» windows10upgrade9252.exe
Overview
Analysis
File Details
Downloads (81)

windows10upgrade9252.exe

Windows 10 Upgrade Assistant

Microsoft Corporation

This is a setup program which is used to install the application. The file has been seen being downloaded from 187.72.248.49 and multiple other hosts.

File name:

windows10upgrade9252.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Windows 10 Upgrade Assistant

Version:

1.4.9200.17323

MD5:

d447b7550392faf854ed0365839fa357

SHA-1:

9d26d8e8e48be47a339687fbd2a37eca517160d0

SHA-256:

cbd63b13c25569c07f34c1b98fb106bfdcc9bf09d040fbcaf80b25e6e7ccf265

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/27/2024 1:59:37 AM UTC (today)

File size:

5.5 MB (5,788,016 bytes)

Product version:

1.4.9200.17323

Original file name:

Windows10Upgrader.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\windows10upgrade9252.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

6/4/2015 10:42:45 AM

Valid to:

9/4/2016 10:42:45 AM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

330000010A2C79AED7797BA6AC00010000010A

File PE Metadata

Compilation timestamp:

6/5/2016 10:38:15 PM

OS version:

6.2

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.10

CTPH (ssdeep):

98304:wBv4ud+4ADBZtx3nl0Fe3WE7Z9q6yGgpfVcy1tcEh0vH3CosSyPORwa:uAud+4ADBj5nl0FemE7DzngPcRZ/yFPK

Entry address:

0x4C3F3

Entry point:

E8, 29, 0A, 00, 00, E9, 0D, FE, FF, FF, CC, CC, CC, CC, CC, 3B, 0D, 20, 80, 46, 00, 75, 03, C2, 00, 00, E9, 05, 00, 00, 00, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 81, EC, 24, 03, 00, 00, A3, 00, 8B, 46, 00, 89, 0D, FC, 8A, 46, 00, 89, 15, F8, 8A, 46, 00, 89, 1D, F4, 8A, 46, 00, 89, 35, F0, 8A, 46, 00, 89, 3D, EC, 8A, 46, 00, 66, 8C, 15, 18, 8B, 46, 00, 66, 8C, 0D, 0C, 8B, 46, 00, 66, 8C, 1D, E8, 8A, 46, 00, 66, 8C, 05, E4, 8A, 46, 00, 66, 8C, 25, E0, 8A, 46, 00, 66, 8C, 2D, DC, 8A, 46, 00, 9C, 8F, 05, 10... 
[+]

Entropy:

7.9470 (probably packed)

Code size:

411 KB (420,864 bytes)

The file windows10upgrade9252.exe has been seen being distributed by the following 50 URLs.

http://187.72.248.49/data/90db50807c937a41/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade.exe

http://182.190.3.162/data/1055e06040fbd8e6/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade20528.exe

http://182.190.3.114/data/52a070706c4f6383/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade20528.exe

http://download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade.exe

http://download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade20523.exe

C:\Users\DELL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3C012XXI\Windows10Upgrade9194.exe

http://download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9222.exe

C:\Users\céline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6FMZKMAF\Windows10Upgrade9194[1].exe

http://click.linksynergy.com/deeplink?id=XdSn0e3h3*k&mid=24542&u1=420237M1M160613130330KWG&murl=http://go.microsoft.com/.../?LinkID=799445

http://minecraft.softonic.com/download-tracker?th=8yS3 KGEYLiw7GKMHzA/trmsvRChbxdrflJq3ZIylWvTH4EHzP0daucGfNi4 hWQ10G63 WtaA/WXUEVOrWyG5i oNPVnOFqYJOqXSn6IRuqWp/.../kllADjxFdzCIj1wJBw92V4=

C:\Users\Owner\Downloads\Windows10Upgrade9244.exe

https://dl-mail.ymail.com/ws/download/mailboxes/@.id==VjJ-SfUiPsURoOH1lzpa683aJ-M9B367z_3oQWf9YQWXnNaGG5oJQ7rAJQZCuWcG-ajbGH4nkLovJSeSm65J69qU1w/messages/@.id==AG8aDUwAAYG_V2wd8g8fGDqAlwM/content/parts/@.id==2/raw?appid=YahooMailNeo&ymreqid=c022bb2b-ceb5-feb2-01a7-1d0013010000&token=zitEzqOML3j84e6ealFTT5U7-km5qEQF52lp7AcCuBb-zPibQnizeN_eaA_21nxt_tmbZU_QP6bd5QzJLzvu9w&error=https://us-mg6.mail.yahoo.com/.../iframemsg?id=b85d8514-3753-3def-541f-b732298a5d5d

http://105.232.255.252/cache/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade.exe

C:\Users\Owner\Downloads\Windows10Upgrade9194.exe

http://80.17.2.214/data/504d70b023dc5488/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9194.exe

http://62.8.79.14/data/3d3b70704aca9321/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade20528.exe

http://151.99.86.70/data/4c7810a00ef056e8/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9252.exe

http://10.130.24.197:6610/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade.exe

http://download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade20531.exe

http://srwtck.com/get?key=b11e8793cade0a4fedc9f17323b20200&ref=https://www.microsoft.com/de-de/windows/windows-10-upgrade?pm=pse_pma&SEMID=1&WT.srch=1&ocid=PMWIN10_SEM_bmc_pma_goo_de-DE_ windows 10&wt.mc_id=PMWIN10_SEM_bmc_pma_goo_de-DE_ windows 10&uid=41128413&out=http://download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade23604.exe

http://68.106.66.162/data/c05470a059466a32/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9194.exe

https://onedrive.live.com/download.aspx?cid=ACCFB8051EA0ED92&resid=ACCFB8051EA0ED92!250&canary=RU0UHcxIjY7AlQeWsi2VvrJRpalMG1SlpeepaImTaco=8&ithint=.exe

http://212.131.108.122/data/f85df0103da1baf4/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9194.exe

http://177.205.9.201/data/86ed7060064f5c52/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade.exe

http://103.3.32.207/msupdate/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade.exe

http://srwtck.com/get?key=b11e8793cade0a4fedc9f17323b20200&ref=https://www.microsoft.com/en-us/windows/windows-10-upgrade&uid=736514&out=http://download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9194.exe

http://download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade20648.exe

http://222.165.175.38/data/585030c03842fa8b/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9194.exe

http://203.203.0.120/data/041bf0203231e52a/download.microsoft.com/download/0/4/7/047889D0-578C-4A44-A38F-7F30A6CB3809/.../Windows10Upgrade9252.exe

http://113.171.224.244/.../Windows10Upgrade.exe

Latest 30 of 81 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.