{"report_id":"48fbde14-0e32-468e-9050-4192b04691ad","version":6,"status":"done","tags":[],"date":"2025-03-25T17:20:50Z","url":{"schema":"http","addr":"uupdump.net/misc/uup-converter-wimlib.7z","fqdn":"uupdump.net","domain":"uupdump.net","tld":"net"},"ip":{"addr":"172.67.140.132","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"about","addr":"about:privatebrowsing","fqdn":"","domain":"","tld":""},"title":"about:privatebrowsing"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-03T17:20:49Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"uupdump.net","ip":{"addr":"172.67.140.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-01-09","domain_rank":117905,"first_seen":"2021-01-09T22:41:52Z","last_seen":"2025-03-25T17:20:49.551798Z","alert_count":0,"request_count":1,"received_data":1687970,"sent_data":508,"comment":"","tags":null,"fingerprints":null}],"files":[{"md5":"baa2ee10a78d5e9e588e055a333539ba","sha1":"6203d376c1e87d839e709b45c0cde9c5b833eea1","sha256":"f7276e80fea3c8a556dacac9501e4135bfefb39097d592d091e924eea2f5d131","sha512":"712c29429957e8d247ffb2943743780ffcbc34f1f3c8550ec0bae2193c42b921254f08163927520c5ed8cce12c0342d181a2c4d52b6cd983d4d35c17d6758ffe","magic":"7-zip archive data, version 0.4","size":1686920,"url":{"schema":"https","addr":"uupdump.net/misc/uup-converter-wimlib.7z","fqdn":"uupdump.net","domain":"uupdump.net","tld":"net"},"ip":{"addr":"172.67.140.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"bin/APAP.txt","filename":"APAP.txt","modified":"2024-02-07T07:35:33Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1953,"md5":"8290f63c28641077804a56feb823dfba","sha1":"74a3eba72e627e4e9ffbe51037d011da9e033cc0","sha256":"387a55f033ada80608460e7bd1eb339522e056e79465b08254f393bddcd0e7ad","sha512":"101b74f6f3fff4baa2d93754ee7948043b05f9bade6e1fed08491f9668aaac70aa532c1e47b0d37adbe2d5fca41e94b22cb19c15245dca8d93119e14cf21ec2e","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bootmui.txt","filename":"bootmui.txt","modified":"2024-04-11T04:43:29Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":808,"md5":"a003f367d4f62cf15d4fdcb7edfe4d37","sha1":"1bbca1aa7ba698df90635e1732f74e6ad2e4b40f","sha256":"9ce5438d554b6faeba3757c072e28ef358f9268953958e4f625b072122823ae0","sha512":"64317b20a75ed78d97f7b05ca34fb759da076ba564349dc6f37ddd23b7af7af87e098baecb107c9b6f1ffbcd948ecb173d5f02081856e281efab41d9b86c9511","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bootwim.txt","filename":"bootwim.txt","modified":"2024-04-11T04:43:30Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2277,"md5":"61eecc514db0594057cb77ac667aea99","sha1":"c2597db370a6f149609c3fe90c45cb45986d81e7","sha256":"0448e6181daef2b9d976d1f6e6f180a1978828294a90ed3d053d2475ccc86366","sha512":"c8cf9f13551feb81eabff790b4a82d083b741a970817ee1d8553df5a4f55c31ecdb03d4571be4b911ce792be781d6ff6514fb7e33b53356b89071b159544d92e","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/CompDB_App.txt","filename":"CompDB_App.txt","modified":"2023-09-27T12:23:29Z","Modified":"","magic":"ASCII text, with very long lines (306), with CRLF line terminators","size":3896,"md5":"01c712a8097b4adfa69836054bcfec20","sha1":"53fcbd82771a4f4309388d9af850c33bbeff6164","sha256":"07e82f737a2de3b7b5baa1991bc1f1a9718e4956f26d73ae0522fe24ce25a0e1","sha512":"e79670213bd07c46b609224427f6ed0d1551d0e73c203a9086cfacc44b7d119a1ea277f500b6f9f5e421142034ac944370e9989dd54f36aacae84e96fe2460d2","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/PSFExtractor.exe.config","filename":"PSFExtractor.exe.config","modified":"2021-07-07T03:31:46Z","Modified":"","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":186,"md5":"ef32e2b99b3ac0aaa4a1ade65a87bead","sha1":"704308b0c3349f9c9c104e4b0c85d065f011826e","sha256":"bc13330a191ac2d72c75c35f6cb430dde1f91da1da1860fb617125b6dbf844f2","sha512":"2425bf847331acdfb4962d276da412af5f5349b55b77ed765433589e1a28294bc1ef539c11ae3a7b7be9499d3344fcfe9bbdc0fd402f24b08747a19e5e4a0558","