home

gfwlivesetup_4d5308d2e0000001_dir.exe

Microsoft Games for Windows - LIVE

Microsoft Corporation

This is a self-extracting archive and installer. This is installed with multiple programs including Age of Empires Online. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts.
Publisher:
Microsoft Corporation  (signed and verified)

Product:
Microsoft® Games for Windows® - LIVE

Description:
Microsoft® Games for Windows® - LIVE Game Setup

Version:
3.5.0089.0 (WGX_XLIVE_V3.05_RTM(panblder).110411-1052)

MD5:
0e20d50b6ad6229520911b203deeef36

SHA-1:
80959e47d83691e8427ad51e6923478b397ac649

SHA-256:
c8582a16f4647365e0be04826442a77de257b9bb26bac610fc1fb74319a2548b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/5/2024 10:35:35 AM UTC  (today)

File size:
627.6 KB (642,712 bytes)

Product version:
3.5.0089.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
Setup.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\gfwlivesetup_4d5308d2e0000001_dir.exe

Digital Signature
Signed by:
Microsoft Corporation

Authority:
Microsoft Corporation

Valid from:
7/12/2010 7:03:24 PM

Valid to:
10/12/2011 7:03:24 PM

Subject:
CN=Microsoft LIVE Gaming for Windows, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:
CN=Microsoft LIVE PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:
6103F7AD00000000001B

File PE Metadata
Compilation timestamp:
4/11/2011 2:12:40 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:kQH0cfWMSrveg+gp1y40+RCM/MRCD7cm+gg3L4Z1H:k1qSrp1y40cCM/0CD+XMPH

Entry address:
0xFC06

Entry point:
E8, B6, 21, 00, 00, E9, 74, FE, FF, FF, CC, CC, CC, CC, CC, FF, 35, E0, EC, 05, 01, E8, 62, 19, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 2F, 0F, 00, 00, 6A, 01, 6A, 00, E8, 41, 23, 00, 00, 83, C4, 0C, E9, 1D, 22, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 5D, E9, E7, 24, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 10, 2B, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 7A, 2A, 00, 00, 83, C4, 14, 8B, C6...
 
[+]

Code size:
367.5 KB (376,320 bytes)

The file gfwlivesetup_4d5308d2e0000001_dir.exe has been discovered within the following programs.

Age of Empires Online  by Microsoft Game Studios
Publisher's description - “Your empire is gaining notoriety and strength but not enough to tackle your greatest challenges. Alliance is the key. Call upon your closest allies and unite against your foes. You can finish many quests faster with your LIVE friends and reap the benefits of your alliances.”
ageofempiresonline.com/en
9% remove it
GetnowUpdater  by AppScion
Developed and distributed by SIEN group/LiveSoftAction SRL this adware application is designed to download and install additional potentially unwanted software offersings including the Iminent toolbar and others.
www.appscion.com
83% remove it
Microsoft Flight  by Microsoft Game Studios
Microsoft Flight is an aviation game from Microsoft Studios created as a successor to the discontinued Microsoft Flight Simulator series. light features new aircraft, scenery and terrain, a revamped weather engine, and new gameplay elements for users of all skill levels.
www.microsoft.com/games
11% remove it
 
Powered by Should I Remove It?

The file gfwlivesetup_4d5308d2e0000001_dir.exe has been seen being distributed by the following 50 URLs.

https://dw.uptodown.com/dwn/rhAstAantkW_OdCQdmeGzg7Lr21WE-zhqs1ibgVggpGUzJX6t_qUdLq-ApSWV82bCwDKgZ4GKYYuhlExVpYGD5OiEZzalC6OXHYc7xDJYNB3Ar3uvGzpwPPykUO5J4-6/DHTHmAr9zdQTpJaHrsy_mxS4jh2mCzb-dxFPwPjzR61tLxMGkANecT5KzZp1RJPnW70v_Pe34d5awjsltFz8leSpqDMyDsiq0aronfwesqEzMkNTtIoHzIX7IbdWb9NT/niLJ_bJncqs1gzdV29lJj2ukcXmxLrosFAhBsAi0s80ufhUi2RVTtoxt9Y-g2gbEkfS-39VStC-HbVPayvC2Gqk5OHZ2gIU6uEif4YLooVGi20stf8zCqsaniax5BS-7/.../

q=http://go.microsoft.com/.../?LinkID=201134&redir_token=SpqoYKyKoFCtRUMT4MLIdO94wNR8MTQzMzY5NjYxMEAxNDMzNjEwMjEw

