Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
VirusTotal MD5 results for %windir%
MD5: ad61f7afe913b2642650504df283aa63
Path(s):
./winsxs/wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7/dnscacheugc.exe
Detection details:
AegisLab - W32.Expiro
MD5: fcf5c8bb9afd8d15b324b702f9b186b7
Path(s):
./System32/ieetwcollector.exe
./winsxs/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17239_none_a584352617c3f1bb/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: bb88d7bf8b6d3fad2459a6e70105228a
Path(s):
./winsxs/amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.17610_none_1d10224d57ce5c5e/rebuildSearchIndex.exe
Detection details:
AegisLab - Win64.Expiro
MD5: e3406f3104957c4967826e7c06ff77fd
Path(s):
./Installer/{236BB7C4-4419-42FD-0409-1E257A25E34D}/NewShortcut1_236BB7C4441942FD04091E257A25E34D.exe
Detection details:
TheHacker - W32/Leave.gu
MD5: ea6eadf6314e43783ba8eee79f93f73c
Path(s):
./winsxs/wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7600.16385_none_352647b674b9e378/sidebar.exe
Detection details:
ByteHero - Trojan.Win32.Heur.098
MD5: 46b8be4f4ba4d853c6825956d98021e2
Path(s):
./winsxs/amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_2ac406171fe62477/fsutil.exe
Detection details:
AegisLab - Win64.Expiro
MD5: bfd3178735d97c858ffa467f8199700c
Path(s):
./SoftwareDistribution/Download/e0e3274808cbc64c021ffcb005720a65/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17126_none_a58e492017bc6f90/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 19340d1fba1a2a3c96f1a2c84a9ec415
Path(s):
./System32/Speech/SpeechUX/SpeechUXTutorial.exe
./winsxs/amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7600.16385_none_77fee1b2657da663/SpeechUXTutorial.exe
./winsxs/amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd/SpeechUXTutorial.exe
Detection details:
Bkav - HW64.packed.8090
MD5: 8daacebf0e55cfb82b01fc450576be5a
Path(s):
./System32/IME/IMEJP10/imjpuexc.exe
./winsxs/amd64_microsoft-windows-d..andlinepropertytool_31bf3856ad364e35_6.1.7601.17514_none_696354579779eadf/imjpuexc.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 2830c1fca1da002a498eca5dbb0679ae
Path(s):
./winsxs/amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7/showmount.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 6e570050e6cf5d6f6dc1c1eef9bb3949
Path(s):
./System32/DriverStore/FileRepository/c7118908.inf_amd64_neutral_8dc4ff304e4afff6/B117547/atiapfxx.exe
Detection details:
Bkav - W32.Clod5f7.Trojan.f044
MD5: e78910d78ca05c06ed6455d401999402
Path(s):
./winsxs/amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7600.20904_none_a0117c29336d4534/prevhost.exe
Detection details:
Bkav - HW64.packed.84DC
MD5: 2bf84985de59544a0460bb33f804da3a
Path(s):
./SysWOW64/ReAgentc.exe
./winsxs/x86_microsoft-windows-winre-recoverytools_31bf3856ad364e35_6.1.7601.17514_none_d7553e5fcf6b6373/ReAgentc.exe
Detection details:
AegisLab - W32.Virut
MD5: 37c7c89b03f9d39629eda545a1645d68
Path(s):
./SoftwareDistribution/Download/9b1fd27f7aca994956425ec72072da60/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.18539_none_735ca6b7203d6b5a/tzupd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 04ff24d66412fc1072f8d0b7cb83bcf5
Path(s):
./winsxs/wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.22252_none_b6b33b7d8557de1f/mstsc.exe
Detection details:
AegisLab - W32.Expiro
MD5: 334c44bf74df6af20a45a4477d995dbc
Path(s):
./Installer/{B74D4E10-1033-0000-0000-000000000001}/AdobeBridge_B74D4E10103300000000000000000001_1.exe
./Installer/{B74D4E10-1033-0000-0000-000000000001}/BridgeCommonShortcut_B74D4E101033000000000001_1.exe
Detection details:
TheHacker - W32/Leave.gu
MD5: bc3beeeeb1ada8687738d057ceed6f1c
Path(s):
./winsxs/amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d/appcmd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: db4ffb795611eb2d8ab55d5fc047ce32
Path(s):
./winsxs/amd64_microsoft-windows-g..ewowregisteredowner_31bf3856ad364e35_6.1.7601.17671_none_e3b3f68bbb72a87b/UpdateWowRegisteredOwner.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 3afa03119583647136c49b80dad38f19
Path(s):
./winsxs/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.16428_none_a56da9e617d4f97e/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 2145f324edfed2498adef6a0e2290ec2
