ScriptRunner.exe

• File Path: C:\WINDOWS\system32\ScriptRunner.exe
• Description:

Hashes

Type	Hash
MD5	C024FF9A88E26EEB26A1A942260489BC
SHA1	0190BAD268F28BBDC5B27BB952A98E70184FE569
SHA256	973A32DD7CC4FAE82A5A5A86F61D3CC5BF8C8C8D4B3C9D0ACC392398780E33DC
SHA384	0DCC0898520322B38FE36F6C258044515094C5FBCC0DAB8187CF5F691A1C09101687C0A1501B71BE1ACBDDE2832ACB1F
SHA512	2FE2BA7A3BB5C8EE0F9A717CE4980E921D9A849F54BACEB9A9586984613B5EF46BC4F53C05CC23224ABD72F078DE44C13B4A2CDCD0D05B803BA72F3A2536B972
SSDEEP	384:u9zXIqagu/0Ei6wmsWl5wWJSD1IDBRJtA02l9n1k:CzdG/0T32GI1Pb

Runtime Data

Usage (stdout):

Invalid argument specified: /h
Usage:
ScriptRunner.exe
-appvscript scriptFileName [Arguments] [-appvscriptrunnerparameters [-wait] [-timeout=<TimeInSeconds>] [-rollbackonerror]] 
-appvscript scriptFileName [Arguments] [-appvscriptrunnerparameters [-wait] [-timeout=<TimeInSeconds>] [-rollbackonerror]] 
...
Default values for -appvscriptrunnerparameters: No wait, No timeout, No rollback on error
Every parameter must be separated by a unicode space character (U+0020)
Example:
ScriptRunner.exe -appvscript foo.cmd arg1 arg2 -appvscriptrunnerparameters -wait -timeout=30 -rollbackonerror -appvscript foobar.exe arg1 arg2
Error: Invalid argument specified

Signature

• Status: Signature verified.
• Serial: 330000023241FB59996DCC4DFF000000000232
• Thumbprint: FF82BC38E1DA5E596DF374C53E3617F7EDA36B06
• Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
• Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