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420921M1M161114151337KGR&murl=http://go.microsoft.com/.../?LinkID=201134

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=90865&instance=softonic_pl&type=PROGRAM&Expires=1476338346&Signature=B8vQv0AVhqlcG~NhuL~UoIODfg7ciGaV82SOKdQLEdRJGZwyEfA91Ebu9rywa3UrvKb8~kSCBiB8Uv4sLAc4kvneFtdtBFy8xvM1P07xsA0hMp5Xv-wQf78GaG5ow7zkazrQi6CEk4GgKrOCBAOMxHh0TchTBmXuoxdC~aMzfJA_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://microsoft-flight.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fm6SIo5yhl5w=

http://microsoft-flight.da.softonic.com/start-download/.../02580c0862158c0a19586024eb1aa60e

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_fr&type=PROGRAM&Expires=1482281495&Signature=bjoRkYe9vcLgfZuRAdkoUuNM9kxF0jQ-dWSjcvt6R6XWTf-z1kPkEuewh8D21SVN7wSpgJhTryDsoG24T5eAbMw-WnUWPb~jOKHx1-ypAZaVALRwQd7Bp3lhUahYGQu~yX53I5qHWyitL7En2g4F-Sc9f1vQwEkXY7pBoD3rs54_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_en&type=PROGRAM&Expires=1481435617&Signature=epkYq1~iUQoVq1rBd30InJTUfHxFVkoMFGY-wsCmAhF7vrdt1NFCXZsg0FDho4XhQi~00tDQQprMQrllQND7Q9VKFh4nKtz7gEVBz4CY4FBFBWrS0-hemY5QwBNLqT309MtwtSFT2dw6b19mYmKDu-mClaown~HOknNiHJVZ2fw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_br&type=PROGRAM&Expires=1484989449&Signature=DFbrgsDblax5-1FB-tTJ2tqysDJFLLdd940foaGphaBRQskKKZuU-4NMtOgw6fcqIfTAn-svJNeW~AGWaCZ2fqnvfU9bAb2MYFsh7JXoz~EcjPoy-40AnyaaWsek7lUAZPohfJE~HpxfuqxEo7d6e6SEDtT8iTsGHvl5vF9voPg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_en&type=PROGRAM&Expires=1442551306&Signature=MjuIlDM~7bQvxWHX9ifxU1RwYlJ7pqCQqmLp6WV~b3h9UESPyg~WDwD2cN~aRSuAHQnbfUQnee~UZogS8f6x11bN3NT58Ef~eKpZcLcuE8nsP-sUlgrruvvRGftARMWmNhwlK5lM2ZD7nWgTxoVK8Ok9ShVobTjrWq~fGVUxY0c_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://dw.uptodown.com/dwn/T8mBxP3gIctr1Hf9AdKkSUJOvgCjROZByTvWHZp-ZE4jYprbr_BxGb574LoekCxFkKIUq0JYZ4opdykqmDwuJrXfyFy6naoV1IrO4dz7ZzJ6WA70VRgP_cgGOKs08upu/p5Bpn7l8-MnxuNzBEvYRP6lVmm1EIuNwcePbFw8o4vEPNZs485iiCIThyAEbIKybvTEPL588yeleZD5oFmWQy7gqTnRlslBJW6JRlAHt4vw1IJxnOKZDshnMexbMQgj_/s_Yzit9akRDxRVQBydWx_L5EcBqDEdpNS-tOLgO52pqq5B9xs_9odzKmNLF5a0DjzHo12q08wqejnhbXfsqtO5ltquQUd0npUEgarkvJ85A3iuVIl_v-TBs_9nccWoaU/.../

http://dw.uptodown.com/dwn/ut_8wPFOTF1WmgQZn2gqG6RRtwL0LPpZIhJBrCbmsWAnwAH2lbWqE0qxKg141AZfG3PUnpgrRosE8dLXTkJDxFm47uo97e_bGIpwl1wSsgKf9hAkcv9ldMPDrs44fXSn/YY_UVr3yWEp68lGiB5nctkN5_e46YrSN5gw6cYtFSEGZehrpChETMp23aXG4xZdxGqB3PZHLPl2KVVmyROnHML_2HPgRt2FatO7TYAF3DGUbfbZADY5XXfp210hZc-hC/aR-_Fq0o8nmsvfXwxjFqUXRfkJiPA5FQnslAkBD6D7plww1qxavCIwOVfYsY2GY2B4aLaGwVsFVVHU-X5LszEX81392QGBrrWMxgFbRakUJY4ecRAxrwr9mMLnr7pFKJ/.../

http://microsoft-flight.ar.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKCIp6GkmJ0=