Path(s):
./winsxs/x86_microsoft-windows-ie-pdm-configuration_31bf3856ad364e35_11.2.9600.16428_none_d6876629731ce419/PDMSetup.exe
Detection details:
AegisLab - W32.Virut
MD5: 1a42ea6484e6e1a773c2fd09e976e774
Path(s):
./winsxs/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17514_none_736d5be520319b24/tzupd.exe
./winsxs/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.22156_none_73cd994e396e053e/tzupd.exe
./winsxs/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.22508_none_7405b1163943a0d3/tzupd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 199d8ecb6748b2b866cba52a8d092034
Path(s):
./winsxs/x86_microsoft-windows-s..ative-serverbox-isv_31bf3856ad364e35_6.1.7601.17514_none_f71e39745cb0f950/RMActivate_ssp_isv.exe
Detection details:
AegisLab - W32.Expiro
MD5: a3a132cbe48af0324466469f2caae8a2
Path(s):
./winsxs/amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.2.9600.17041_none_a59b8b8817b20628/ieetwcollector.exe
Detection details:
AegisLab - Win64.Expiro
MD5: a236b1646e96ab06be0f8d592b6d9a0d
Path(s):
./System32/OxpsConverter.exe
./winsxs/amd64_oxpsconverter_31bf3856ad364e35_6.1.7601.17933_none_0804e1f7c5c64bf1/OxpsConverter.exe
Detection details:
K7GW - Trojan ( 700001171 )
MD5: b2120b16b3e221b4d3342e87867a5163
Path(s):
./winsxs/x86_microsoft-windows-s..or-native-serverbox_31bf3856ad364e35_6.1.7601.17514_none_71c62979c253e895/RMActivate_ssp.exe
Detection details:
AegisLab - W32.Expiro
MD5: d5a8dbf87c5e9ab71075a7ff16c1e719
Path(s):
./winsxs/amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f/PkgMgr.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 4e1073b674746eea0b2ea0f4775ea6a4
Path(s):
./winsxs/amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_7df14b591094e7ec/TsUsbRedirectionGroupPolicyControl.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 25c460925c98446a96eedd3029e3e246
Path(s):
./winsxs/amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.21663_none_a1b5f77730c54248/prevhost.exe
Detection details:
Bkav - HW64.packed.E463
MD5: 5b96f9bebf4de1722b9d4646305222dc
Path(s):
./winsxs/x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.22530_none_ebc92b07671d5e00/RMActivate_isv.exe
Detection details:
AegisLab - W32.Virut
MD5: 916cec665a9879deb15bbdd943b7350b
Path(s):
./SoftwareDistribution/Download/a1c89802275d7f027da0a0bd82ca400b/amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.18588_none_732596d12066ddb8/tzupd.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 9c64d5c8a624f506c87e7a4a8682a322
Path(s):
./winsxs/amd64_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7600.16762_none_9f44fd5c1a821d3b/prevhost.exe
Detection details:
Bkav - HW64.packed.A128
MD5: e01d2ac63453534db8ad1ea97dee9c3a
Path(s):
./SysWOW64/RMActivate_isv.exe
./winsxs/x86_microsoft-windows-s..native-whitebox-isv_31bf3856ad364e35_6.1.7601.18332_none_eb418cea4dfdf3bd/RMActivate_isv.exe
Detection details:
AegisLab - W32.Virut
MD5: dc0b0581268858f95766139a394426e7
Path(s):
./winsxs/amd64_microsoft-windows-g..validatefntcache-03_31bf3856ad364e35_6.1.7601.17888_none_a6ac762931614073/invalidateFntcache.exe
Detection details:
AegisLab - Win64.Expiro
MD5: f642e79073c719e0bf2f500b84236944
Path(s):
./Installer/{E9787678-1033-0000-8E67-000000000001}/AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
./Installer/{E9787678-1033-0000-8E67-000000000001}/ProgramMenuShortcut_E9787678103300008E670000000001_1.exe
Detection details:
TheHacker - W32/Leave.gu
MD5: 725d0cd0bc104b47b1975319712e280b
Path(s):
./winsxs/amd64_microsoft-windows-g..validatefntcache-02_31bf3856ad364e35_6.1.7601.17621_none_a6f11fcb312ed12d/invalidateFntcache.exe
Detection details:
AegisLab - Win64.Expiro
MD5: 3cced287ec7df84cec633a9a4e03dd62
Path(s):
./winsxs/amd64_microsoft-windows-g..ebuild-search-index_31bf3856ad364e35_6.1.7601.21720_none_1d8eef2c70f41819/rebuildSearchIndex.exe
Detection details:
AegisLab - Win64.Expiro
MD5: a45092e6f09f68118b27e31bc0b2c014
Path(s):
./winsxs/amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.5.7601.17514_none_af500e3c7fc49bc4/wuapp.exe
Detection details:
AegisLab - Win64.Expiro
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.