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/psfx.txt","filename":"psfx.txt","modified":"2024-10-07T04:53:29Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":4808,"md5":"deb1aa95db4872d8f9654519ab268d65","sha1":"f748c0b680a71d2984720f37d242c46027a13bdf","sha256":"a39534e553d29705a3f20beec65f4776df51ccfb4b1475ee27ade4bab1f674ed","sha512":"9b8c98d14b49321a65ea3b84522aa95527d75dd2aa515b82a4770a50b5b8ed422dd6686c3a53a6b17093f1da2b6472ca0b8fb1e1e8cef88bbadcd7b7c2cdbed2","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/tiTkn.txt","filename":"tiTkn.txt","modified":"2024-10-07T04:53:29Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1232,"md5":"8b22c9f8809c4c6caa00ba96e5b615a0","sha1":"bb2a539e1b73eb26a79750d97c36139376f90646","sha256":"926d0325a2299a8f2631efcfe4b293556fa9b8111e06491546b8efb44409748e","sha512":"ee31a6e5d0393403b1c8cf7145e2f9d7ac586ec52f936cfd9a53bf10dd0bf915b11be370302714c715426bf2d0b0924fc09f36bf89810ba011cdde12aa7d1e5a","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/Updates.bat","filename":"Updates.bat","modified":"2022-03-05T05:33:28Z","Modified":"","magic":"DOS batch file, ASCII text, with CRLF line terminators","size":1251,"md5":"964be95db8fc4b0cc11bba08f07da0d2","sha1":"8d654e1a61f790eff9b707b697854e8bbfeb0299","sha256":"68cfee5caee25321e0190815b4abdd8e208fdfbdb4dac1dfc3168fab480604a5","sha512":"92991b2ecf98de0df2dc0efcc0b8756daa8d128b822f67e04b0f37058dc20a94db9c5772759c083b49149934649c6141bbf6bdb1d7248df3b809d97864a65f9e","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/veData.cmd","filename":"veData.cmd","modified":"2024-04-22T03:49:07Z","Modified":"","magic":"ASCII text, with very long lines (2568), with CRLF line terminators","size":56091,"md5":"9272fe6dccfcb4c25bc0c7f8e614df2b","sha1":"95ee9061521edfd230a9a62a2b9369e00d4d245e","sha256":"50cefa0fe9743bd18a2867e5765d5114d290aef19b8dd2d25bfc3b21ed228efc","sha512":"dbfde9e32391f3eb802804b85111205610c740f887465e56ccb8f8e19a4ad8e33e3409f1222d654ea2ab5d1ca824f5bc4bd4a263053c9c2f81ffd460e3c81966","alerts":{"urlquery":null,"analyzer":null}},{"path":"convert-UUP.cmd","filename":"convert-UUP.cmd","modified":"2025-03-25T13:19:16Z","Modified":"","magic":"exported SGML document, ASCII text, with CRLF line terminators","size":215568,"md5":"6b723193f9b6562d2c88d9210ef0a0da","sha1":"a0dd015634a7c09c65209ce0f89f7a3db6bc35b2","sha256":"90335e2460dfd573af355993c02d582de6e4c76cfbbff805c147837c8a89d4cd","sha512":"d61d701232fd61453a55c0a8e0d43877c526bb8361b01a87529eb1052c5928b9736e829edbd24116a58e359d3e43ba30c62f9a645ba65eb723e7627207b31be8","alerts":{"urlquery":null,"analyzer":null}},{"path":"ConvertConfig.ini","filename":"ConvertConfig.ini","modified":"2024-10-08T09:28:29Z","Modified":"","magic":"Generic INItialization configuration [Store_Apps]","size":636,"md5":"f4898d72d7658a1033c8784787504a70","sha1":"1f06247cfc2fcaf34797258db98736c429f000cd","sha256":"ef22d58a612c78145f0248495a311f9e502b73629611ef63ff2044ec40289fd9","sha512":"0a3df2af87a662bc199a7959ad13e7ec06d017501ae9c5ec25246a036dd155b121dbeb35c375533364803f4ce35e53af6c486b32875d34b3a059083db041b5d3","alerts":{"urlquery":null,"analyzer":null}},{"path":"create_virtual_editions.cmd","filename":"create_virtual_editions.cmd","modified":"2024-09-09T11:16:51Z","Modified":"","magic":"exported SGML document, ASCII text, with CRLF line terminators","size":55499,"md5":"e6bb7ce03143be8e57c9de78b3f5dde2","sha1":"b022431b5428bf6bf0db5d35cf5fac082e0cc8a4","sha256":"3df88c5843aff0f726910a55479c8456f9e9a1cd90eebbfbf5c721bf541f7cfb","sha512":"1ccf3cdb5c62e122569b80479acac00b1960e914fb02afec9ee630667fbcabdf81441043606b43e72ffcc7baad4f447649657e0cffa10cf1a58aad1de4f562b8","alerts":{"urlquery":null,"analyzer":null}},{"path":"CustomAppsList.txt","filename":"CustomAppsList.txt","modified":"2024-09-09T01:20:21Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":3542,"md5":"9f223cbd12372e4fdcb863b6d9d1d407","sha1":"a4c12c591a82165c72a3432f3ada910516c99690","sha256":"e59c6dae95ebe816b1bcf4018599e0597b62ee6d4fd7f81708359aae43073ffc","sha512":"0651bf821785e47b07f1227df8adfe6e13c0dfd6078f040c02cc442f3839c58295a37b97b38fc0b6aad4f06f443586ed557236aa648cf3becc4bf92a59a5d9dc","alerts":{"urlquery":null,"analyzer":null}},{"path":"multi_arch_iso.cmd","filename":"multi_arch_iso.cmd","modified":"2024-09-11T20:05:06Z","Modified":"","magic":"exported