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_en&type=PROGRAM&Expires=1446184408&Signature=FilMRxdx4vW72DNIDYR7rdvvT2llWwhlO9pTXTO19tutl4xgFjtUpfMAUxtb47tB62ylEejfTOuFtU0~C-yO1LUeKRvf0hdWl2h5o3Oa7RyeUsV2HDAOvdjg~QOmOqxqeM5EqB7S6Sz4G931hYbfzEwun7AGvnL9OzO4d~Lq1Kw_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_en&type=PROGRAM&Expires=1487488882&Signature=HNuZ0x1N1lLVYXxxV0kgpILxPZf4Z4rKdrD3kMpjjVKrqiXk0FLYxq9wr4lWJTU3LH1uy2ecTVIUSlvqs5OCZrh3QrBcrX12gwV0uSaX4kWMm1HJix5K3j1x3WNggEr1WBlrI70JClZSC7ABinY9IVGqI3BEjMpuqI78MFGdxTQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_br&type=PROGRAM&Expires=1480246459&Signature=BiNRmpWUBKUyV0AzrwfeaX-KxAT01u~2YcF9q-jZr7prI7qA7P5K0g-P~c-rgBxeoRCB-VrA55urJMaCLW8brGzYFgK-9RySiqOaPZsPf9CcRFgPoyisaxhRUWplqSPipu2CKk9hkhJCUQVcopGqUKvKKTwlAoyy1MsYliQ6iJY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

http://dw.uptodown.com/dwn/TRASg2NT2vs_8PmfqyZbu-fvtmdW7JSgXafxdRpNLTVgMrHsnjjI-mi0GHF521MXfVGyO9RllDenuQQe4LxbrTv6e_kSmZxa5bqtikdUUE76fW-dnxITvCR2gkkRXT7-/qrjaYE42wcrUA-UmRSozf8rR4NKwQVpuerPjdMTpAMlQhV4Ow0WazazMEkfjTi60S1ke4NFrT6vIT92TBbB4pbjjCjW45YzBUE3FZCLoniMAZK6YWLA57z1ukCPX7qvc/-QwkZtmxS0LyzJSeyAk9n5anw6Ysdl-jcc_l1oPyO67frmo3udNi-1yKjKtz9gaycKUQWRZbDBUujrlJ0ji-NOkamUKBYBH_4H3Bq1YumcbEA7isAkM_fwoCgAWp9zTQ/.../

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=90865&instance=softonic_pl&type=PROGRAM&Expires=1485341621&Signature=SOPd9JqxkZjlXNryvy71nmHGp3ughrIAhT8xIh6OQJPqOX8aUdRcqmJj-ZYgUige4wu5xdQ0xsYVJ5vRXzcxIu8dKqX7MLobaECSVeqNzgLhUgahaC68Asn16tmMDdbMn~Qe50xWHcRgTjUHWfSc~c4F2O16SMoywk46bzEDazg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

https://dw.uptodown.com/dwn/IMFrcNNruLlgs7-7nhphDUOtPZn8yYNKjL-maGG5a8rt4wRCaLlUsDMER-JCs1rSN33YQPQBELO1cRJy6FO0SjDV7J694e5VIZ28kde4U6cBQU7cA2kCBc9xlJuiN9-v/VG8ba6ogTgUIdEA7w4wYO2fx5vs1QXLzNYaoBkY3uveLGca5bjRPADUc29SL3gIsjNUeLuI5c4iCKipYEFr1cIwuJ6JG2KkS-lrQTLZ4TpapE5zH8JrHZxrT5SUeu7KA/bYR8z9s0weyBy7exfYbBZs8rS4Tn6i6UYqJqnf_vSnzbIrMUTVtSPD0c696PR99AKfmIVNkH0--qZfXnpJi_4OLHkkjjP8TKp1QVzSYMTeq1rCFgATLq3Uz-hDFIhRBp/.../

http://microsoft-flight.he.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fmaaOn56jmZo=

