • VirusTotal Detections: 0/70
  • VirusTotal Link: https://www.virustotal.com/gui/file/e86b8997664e14fb6d0972d1e9d394a99afe9e877a7911cbe7a0e575ef04791e/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\Fondue.exe 85
C:\windows\system32\Fondue.exe 85
C:\WINDOWS\system32\Fondue.exe 86
C:\WINDOWS\system32\Fondue.exe 77
C:\Windows\system32\Fondue.exe 80
C:\WINDOWS\system32\OptionalFeatures.exe 83
C:\Windows\system32\OptionalFeatures.exe 85
C:\Windows\system32\OptionalFeatures.exe 83
C:\WINDOWS\system32\OptionalFeatures.exe 85
C:\Windows\system32\OptionalFeatures.exe 82
C:\Windows\SysWOW64\Fondue.exe 86
C:\WINDOWS\SysWOW64\Fondue.exe 85
C:\windows\SysWOW64\Fondue.exe 85
C:\WINDOWS\SysWOW64\Fondue.exe 77
C:\Windows\SysWOW64\Fondue.exe 85
C:\Windows\SysWOW64\Fondue.exe 83

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.


fondue

Applies to: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

Enables Windows optional features by downloading required files from Windows Update or another source specified by Group Policy. The manifest file for the feature must already be installed in your Windows image.

Syntax

fondue.exe /enable-feature:<feature_name> [/caller-name:<program_name>] [/hide-ux:{all | rebootrequest}]

Parameters

Parameter Description
/enable-feature:<feature_name> Specifies the name of the Windows optional feature you want to enable. You can only enable one feature per command line. To enable multiple features, use fondue.exe for each feature.
/caller-name:<program_name> Specifies the program or process name when you call fondue.exe from a script or batch file. You can use this option to add the program name to the SQM report if there is an error.
/hide-ux:{all | rebootrequest} Use all to hide all messages to the user including progress and permission requests to access Windows Update. If permission is required, the operation will fail.<p>Use rebootrequest to only hide user messages asking for permission to reboot the computer. Use this option if you have a script that controls reboot requests.

Examples

To enable Microsoft .NET Framework 4.8, type:

fondue.exe /enable-feature:NETFX4

To enable Microsoft .NET Framework 4.8, add the program name to the SQM report, and not display messages to the user, type:

fondue.exe /enable-feature:NETFX4 /caller-name:Admin.bat /hide-ux:all

Additional References


MIT License. Copyright (c) 2020-2021 Strontic.