SGML document, ASCII text, with CRLF line terminators","size":38154,"md5":"3978a26b0fb93c67ccb10cb90c51ac8d","sha1":"eee4f9726dce62e89b3622315545a5d59b6d0424","sha256":"a789c9581b09b6619eaf0c4ae3046571d11fe038beec1dc47770346523baa553","sha512":"931d7ba3729f5f5ec6d6e4b0ae9a78e0538c4644b8a57f17c881c2f7c0dc371a280a17440fe7ba52cd43f4e00fceab343fba319b696c0ffaf971da3b9f380ca6","alerts":{"urlquery":null,"analyzer":null}},{"path":"ReadMe.html","filename":"ReadMe.html","modified":"2025-02-10T11:23:02Z","Modified":"","magic":"HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":36241,"md5":"0fb89cfbf88e285bf29b1d1259719efb","sha1":"0765ca7d61eaf007fa4628b08f6af64e3fbf5574","sha256":"1f0617e4279c681e7fec5b803621e1778ac47ebaf62d4804ad4d9a56dc8c149a","sha512":"15736188a0206233f18a2249a9e4051df4dd696bb60af257443573b0cf1b940d58dfefdfe38cda6d941160646a2d76cfe8a772f7df536589cf2bfcf61ad96682","alerts":{"urlquery":null,"analyzer":null}},{"path":"Remove_Failure_MountDir_TempDir.cmd","filename":"Remove_Failure_MountDir_TempDir.cmd","modified":"2023-08-14T15:06:34Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":3807,"md5":"91bd5b3d939aeb8beb083f425d8bcc9d","sha1":"9beda4ca08e8a724e667c6690f9fed3ecab438a0","sha256":"2f8a3de9691665ef239e65cf68fb6e7e317de8844ee132e2fbb77ceb2d70889b","sha512":"ab530e1ce91f90101e1f8802f859f299aba7a76c9e7294df908523bcbf6375925df91e5d3f67e2d49cc39aeae5e0fe08df4c6f031a50e0148641dad707c71b79","alerts":{"urlquery":null,"analyzer":null}},{"path":"UUPs/.README","filename":".README","modified":"2016-12-21T00:57:01Z","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":134,"md5":"c013ca3a8da389fbdecb49c6b0a5e913","sha1":"84a9534cfcc9040e9aaaf3cb809e29aae9cc87ae","sha256":"bc42527deae7f8d2e5645015cd1a6c11153da791777d6ccbe9ef71b3ae86b244","sha512":"e70c8d331000425fc740e02436cf23d7a39762bccb3c35dd45a1c235a83115670d86bc72db31230eb373c28836be681f27e72c14b74ccfe0b9615d080069d12b","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/7z.dll","filename":"7z.dll","modified":"2021-12-26T14:00:00Z","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections","size":1167872,"md5":"0dce103b0102adec3279797665b7a4ae","sha1":"c121392bab6dba8d04bee89c6b526e8e67650cc8","sha256":"3db62076e5fcc897ff29da47fe4029900a4ad696b395b6fa96acff1229444c1d","sha512":"20f0f02097694579ac8794d56411fbe2d97c47d37794cb52afdabc9956c0452e8a3bb273ed34e463f31927e29e7e41c0fddb82fbbe688dd39c4113c00ec91bc9","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/7z.exe","filename":"7z.exe","modified":"2021-12-26T14:00:00Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 6 sections","size":331776,"md5":"7187ae605f4dce14bb23ea2623956335","sha1":"f7c1df33b875c98f41dcde24117d89d42d25b7ce","sha256":"9e2631c19b243c28b0980607ced2540e9447b1166572483475547c1a9dd4ac0e","sha512":"f64522e2fb6bb61884fe53c34e79b355efb9ec33c02b2cd67d729af7d763e7b3873a5c7ce6ac7bb4567e6bcf8c70cadbc66f511e8bb151ab05096a832032bc8f","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/APAP.exe","filename":"APAP.exe","modified":"2024-02-07T07:53:14Z","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":4096,"md5":"0ae0b18480a3aae780ed7ca6b44b073c","sha1":"3a84ad69e0691ebe24d3e5e82dd1366af416d227","sha256":"980e83767e783fc7a528d4b08379b753546d0a5bbd5c833f8b6e7991e3ad2d4a","sha512":"dc07bac28247f6bade1c399c094c1207c02aaba187b95e3c707e1ec01ae79f514462031b0f303081728792c927e3a385b2774883ceb7775dc4470279833f6b03","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-23","alert":"Scan result 