• Original Filename: ScriptRunner.exe
• Product Name: Microsoft (R) Windows (R) Operating System
• Company Name: Microsoft Corporation
• File Version: 10.0.18362.815
• Product Version: 10.0.18362.815
• Language: Language Neutral
• Legal Copyright: Copyright (c) Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File	Score
C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe	33
C:\Windows\system32\69fe178f-26e7-43a9-aa7d-2b616b672dde_eventlogservice.dll	40
C:\Windows\system32\AppVClientPS.dll	29
C:\Windows\system32\AppVSentinel.dll	40
C:\Windows\system32\AppVTerminator.dll	36
C:\Windows\system32\avrt.dll	33
C:\Windows\system32\backgroundTaskHost.exe	32
C:\Windows\system32\bootstr.dll	41
C:\Windows\system32\BOOTVID.DLL	33
C:\Windows\system32\computelibeventlog.dll	38
C:\Windows\system32\DefaultDeviceManager.dll	35
C:\Windows\system32\DeviceCensus.exe	25
C:\WINDOWS\system32\DeviceCensus.exe	29
C:\Windows\system32\dllhost.exe	36
C:\Windows\system32\downlevel\api-ms-win-base-util-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-com-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-comm-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-console-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-datetime-l1-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-debug-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-delayload-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-fibers-l1-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-file-l1-2-1.dll	36
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-core-file-l2-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-handle-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-heap-l1-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-io-l1-1-1.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	40
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-localization-l1-2-1.dll	36
C:\Windows\system32\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-core-memory-l1-1-2.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-core-profile-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-realtime-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-registry-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-registry-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	43
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-string-l1-1-0.dll	38
C:\Windows\system32\downlevel\API-MS-Win-core-string-l2-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	35
C:\Windows\system32\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-synch-l1-2-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-timezone-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-url-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-core-util-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-version-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-core-wow64-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-core-xstate-l1-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-conio-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-convert-l1-1-0.dll	41
C:\Windows\system32\downlevel\api-ms-win-crt-environment-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	44
C:\Windows\system32\downlevel\api-ms-win-crt-heap-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-crt-locale-l1-1-0.dll	40
C:\Windows\system32\downlevel\api-ms-win-crt-math-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-crt-process-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-string-l1-1-0.dll	30
C:\Windows\system32\downlevel\api-ms-win-crt-time-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-crt-utility-l1-1-0.dll	32
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-0.dll	33
C:\Windows\system32\downlevel\API-MS-Win-devices-config-L1-1-1.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	41
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	35
C:\Windows\system32\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	32
C:\Windows\system32\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-security-base-l1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	43
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	36
C:\Windows\system32\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	40
C:\Windows\system32\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	32
C:\Windows\system32\downlevel\API-MS-Win-security-provider-L1-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-security-sddl-l1-1-0.dll	33
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-core-l1-1-1.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-management-l1-1-0.dll	35
C:\Windows\system32\downlevel\api-ms-win-service-management-l2-1-0.dll	32
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-0.dll	36
C:\Windows\system32\downlevel\api-ms-win-service-private-l1-1-1.dll	40
C:\Windows\system32\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	38
C:\Windows\system32\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	35
C:\Windows\system32\drivers\UMDF\SDFLauncher.dll	33
C:\Windows\system32\DriverStore\FileRepository\sdflauncher.inf_amd64_1ea082c6cf8f6982\SDFLauncher.dll	33
C:\Windows\system32\dsrole.dll	35
C:\Windows\system32\IME\IMETC\IMTCTRLN.DLL	29
C:\Windows\system32\IME\SHARED\IMEDICAPICCPS.DLL	36
C:\Windows\system32\IME\SHARED\IMESEARCHPS.DLL	36
C:\Windows\system32\kd.dll	41
C:\Windows\system32\kd_02_1af4.dll	36
C:\Windows\system32\kd_07_1415.dll	32
C:\Windows\system32\kdnet_uart16550.dll	40
C:\Windows\system32\kdstub.dll	32
C:\Windows\system32\ksuser.dll	38
C:\Windows\system32\microsoft-windows-battery-events.dll	30
C:\Windows\system32\microsoft-windows-hal-events.dll	32
C:\Windows\system32\microsoft-windows-sleepstudy-events.dll	35
C:\Windows\system32\msdmo.dll	32
C:\Windows\system32\NDKPing.exe	33
C:\Windows\system32\oobe\FirstLogonAnim.exe	33
C:\Windows\system32\pcwum.dll	27
C:\Windows\system32\prproc.exe	36
C:\Windows\system32\psapi.dll	36
C:\Windows\system32\ResetEngine.exe	35
C:\WINDOWS\system32\ResetEngine.exe	41
C:\Windows\system32\ScriptRunner.exe	58
C:\WINDOWS\system32\ScriptRunner.exe	47
C:\Windows\system32\ScriptRunner.exe	57
C:\Windows\system32\ScriptRunner.exe	57
C:\Windows\system32\ScriptRunner.exe	47
C:\Windows\system32\ScriptRunner.exe	54
C:\Windows\system32\setupetw.dll	30
C:\Windows\system32\sfc.dll	44
C:\Windows\system32\SlideToShutDown.exe	36
C:\Windows\system32\smphost.dll	25
C:\Windows\system32\spwizres.dll	40
C:\Windows\system32\streamci.dll	33
C:\Windows\system32\ttdloader.dll	30
C:\Windows\system32\UtilityVmSysprep.dll	33
C:\Windows\system32\uxlibres.dll	35
C:\Windows\system32\VmApplicationHealthMonitorProxy.dll	40
C:\Windows\system32\wbem\Microsoft.AppV.AppVClientWmi.dll	25
C:\Windows\system32\winnsi.dll	25
C:\Windows\system32\wshhyperv.dll	36
C:\Windows\system32\wshunix.dll	32
C:\Windows\system32\wuauclt.exe	32
C:\Windows\SysWOW64\AppVClientPS.dll	32
C:\Windows\SysWOW64\AppVSentinel.dll	33
C:\Windows\SysWOW64\AppVTerminator.dll	25
C:\Windows\SysWOW64\avrt.dll	36
C:\Windows\SysWOW64\backgroundTaskHost.exe	35
C:\Windows\SysWOW64\BOOTVID.DLL	35
C:\Windows\SysWOW64\CameraSettingsUIHost.exe	29
C:\Windows\SysWOW64\DefaultDeviceManager.dll	35
C:\Windows\SysWOW64\dllhost.exe	32
C:\Windows\SysWOW64\downlevel\api-ms-win-base-util-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-com-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-comm-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-console-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-datetime-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-debug-l1-1-1.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-delayload-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-errorhandling-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-fibers-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-file-l1-2-1.dll	43
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-0.dll	46
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-file-l2-1-1.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-handle-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-heap-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-core-interlocked-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-io-l1-1-1.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-kernel32-legacy-l1-1-1.dll	32
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-libraryloader-l1-1-1.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-localization-l1-2-1.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-localization-obsolete-l1-2-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-memory-l1-1-2.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-namedpipe-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-privateprofile-l1-1-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processenvironment-l1-2-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-1.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processthreads-l1-1-2.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-processtopology-obsolete-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-profile-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-realtime-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-registry-l2-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-rtlsupport-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-legacy-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-core-shutdown-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringansi-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-string-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-l2-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-stringloader-l1-1-1.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-string-obsolete-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-synch-l1-2-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-core-sysinfo-l1-2-1.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-l1-2-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-legacy-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-threadpool-private-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-timezone-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-url-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-util-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-core-version-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-core-wow64-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-core-xstate-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-core-xstate-l2-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-conio-l1-1-0.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-convert-l1-1-0.dll	44
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-environment-l1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-filesystem-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-heap-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-locale-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-math-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-multibyte-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-process-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-runtime-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-stdio-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-string-l1-1-0.dll	29
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-time-l1-1-0.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-crt-utility-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-devices-config-L1-1-1.dll	40
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll	32
C:\Windows\SysWOW64\downlevel\api-ms-win-eventing-consumer-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Controller-L1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Legacy-L1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Eventing-Provider-L1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-EventLog-Legacy-L1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-security-base-l1-1-0.dll	33
C:\Windows\SysWOW64\downlevel\api-ms-win-security-cryptoapi-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-Security-Lsalookup-L2-1-1.dll	35
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-lsapolicy-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\API-MS-Win-security-provider-L1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-security-sddl-l1-1-0.dll	35
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-service-core-l1-1-1.dll	43
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l1-1-0.dll	36
C:\Windows\SysWOW64\downlevel\api-ms-win-service-management-l2-1-0.dll	41
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-service-private-l1-1-1.dll	40
C:\Windows\SysWOW64\downlevel\api-ms-win-service-winsvc-l1-1-0.dll	38
C:\Windows\SysWOW64\downlevel\api-ms-win-shcore-stream-l1-1-0.dll	43
C:\Windows\SysWOW64\dsrole.dll	30
C:\Windows\SysWOW64\fltLib.dll	36
C:\Windows\SysWOW64\IME\IMETC\IMTCTRLN.DLL	33
C:\Windows\SysWOW64\IME\SHARED\imecfmps.dll	35
C:\Windows\SysWOW64\IME\SHARED\IMEDICAPICCPS.DLL	32
C:\Windows\SysWOW64\IME\SHARED\IMESEARCHPS.DLL	32
C:\Windows\SysWOW64\ksuser.dll	33
C:\Windows\SysWOW64\LocationFrameworkPS.dll	40
C:\Windows\SysWOW64\pcwum.dll	29
C:\Windows\SysWOW64\psapi.dll	38
C:\Windows\SysWOW64\sfc.dll	36
C:\Windows\SysWOW64\smphost.dll	29
C:\Windows\SysWOW64\ttdloader.dll	35
C:\Windows\SysWOW64\uxlibres.dll	35
C:\Windows\SysWOW64\wbem\Microsoft.AppV.AppVClientWmi.dll	24
C:\Windows\SysWOW64\winnsi.dll	32
C:\Windows\SysWOW64\wshhyperv.dll	38
C:\Windows\SysWOW64\wshunix.dll	38

