• File Path: C:\WINDOWS\system32\Spectrum.exe
  • Description: Windows Perception Service


Type Hash
MD5 7F3921BA41FB025FD9285D795419B854
SHA1 6E75023398CE3D78CCE90DC2D7D14B52F3DD3ED2
SHA256 000D624C339F3ECF346B9266702954AAA5EB038F68242CD5F8AB7ECF1090F032
SHA384 A8516B7B6FA968F197F6D5500F760C28315052CC0266EA6AB496D77CEB520590E39C205033927E8BAE313EB4E8068DF2
SHA512 A24D98E9DC789F75050A7F32333311D8BF6966918AF319C28B7B944F1E660B9657FF66C6861BC0DB441A1603A045CCFB9A4E776EF74A8E86E84534832C0449AD
SSDEEP 12288:K8l9bs0ViIuM9MTGqNvDlXYimWyvvGmUidXSyIq37OzW4fz:K8ZViZM9MTGqNvZT/yveodXSyIsqzWQ

Runtime Data

Usage (stdout):

Unrecognized parameter: -help
 /debug             to run the service executable in debug mode
 /safemode          to set up the service to run in safe mode
 /safemode:off      to disable safe mode if enabled


  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: Spectrum.exe.mui
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.18362.1 (WinBuild.160101.0800)
  • Product Version: 10.0.18362.1
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of Spectrum.exe being misused. While Spectrum.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
atomic-red-team Atomic_Friday.md - https://posts.specterops.io/detection-spectrum-198a0bfb9302 MIT License. © 2018 Red Canary
atomic-red-team index.md testing their defenses against a broad spectrum of attacks. MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.