windowsdesktop-runtime.exe

  • File Path: C:\Users\user\AppData\Local\Temp\windowsdesktop-runtime.exe
  • Description: Microsoft Windows Desktop Runtime - 3.1.6 (x64)

Hashes

Type Hash
MD5 5123CAF3B8355A4F278C3B08AFB23090
SHA1 63B4DE61FD5D62829C636534D02B2846DD97B845
SHA256 75F80882ADE213B5D75AB4E003CFEAAFE93D4F377A5D7A76077BB82728BCBA58
SHA384 50D1ADA240631D4F8B3077DFC6313437F5475112DD62B5DD0354ECA24C3B4D2EF40287C9767C21D0C11776AE30119B73
SHA512 6B413E1A434339E084FC2E194A59251ACF144FA5351998F505261B4459664FFC611447BF476FBF29624FBD346427B9044C53D301DA99D63C6ED2EE6651AD4D4D
SSDEEP 1572864:Oo0odQiv4fn/Sd6TP2+u57+JDw1YVVk5osdR8Y:Oo0oanTP2+6+meVkSsdh
IMP 1A5CDBF711FEE14B077E599D13FDDAB2
PESHA1 922A00527FA8AE75ABCD66D81A5AC17079ADC22A
PE256 7786A9A8E621737D02EFC0A2AEBB2DE8C73E381C01206471B8ECCDC4A6FF9855

Runtime Data

Child Processes:

windowsdesktop-runtime.exe

Open Handles:

Path Type
(R-D) C:\Users\user\AppData\Local\Temp\windowsdesktop-runtime.exe File
(R-D) C:\Windows\System32\en-US\KernelBase.dll.mui File
(R-D) C:\Windows\Temp{F8C9A86D-7869-43C9-9F6E-206A2062826F}.cr\windowsdesktop-runtime.exe File
(RW-) C:\Windows File
(RW-) C:\xCyclopedia File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\1\BaseNamedObjects\windows_shell_global_counters Section

Loaded Modules:

Path
C:\Users\user\AppData\Local\Temp\windowsdesktop-runtime.exe
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll

Signature

  • Status: Signature verified.
  • Serial: 3300000187721772155940C709000000000187
  • Thumbprint: 2485A7AFA98E178CB8F30C9838346B514AEA4769
  • Issuer: CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: windowsdesktop-runtime-3.1.6-win-x64.exe
  • Product Name: Microsoft Windows Desktop Runtime - 3.1.6 (x64)
  • Company Name: Microsoft Corporation
  • File Version: 3.1.6.29016
  • Product Version: 3.1.6.29016
  • Language: English (United States)
  • Legal Copyright: Copyright (c) Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/67
  • VirusTotal Link: https://www.virustotal.com/gui/file/75f80882ade213b5d75ab4e003cfeaafe93d4f377a5d7a76077bb82728bcba58/detection/

Possible Misuse

The following table contains possible examples of windowsdesktop-runtime.exe being misused. While windowsdesktop-runtime.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma registry_event_asep_reg_keys_modification_wow6432node.yml Image\|contains: '\windowsdesktop-runtime-' DRL 1.0
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - '"C:\ProgramData\Package Cache\{7037b699-7382-448c-89a7-4765961d2537}\windowsdesktop-runtime-' DRL 1.0
sigma registry_event_asep_reg_keys_modification_wow6432node.yml - '"C:\ProgramData\Package Cache\{e2d1ae32-dd1d-4ad7-a298-10e42e7840fc}\windowsdesktop-runtime-' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.