2/73","trigger":"980e83767e783fc7a528d4b08379b753546d0a5bbd5c833f8b6e7991e3ad2d4a","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/980e83767e783fc7a528d4b08379b753546d0a5bbd5c833f8b6e7991e3ad2d4a","meta":null}]}},{"path":"bin/bcdedit.exe","filename":"bcdedit.exe","modified":"2015-07-09T19:30:48Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 6 sections","size":378560,"md5":"e48eee77a8a6390b89781ccd1d7bccc5","sha1":"b978202fc8574d9380f74a1c5b59fa290782079a","sha256":"8ab894fc1acdc83d3c54a3bb6ef65f2d8d06ac8015ee39ab52872eb0dd0dd826","sha512":"5a71b7f550c26196133ae78914f93d1ac4be7962e89ea86d298cb0481e9a522f28393fd43d1d8717927b8a783dc3704d6e9f83964295c6e878765a41dba92e8c","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bfi.exe","filename":"bfi.exe","modified":"2002-11-01T11:50:09Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":92672,"md5":"edbdd5893d753fa68865ec3ad7dfe06d","sha1":"8d3a30e823f5d0c5e3fbca135bb04891475219de","sha256":"8f26a3f1a1f6f9ac0c279b7df56c41c79e4f23aaefd7da6e6ded16d091d4ad81","sha512":"0c0e88f1f5100a2f67ee947b86081d1c30507eb018c1484e12b9255f6578aa9e0b59d6e5dbbef8a8e34d9e36e90666d97d44e3f3cc29dbf0f8bb3bc7584e0756","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-23","alert":"Scan result 2/73","trigger":"8f26a3f1a1f6f9ac0c279b7df56c41c79e4f23aaefd7da6e6ded16d091d4ad81","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/8f26a3f1a1f6f9ac0c279b7df56c41c79e4f23aaefd7da6e6ded16d091d4ad81","meta":null}]}},{"path":"bin/bin64/libwim-15.dll","filename":"libwim-15.dll","modified":"2023-04-28T06:29:41Z","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections","size":482830,"md5":"e00fa5e9967055c31a62410fa4a758a2","sha1":"334b69f34bb6eb3c4dcd4a3a5ff570642b672ef6","sha256":"b8f1f4a0a74bf2b009dcfa8854fd9146cd061ad39b78da24abbed5d9396759f0","sha512":"1f0db54b043da9749bda9902b71d9755d6b425856874a00f4005bc0d1ec09c99bd4d84321944ac20f04a0708afaf38f2b67256c06892828781655c7c92052458","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bin64/wimlib-imagex.exe","filename":"wimlib-imagex.exe","modified":"2023-04-28T06:29:41Z","Modified":"","magic":"PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections","size":139278,"md5":"c297992a7e8a207508fe30c71bf2691c","sha1":"bdbf4936b0450cbaeb679f79bcbd1e719e13f813","sha256":"a2fabc32d5c405c013e29d5b5f553067aeed6896098945e490726269f415d1a2","sha512":"9662eee3563be1b9da683353b6b57091f96bce339d8732f1b9031867ac1ec5dbbc939f8adf297afd5c786347eecb5f801766a0f52edafb5e5c47803b87b58299","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/cabarc.exe","filename":"cabarc.exe","modified":"2013-10-14T16:12:38Z","Modified":"","magic":"PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections","size":81376,"md5":"a02a8702c6c539bd8648ccbb1869a604","sha1":"c16da959c5aa9f29346e22fb07802cfa8f7b453f","sha256":"cceaa59cb4e67f993b099c5e2693eb15231de3863e29da14ff130f24b66ff260","sha512":"6b871519e6d190d7703aed7e58d11b0bd69b731a44f90be0869efe00d256da982601b69d01721f8002c99d4cb5d36913b171306a79bb62bd4a5f9655f78ec3d3","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/cdimage.exe","filename":"cdimage.exe","modified":"2018-09-14T18:26:12Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":125456,"md5":"faaca366b14a036ff0fdd52654cb0798","sha1":"012971416995138fbd79a6f250b4e554808eb7ee","sha256":"14f31062294cd2e287343097435c5275e16e38a405c23af1a2384180fad075f4","sha512":"f8cc4374dcb9268fed6b0c744a4b992cd4ce0a56651b9bc60157e167c6560c5090eca6dfa65ab801e368192670144f2a475fc3d57d676d1d12ffc7fb72a78a7c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-25","alert":"Qakbot New Campaign ISO","trigger":"bin/cdimage.