A binary in Windows 10 can help attackers download malware on a compromised system without raising the alarm. The binary is part of the Personalization CSP (configuration service provider) that allows, among others, defining the lock screen and desktop background images. The setting accepts JPG, JPEG, PNG files that are stored locally or remotely (supports HTTP/S URLs) Researchers from SentinelOne discovered that “desktopimgdownldr.exe”” can also serve as a LoLBin.”
Source: https://www.bleepingcomputer.com/news/security/windows-10-background-image-tool-can-be-abused-to-download-malware/