integrator.exe
- File Path:
C:\ProgramData\Microsoft\ClickToRun\{00000000-0000-0000-0000-000000000000}\integrator.exe - Description: Microsoft Office Click-to-Run Integrator
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 1D765330D26A45797F10EA5DA20B88F7 |
| SHA1 | CA7F8CF6623474C10BF1F58D8CA1AAB7BC1254AE |
| SHA256 | 93C30776CC96BF9155EAD76401BE400FDFD6E66B8E22ABEACECFE4753D5F70EE |
| SHA384 | 75C83742227AB16E9369BF6CD31C538AF00B463F357EB6679FB618522D2B1A4A521DDB016BC0BD27447568FD6304AF57 |
| SHA512 | 0996D76CB87A90E899E9C4425464DABA0E8D8E82435EAB05ACBDE1CA25FEB5ED8A664979290F570E541782C961B56FE704258985BEC79D3089998CBBB56E9526 |
| SSDEEP | 98304:wyvDOBT9EY0hSrpOUKWXGyUg+jeqkZovgWvYFKUfo9AbfrMxLV:wFR0KpOUKveZofvYk |
Runtime Data
Usage (stdout):
Usage:
Integrator.exe [/I | /U | /R | /T] [/Extension /Msi /License] [/Global | /User] [/C2R | /AppV] PackageGUID={GUID} PackageRoot=<Path> <name>=<value>
Modes:
/I - Publish
/U - Unpublish
/R - Repair
/T - Test
Actions:
/Extension - Custom Extensions
/Msi - Msi
/License - License
Scopes:
/Global - Global publishing (Default)
/User - User mode publishing
Scenario:
/C2R - Click-To-Run (Default)
/AppV - Click-To-Run through App-V
Properties:
PackageGUID={GUID} - Package GUID
PackageRoot=<Path> - Package Root
MsiName=<Msi1>,<Msi2> - Comma seperated list of Msi Names
<name>=<value> - additional list of name value pairs
/? - Help
Signature
- Status: Signature verified.
- Serial:
33000002CE7C9ACE7D905ED2B70000000002CE - Thumbprint:
B10607FB914700B40F794610850C1DE0A21566C1 - Issuer: CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: Integrator.exe
- Product Name: Microsoft Office
- Company Name: Microsoft Corporation
- File Version: 16.0.12730.20144
- Product Version: 16.0.12730.20144
- Language: Language Neutral
- Legal Copyright:
Possible Misuse
The following table contains possible examples of integrator.exe being misused. While integrator.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | registry_event_asep_reg_keys_modification_common.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_currentversion.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_currentversion_nt.yml | - 'C:\Program Files\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_currentversion_nt.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_wow6432node.yml | - 'C:\Program Files\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_asep_reg_keys_modification_wow6432node.yml | - 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_office_vsto_persistence.yml | - '\integrator.exe' |
DRL 1.0 |
| sigma | registry_event_removal_com_hijacking_registry_key.yml | Image: 'C:\Program Files (x86)\Microsoft Office\root\integration\integrator.exe' |
DRL 1.0 |
MIT License. Copyright (c) 2020-2021 Strontic.