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Malhuters","date":"2022-10-06","description":"Qakbot New Campaign ISO","malpedia_family":"win.qakbot","rule":"Qakbot_IsoCampaign","yarahub_license":"CC0 1.0","yarahub_reference_md5":"456373BC4955E0B6750E8791AB84F004","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cef91a6a-f270-4c35-87a4-98b6f78096db"}}]}},{"path":"bin/imagex.exe","filename":"imagex.exe","modified":"2017-03-17T23:30:22Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":648512,"md5":"a452fd6f47c7f603c2c2034dacc8cac4","sha1":"81beb20db768bc42d5e7df7d77a02d792d5ef92e","sha256":"4edb6afb13477de51459096cc3f7d2a497f053fecf05cc3c360451fede667848","sha512":"0b4b211df29fe208a2d3f44c4c065cd840f991ae02a48bcecd0d886e7e52df51bd4c707f0f927f5955fe36f40a0eb9f751240f143e5f165be33f0b6e9ecde3e7","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/libwim-15.dll","filename":"libwim-15.dll","modified":"2023-04-28T06:29:31Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 10 sections","size":525838,"md5":"cb5fce32bb4559e6c078f68257b8cf03","sha1":"c6181dd756007700322d5fb519f0697dd56a671f","sha256":"e1b005c0f1391b30357e64885a08a09a2d41de93b38acaa25ed7a355f74f56b4","sha512":"a175be59ea81bfe2ad9d4590861e6634e089c025187552c2b7c0e023ad19af15588fb0f768c8c7f33f23c41f78f939a214aa1ffb68059a6b84e8fa03f260a395","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/Microsoft.Dism.dll","filename":"Microsoft.Dism.dll","modified":"2023-11-03T20:09:10Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":59392,"md5":"4a1fecccb25d0a97bdf7152d2f5768ef","sha1":"fe2da581ade12653bd05c3944097b849b0baa057","sha256":"3d5f97077dce927b2abe69ef5c48df6541710478f2f7d300f4506340c831b61f","sha512":"5cfe7e1353381ea05a15c8714d55cff1e2cdfbc45ab2dcd35b1654bc0f244fd6bbd0d251b174bf19850b76d09b12b46e9431dd6b137171cde475ad61f2200324","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/offlinereg.exe","filename":"offlinereg.exe","modified":"2017-11-29T20:39:16Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 8 sections","size":117760,"md5":"6dc5ad65078eb5229fbbd1f06f61cf0b","sha1":"e0f89640230db562d32099c4851e1ebb90dcfc98","sha256":"6ad78c3e6a07ec84bbe399f3be156edc3ee1da525bd87f7c0c716846708a111a","sha512":"a91f2dbf7b2435461805c3d756f5ac1eff27da8d84c9e3076e8cd1ac9ebcc9bbad77820d0eb3bfe3ea0de91d50fe69549baac9687ffa536d27522d8a775d57ec","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-24","alert":"Scan result 2/73","trigger":"6ad78c3e6a07ec84bbe399f3be156edc3ee1da525bd87f7c0c716846708a111a","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/6ad78c3e6a07ec84bbe399f3be156edc3ee1da525bd87f7c0c716846708a111a","meta":null}]}},{"path":"bin/offreg.dll","filename":"offreg.dll","modified":"2010-02-08T18:59:30Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections","size":56200,"md5":"163db46b803e4c83c444a026ff17d269","sha1":"0a2585db6a5c2f7f467fd85df622e9c0632b9b2e","sha256":"a8e3149c77c235818cbbf2686cecd66683e2d3864860074f0777c13b1140a9a2","sha512":"9a14ef16e30f8bf72a89fe3154e04d879d1ce8bbdcee4942dcdfb74da6e5584a19853b64ee4a36fb9af04e2e641f1e0ba04b2f5187e2ceeaf9085685e1d78c31","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/PSFExtractor.exe","filename":"PSFExtractor.exe","modified":"2021-09-16T03:13:07Z","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":12800,"md5":"cdc246981d3c7d79133ba55f2e8e5cd5","sha1":"c4d23fa8b9c2dc150982f53fe18aad0523a12d42","sha256":"69aa3d57c1fb049d728ee99bbf6fd341c659526ab7ebe20e631929ce6cfd36d7","sha512":"11ec829b781dba24c82e11eccc05967352270e6bb040a4d73ab2ca4e9dd7770a74459615e29ebeb4eff4c3040c692d56180611015eb6ac10e82032e0804ac855","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/SxSExpand.exe","filename":"SxSExpand.exe","modified":"2016-01-10T15:15:53Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 8 sections","size":87552,"md5":"ca13105c6b1a532b8aeec611ec6459ef","sha1":"9758ecb1797e4037da3a20d117119129b6c3454e","sha256":"9e889abd2d6068bc59aededc64a45d96e04c7ad5cb1d70f606f8ab0a96433b4a","sha512":"12eb55abfb3cd97286f8d47c9c561cde1efbb025f356bc3eaa7b4665a75ec48364b31e9aa9ff2e68dfbc06a0b56a49ae46550acc93f65afb83402322d592d2ac","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-02-28","alert":"Scan result 