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_br&type=PROGRAM&Expires=1475975521&Signature=VMags3nUIjACQbWfWHe68Q7V8mrw~lyLTwNJD7jz9n6BBkT0cNhLhGu3VK29F4l5rHlXNla3vmkFhKNov1qhf6cUg0KQd7lJ7xydISNzKtOMJ3q1pwmYyEoZqoOqo61z173lYVRMdYJ8-Py0N6D1pJdYSr5MmZX8o0lSbIVrCOg_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

https://dw14.uptodown.com/dwn/18KUH7ojwk1vvpBOEXH2aGIOOt32hKZKHn9M4qovz5gidK_pp4VpyJXl0ArWFxh0UexAoD-B2gb97griFH32-nBNPqAE9JqNLCqfuTi1vKNqBQYGCVA0gy_GHc9S3B48/DfMPjJZNVKX9vxGYHcoGiKCboxyk5Vav0XP3-suk8RiZ1ExFRGeNLg6KaF6eNxdbKzANe7M63FBY2_w1G06mgkG8SQ_npKEQbwQvqyeAjGr2LeiN9i_xWrRASXLa3_Lz/2-Xp8FCN1R_XuQS09UW3eKzXBCXEc8T07N63Gj69rCnyE4v6PfR9Yi4o7q8F0uYi2w_uwcUbXHAbPCdBnmnWRPl26QRbR19ng3vUZ9HNJ8qFG7iKkp0KHdGxvo02Ascf/.../age-of-empires-online-es-en-br-fr-de-it-cn-win.exe

https://microsoft-flight.da.softonic.com/.../3tjQyeLV3cjDp-Hw3sCixsiGa5-fnKKIn52klZY=

http://lb.cdn.m6web.fr/d/c/a/4104dd5eebb45fa7c3320b7643a0b8d8/586dafa0/soft/.../games-for-windows-live_games_for_windows_marketplace_francais_311022.exe

https://dw.uptodown.com/dwn/oqVQGQUSq17Ld3G1IyXRScois_iAkbMgktPq7ZwdoLvJsg3Oxoq2FFZmxuiyeXIcQ-ilJSYFqWGHRLVDMB2Vx0J5r-8n7B4awIwXGq3B5p4fR4N9S3gMqKa0U75ggecY/ctJtfdQ__O7xSfr4K8h6eSvzkIgq3phzE5b7Z8EuL7AFH1gvhhwlFUcqtKx3y50CqpczouDGrsp_Zt1bbLoABtxNVuLBViuhROPTW0yTOmfq7-fMRlCIeBh8UvcbdYb2/oNh-ZF6P99iCFlm9Dp3BDWkayA8-fa1ntD11yu0P2dGOq2aqEY2ZqZwZbksoe02eVk4-Uh_FEZSx9WlyBFpUKqSK2o3mRZyWVF9SdEfB7E846n27z1zg0LCU1jgDBz4S/.../

http://41.223.201.246:801/.../gfwlivesetup.exe

http://dl-vip.appstore.baidu.co.th/.../gfwlivesetup_4d530fa3e0000001_DIR.exe

http://gsf-cf.softonic.com/809/59e/.../file?SD_used=0&channel=WEB&fdh=no&id_file=3335430&instance=softonic_en&type=PROGRAM&Expires=1487835726&Signature=g4q0iwZPPZq7Lypd90jXa1zozuIigCsgA-57kr0ErRzZBoM7gj4lSXVHeUOKEvzqaY0L25RY6JYUq77frgFfRD1aQHaeZ8xIqWa80sUAJagLdRQ~8jLZOiZkTU9AiM5FbSJGEeWBqnG8D4hQqXLtm5sriHy2OiTWIJJMqvu4Tkc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=gfwlivesetup_4d530fa3e0000001_DIR.exe

https://dw.uptodown.com/dwn/4nd3auBcK_6QkvKphzekMoQklITvB50Wxc6VN0h79YCI9kDYyo5GzWwScS8cXuuUF7MZkwmhgKeoBiRwbonbMeL1hfemOSWTzO76Iu-D4hHvXX2l3kar_BhTy5c94WGd/wnUIQqv5fqNu_oFH4ZNh8-5_6MOUbg-3us7Hl0oOT1FTvbaX2-x3HPu9QjCPZmlMM6EJGJXgrfBsUJ2V0vMmGjh4B_AptV3chVlmeobNhH6K9xw5-w_chqS-thi5xW0A/KBaZ6oXpx_7jYdbRFVcONEhAsPmY13rl3Wodb_NKt3hF9NTwwc6HfgS25m233NYZiUSVA56zQ1EH10V82TQ34cwLPA9LClrxgx7VcZNp47OCufd6i1zr59Mx6GmVZH14/.../

http://dw.uptodown.com/dl/1447450909/.../age-of-empires-online-es-en-br-fr-de-it-cn-win.exe

Latest 30 of 527 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.