» getwindows10-sds_____________.exe
Overview
Analysis
File Details
Programs (1)
Downloads (223)

getwindows10-sds_____________.exe

GWX WEB WINDOWS

Microsoft Corporation

This is a setup program which is used to install the application. This is installed with Windows 10 Upgrade Assistant. The file has been seen being downloaded from doc-0c-68-docs.googleusercontent.com and multiple other hosts.

File name:

getwindows10-sds_____________.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft® Windows® Operating System

Description:

GWX WEB WINDOWS

Version:

6.3.9600.18124 (winblue_ltsb.151109-1247)

MD5:

35d60fd322b1a61aae7adf909b6c0b26

SHA-1:

15ff049e49e8b8b0c27ad57e00abdfd68100ee37

SHA-256:

38c68871831e8b88b2b7165640a2adc90c0b3eeea5f1cfdd4cb441817f64bd9a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/27/2024 1:56:22 AM UTC (today)

File size:

7.3 MB (7,635,472 bytes)

Product version:

6.3.9600.18124

Original file name:

GWXWebWindows.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\getwindows10-sds_____________.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

6/4/2015 10:42:45 AM

Valid to:

9/4/2016 10:42:45 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000010A2C79AED7797BA6AC00010000010A

File PE Metadata

Compilation timestamp:

11/9/2015 3:36:53 PM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

196608:TNwhFDBWruQBvSihWZoeT9PCjTiDYV10NGvb2NqHodyWzYq5SZX3FBwv:T8FDEi6Kiha9qjq81gGKNqHoohmmXVB

Entry address:

0x89F0

Entry point:

E8, 73, 05, 00, 00, E9, AE, FD, FF, FF, CC, CC, CC, CC, CC, CC, 3B, 0D, 04, A0, 40, 00, 75, 03, C2, 00, 00, E9, F0, 00, 00, 00, CC, CC, CC, CC, CC, 6A, 18, 68, 78, 94, 40, 00, E8, 1B, 06, 00, 00, 83, 65, D8, 00, A1, F4, A3, 40, 00, 89, 45, E0, 83, F8, FF, 75, 16, FF, 75, 08, 8B, 35, 78, B1, 40, 00, 8B, CE, FF, 15, DC, B1, 40, 00, FF, D6, 59, EB, 54, 6A, 08, E8, 87, 06, 00, 00, 59, 83, 65, FC, 00, A1, F4, A3, 40, 00, 89, 45, E0, A1, F0, A3, 40, 00, 89, 45, DC, 8D, 45, DC, 50, 8D, 45, E0, 50, FF, 75, 08, E8... 
[+]

Entropy:

7.9980 (probably packed)

Code size:

33.5 KB (34,304 bytes)

The file getwindows10-sds_____________.exe has been discovered within the following program.

Windows 10 Upgrade Assistant by Microsoft Corporation

4% remove it

The file getwindows10-sds_____________.exe has been seen being distributed by the following 50 URLs.

https://doc-0c-68-docs.googleusercontent.com/docs/securesc/16q2li6ld7strh0ts7vvsir0islhq32t/jpgrj6qg4ufv6k7ul7v7uim32a94g7jb/1458496800000/.../14921500340734862888/0B0y2eiz8CStYb0dOd0Rud3ZMQmc?e=download

http://180.149.99.6/data/5fa830d0783a1889/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

https://mega.nz/temporary/.../RAQC1SDS

http://212.131.108.126/data/f78c50300b75ebba/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://182.176.139.118/data/8318b0106320bae6/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://srwtck.com/get?key=b11e8793cade0a4fedc9f17323b20200&ref=http://www.microsoft.com/pt-br/windows/windows-10-upgrade?ocid=win10_wol_banner_upgrade&uid=81754679&out=http://download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://80.17.2.214/data/518c30204749280c/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://182.176.138.20/data/20a5c0903f035acf/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://151.99.86.70/data/a822303069a3429d/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

C:\Users\AUASER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L2D728D\GetWindows10-Web_Default_Attr.exe

http://touch.kaspersky.com/.../1461337739

http://[2600:1017:b820:946c:fa61:a6fe:7b1e:4b96]:8181/http://download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

https://secure.logmein.com/fileshare.asp?ticket=00_.g2-16RXZFa4QrBX4k8yLoKwXT4YZiMhf4M0svob&download=1

http://177.205.9.165/data/1fbed09025822080/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://touch.kaspersky.com/.../1464459945

http://68.106.66.162/data/d21cd0f0446844dc/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://151.99.72.110/data/b22530504be2d9ef/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://srwtck.com/get?key=b11e8793cade0a4fedc9f17323b20200&ref=http://www.microsoft.com/pt-br/windows/windows-10-upgrade&uid=5318519&out=http://download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://187.72.248.53/data/7b7230a03f01e7b3/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

C:\Users\BlackList\Downloads\GetWindows10-sds_____________.exe

http://182.190.3.98/data/6ab850904b5ab1cf/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://177.205.9.173/data/e45fe0203b12504f/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://212.131.93.226/data/2ab0f0007a344098/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://srwtck.com/get?key=b11e8793cade0a4fedc9f17323b20200&ref=https://www.microsoft.com/es-es/software-download/windows10&uid=41129159&out=http://download.microsoft.com/download/B/7/9/.../GetWindows10-sds_____________.exe

http://srwtck.com/get?key=b11e8793cade0a4fedc9f17323b20200&ref=https://www.microsoft.com/es-es/windows/windows-10-upgrade?ocid=win10_wol_banner_upgrade&uid=70712812&out=http://download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://80.17.2.214/data/30e570105403bd91/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://69.24.208.6/data/144620805b938293/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://180.149.99.6/data/2e2ae0f04df409ce/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://195.31.68.158/data/aa30503052d01762/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

http://212.131.108.122/data/6dd3f0a033e35cf1/download.microsoft.com/download/F/8/C/.../GetWindows10-Web_Default_Attr.exe

Latest 30 of 223 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.