1/72","trigger":"9e889abd2d6068bc59aededc64a45d96e04c7ad5cb1d70f606f8ab0a96433b4a","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/9e889abd2d6068bc59aededc64a45d96e04c7ad5cb1d70f606f8ab0a96433b4a","meta":null}]}},{"path":"bin/wimlib-imagex.exe","filename":"wimlib-imagex.exe","modified":"2023-04-28T06:29:31Z","Modified":"","magic":"PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections","size":149518,"md5":"c0605496fa0a86bcc78dbe13bd7aa29c","sha1":"102df32a155a895a3a79f15b00b10c01e7862b6d","sha256":"01168a00ffc84ebfa1bd3b9c841214ed114b9ae4e9b23d555c0686448fd56bde","sha512":"9059a28326cc9f739fdec85d1e5397d40302992b2d75832a44e58b051dc31cd43f5ca5107240897f81b9546bf1161d6f0418908043b406459260588286a3f555","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-25","alert":"Qakbot New Campaign ISO","trigger":"bin/cdimage.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Malhuters","date":"2022-10-06","description":"Qakbot New Campaign ISO","malpedia_family":"win.qakbot","rule":"Qakbot_IsoCampaign","yarahub_license":"CC0 1.0","yarahub_reference_md5":"456373BC4955E0B6750E8791AB84F004","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cef91a6a-f270-4c35-87a4-98b6f78096db"}}]}}],"artifacts":{"windows_shortcuts":null,"files":[{"md5":"baa2ee10a78d5e9e588e055a333539ba","sha1":"6203d376c1e87d839e709b45c0cde9c5b833eea1","sha256":"f7276e80fea3c8a556dacac9501e4135bfefb39097d592d091e924eea2f5d131","sha512":"712c29429957e8d247ffb2943743780ffcbc34f1f3c8550ec0bae2193c42b921254f08163927520c5ed8cce12c0342d181a2c4d52b6cd983d4d35c17d6758ffe","magic":"7-zip archive data, version 0.4","size":1686920,"url":{"schema":"https","addr":"uupdump.net/misc/uup-converter-wimlib.7z","fqdn":"uupdump.net","domain":"uupdump.net","tld":"net"},"ip":{"addr":"172.67.140.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"archive":[{"path":"bin/APAP.txt","filename":"APAP.txt","modified":"2024-02-07T07:35:33Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1953,"md5":"8290f63c28641077804a56feb823dfba","sha1":"74a3eba72e627e4e9ffbe51037d011da9e033cc0","sha256":"387a55f033ada80608460e7bd1eb339522e056e79465b08254f393bddcd0e7ad","sha512":"101b74f6f3fff4baa2d93754ee7948043b05f9bade6e1fed08491f9668aaac70aa532c1e47b0d37adbe2d5fca41e94b22cb19c15245dca8d93119e14cf21ec2e","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bootmui.txt","filename":"bootmui.txt","modified":"2024-04-11T04:43:29Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":808,"md5":"a003f367d4f62cf15d4fdcb7edfe4d37","sha1":"1bbca1aa7ba698df90635e1732f74e6ad2e4b40f","sha256":"9ce5438d554b6faeba3757c072e28ef358f9268953958e4f625b072122823ae0","sha512":"64317b20a75ed78d97f7b05ca34fb759da076ba564349dc6f37ddd23b7af7af87e098baecb107c9b6f1ffbcd948ecb173d5f02081856e281efab41d9b86c9511","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bootwim.txt","filename":"bootwim.txt","modified":"2024-04-11T04:43:30Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":2277,"md5":"61eecc514db0594057cb77ac667aea99","sha1":"c2597db370a6f149609c3fe90c45cb45986d81e7","sha256":"0448e6181daef2b9d976d1f6e6f180a1978828294a90ed3d053d2475ccc86366","sha512":"c8cf9f13551feb81eabff790b4a82d083b741a970817ee1d8553df5a4f55c31ecdb03d4571be4b911ce792be781d6ff6514fb7e33b53356b89071b159544d92e","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/CompDB_App.txt","filename":"CompDB_App.txt","modified":"2023-09-27T12:23:29Z","Modified":"","magic":"ASCII text, with very long lines (306), with CRLF line terminators","size":3896,"md5":"01c712a8097b4adfa69836054bcfec20","sha1":"53fcbd82771a4f4309388d9af850c33bbeff6164","sha256":"07e82f737a2de3b7b5baa1991bc1f1a9718e4956f26d73ae0522fe24ce25a0e1","sha512":"e79670213bd07c46b609224427f6ed0d1551d0e73c203a9086cfacc44b7d119a1ea277f500b6f9f5e421142034ac944370e9989dd54f36aacae84e96fe2460d2","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/PSFExtractor.exe.config","filename":"PSFExtractor.exe.config","modified":"2021-07-07T03:31:46Z","Modified":"","magic":"XML 1.0 document, ASCII text, with CRLF line