Possible Misuse

The following table contains possible examples of ScriptRunner.exe being misused. While ScriptRunner.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	file_event_win_win_shell_write_susp_directory.yml	- '\scriptrunner.exe'	DRL 1.0
sigma	image_load_suspicious_dbghelp_dbgcore_load.yml	- '\scriptrunner.exe'	DRL 1.0
sigma	proc_creation_win_office_shell.yml	- '\scriptrunner.exe'	DRL 1.0
sigma	proc_creation_win_outlook_shell.yml	- '\scriptrunner.exe'	DRL 1.0
sigma	proc_creation_win_susp_servu_process_pattern.yml	- '\scriptrunner.exe'	DRL 1.0
sigma	proc_creation_win_susp_shell_spawn_by_java.yml	- '\scriptrunner.exe'	DRL 1.0
sigma	proc_creation_win_susp_shell_spawn_by_java_keytool.yml	- '\scriptrunner.exe'	DRL 1.0
LOLBAS	Scriptrunner.yml	Name: Scriptrunner.exe
LOLBAS	Scriptrunner.yml	- Command: Scriptrunner.exe -appvscript calc.exe
LOLBAS	Scriptrunner.yml	- Command: ScriptRunner.exe -appvscript "\\fileserver\calc.cmd"
LOLBAS	Scriptrunner.yml	- Path: C:\Windows\System32\scriptrunner.exe
LOLBAS	Scriptrunner.yml	- Path: C:\Windows\SysWOW64\scriptrunner.exe
LOLBAS	Scriptrunner.yml	- IOC: Scriptrunner.exe should not be in use unless App-v is deployed

MIT License. Copyright (c) 2020-2021 Strontic.