terminators","size":186,"md5":"ef32e2b99b3ac0aaa4a1ade65a87bead","sha1":"704308b0c3349f9c9c104e4b0c85d065f011826e","sha256":"bc13330a191ac2d72c75c35f6cb430dde1f91da1da1860fb617125b6dbf844f2","sha512":"2425bf847331acdfb4962d276da412af5f5349b55b77ed765433589e1a28294bc1ef539c11ae3a7b7be9499d3344fcfe9bbdc0fd402f24b08747a19e5e4a0558","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/psfx.txt","filename":"psfx.txt","modified":"2024-10-07T04:53:29Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":4808,"md5":"deb1aa95db4872d8f9654519ab268d65","sha1":"f748c0b680a71d2984720f37d242c46027a13bdf","sha256":"a39534e553d29705a3f20beec65f4776df51ccfb4b1475ee27ade4bab1f674ed","sha512":"9b8c98d14b49321a65ea3b84522aa95527d75dd2aa515b82a4770a50b5b8ed422dd6686c3a53a6b17093f1da2b6472ca0b8fb1e1e8cef88bbadcd7b7c2cdbed2","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/tiTkn.txt","filename":"tiTkn.txt","modified":"2024-10-07T04:53:29Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":1232,"md5":"8b22c9f8809c4c6caa00ba96e5b615a0","sha1":"bb2a539e1b73eb26a79750d97c36139376f90646","sha256":"926d0325a2299a8f2631efcfe4b293556fa9b8111e06491546b8efb44409748e","sha512":"ee31a6e5d0393403b1c8cf7145e2f9d7ac586ec52f936cfd9a53bf10dd0bf915b11be370302714c715426bf2d0b0924fc09f36bf89810ba011cdde12aa7d1e5a","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/Updates.bat","filename":"Updates.bat","modified":"2022-03-05T05:33:28Z","Modified":"","magic":"DOS batch file, ASCII text, with CRLF line terminators","size":1251,"md5":"964be95db8fc4b0cc11bba08f07da0d2","sha1":"8d654e1a61f790eff9b707b697854e8bbfeb0299","sha256":"68cfee5caee25321e0190815b4abdd8e208fdfbdb4dac1dfc3168fab480604a5","sha512":"92991b2ecf98de0df2dc0efcc0b8756daa8d128b822f67e04b0f37058dc20a94db9c5772759c083b49149934649c6141bbf6bdb1d7248df3b809d97864a65f9e","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/veData.cmd","filename":"veData.cmd","modified":"2024-04-22T03:49:07Z","Modified":"","magic":"ASCII text, with very long lines (2568), with CRLF line terminators","size":56091,"md5":"9272fe6dccfcb4c25bc0c7f8e614df2b","sha1":"95ee9061521edfd230a9a62a2b9369e00d4d245e","sha256":"50cefa0fe9743bd18a2867e5765d5114d290aef19b8dd2d25bfc3b21ed228efc","sha512":"dbfde9e32391f3eb802804b85111205610c740f887465e56ccb8f8e19a4ad8e33e3409f1222d654ea2ab5d1ca824f5bc4bd4a263053c9c2f81ffd460e3c81966","alerts":{"urlquery":null,"analyzer":null}},{"path":"convert-UUP.cmd","filename":"convert-UUP.cmd","modified":"2025-03-25T13:19:16Z","Modified":"","magic":"exported SGML document, ASCII text, with CRLF line terminators","size":215568,"md5":"6b723193f9b6562d2c88d9210ef0a0da","sha1":"a0dd015634a7c09c65209ce0f89f7a3db6bc35b2","sha256":"90335e2460dfd573af355993c02d582de6e4c76cfbbff805c147837c8a89d4cd","sha512":"d61d701232fd61453a55c0a8e0d43877c526bb8361b01a87529eb1052c5928b9736e829edbd24116a58e359d3e43ba30c62f9a645ba65eb723e7627207b31be8","alerts":{"urlquery":null,"analyzer":null}},{"path":"ConvertConfig.ini","filename":"ConvertConfig.ini","modified":"2024-10-08T09:28:29Z","Modified":"","magic":"Generic INItialization configuration [Store_Apps]","size":636,"md5":"f4898d72d7658a1033c8784787504a70","sha1":"1f06247cfc2fcaf34797258db98736c429f000cd","sha256":"ef22d58a612c78145f0248495a311f9e502b73629611ef63ff2044ec40289fd9","sha512":"0a3df2af87a662bc199a7959ad13e7ec06d017501ae9c5ec25246a036dd155b121dbeb35c375533364803f4ce35e53af6c486b32875d34b3a059083db041b5d3","alerts":{"urlquery":null,"analyzer":null}},{"path":"create_virtual_editions.cmd","filename":"create_virtual_editions.cmd","modified":"2024-09-09T11:16:51Z","Modified":"","magic":"exported SGML document, ASCII text, with CRLF line terminators","size":55499,"md5":"e6bb7ce03143be8e57c9de78b3f5dde2","sha1":"b022431b5428bf6bf0db5d35cf5fac082e0cc8a4","sha256":"3df88c5843aff0f726910a55479c8456f9e9a1cd90eebbfbf5c721bf541f7cfb","sha512":"1ccf3cdb5c62e122569b80479acac00b1960e914fb02afec9ee630667fbcabdf81441043606b43e72ffcc7baad4f447649657e0cffa10cf1a58aad1de4f562b8","alerts":{"urlquery":null,"analyzer":null}},{"path":"CustomAppsList.txt","filename":"CustomAppsList.txt","modified":"2024-09-09T01:20:21Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":3542,"md5":"9f223cbd12372e4fdcb863b6d9d1d407","sha1":"a4c12c591a82165c72a3432f3ada910516c99690","sha256":"e59c6dae95ebe816b1bcf4018599e0597b62ee6d4fd7f81708359aae43073ffc","sha512":"0651bf821785e47b07f1227df8adfe6e13c0dfd6078f040c02cc442f3839c58295a37b97b38fc0b6aad4f06f443586ed557236aa648cf3becc4bf92a59a5d9dc","alerts":{"urlquery":null,"analyzer":null}},{"path":"multi_arch_iso.cmd","filename":"multi_arch_iso.cmd","modified":"2024-09-11T20:05:06Z","Modified":"","magic":"exported SGML document, ASCII text, with CRLF line terminators","size":38154,"md5":"3978a26b0fb93c67ccb10cb90c51ac8d","sha1":"eee4f9726dce62e89b3622315545a5d59b6d0424","sha256":"a789c9581b09b6619eaf0c4ae3046571d11fe038beec1dc47770346523baa553","sha512":"931d7ba3729f5f5ec6d6e4b0ae9a78e0538c4644b8a57f17c881c2f7c0dc371a280a17440fe7ba52cd43f4e00fceab343fba319b696c0ffaf971da3b9f380ca6","alerts":{"urlquery":null,"analyzer":null}},{"path":"ReadMe.html","filename":"ReadMe.html","modified":"2025-02-10T11:23:02Z","Modified":"","magic":"HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":36241,"md5":"0fb89cfbf88e285bf29b1d1259719efb","sha1":"0765ca7d61eaf007fa4628b08f6af64e3fbf5574","sha256":"1f0617e4279c681e7fec5b803621e1778ac47ebaf62d4804ad4d9a56dc8c149a","sha512":"15736188a0206233f18a2249a9e4051df4dd696bb60af257443573b0cf1b940d58dfefdfe38cda6d941160646a2d76cfe8a772f7df536589cf2bfcf61ad96682","alerts":{"urlquery":null,"analyzer":null}},{"path":"Remove_Failure_MountDir_TempDir.cmd","filename":"Remove_Failure_MountDir_TempDir.cmd","modified":"2023-08-14T15:06:34Z","Modified":"","magic":"ASCII text, with CRLF line terminators","size":3807,"md5":"91bd5b3d939aeb8beb083f425d8bcc9d","sha1":"9beda4ca08e8a724e667c6690f9fed3ecab438a0","sha256":"2f8a3de9691665ef239e65cf68fb6e7e317de8844ee132e2fbb77ceb2d70889b","sha512":"ab530e1ce91f90101e1f8802f859f299aba7a76c9e7294df908523bcbf6375925df91e5d3f67e2d49cc39aeae5e0fe08df4c6f031a50e0148641dad707c71b79","alerts":{"urlquery":null,"analyzer":null}},{"path":"UUPs/.README","filename":".README","modified":"2016-12-21T00:57:01Z","Modified":"","magic":"Unicode text, UTF-8 (with BOM) text, with CRLF line terminators","size":134,"md5":"c013ca3a8da389fbdecb49c6b0a5e913","sha1":"84a9534cfcc9040e9aaaf3cb809e29aae9cc87ae","sha256":"bc42527deae7f8d2e5645015cd1a6c11153da791777d6ccbe9ef71b3ae86b244","sha512":"e70c8d331000425fc740e02436cf23d7a39762bccb3c35dd45a1c235a83115670d86bc72db31230eb373c28836be681f27e72c14b74ccfe0b9615d080069d12b","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/7z.dll","filename":"7z.dll","modified":"2021-12-26T14:00:00Z","Modified":"","magic":"PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections","size":1167872,"md5":"0dce103b0102adec3279797665b7a4ae","sha1":"c121392bab6dba8d04bee89c6b526e8e67650cc8","sha256":"3db62076e5fcc897ff29da47fe4029900a4ad696b395b6fa96acff1229444c1d","sha512":"20f0f02097694579ac8794d56411fbe2d97c47d37794cb52afdabc9956c0452e8a3bb273ed34e463f31927e29e7e41c0fddb82fbbe688dd39c4113c00ec91bc9","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/7z.exe","filename":"7z.exe","modified":"2021-12-26T14:00:00Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 6 sections","size":331776,"md5":"7187ae605f4dce14bb23ea2623956335","sha1":"f7c1df33b875c98f41dcde24117d89d42d25b7ce","sha256":"9e2631c19b243c28b0980607ced2540e9447b1166572483475547c1a9dd4ac0e","sha512":"f64522e2fb6bb61884fe53c34e79b355efb9ec33c02b2cd67d729af7d763e7b3873a5c7ce6ac7bb4567e6bcf8c70cadbc66f511e8bb151ab05096a832032bc8f","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/APAP.exe","filename":"APAP.exe","modified":"2024-02-07T07:53:14Z","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":4096,"md5":"0ae0b18480a3aae780ed7ca6b44b073c","sha1":"3a84ad69e0691ebe24d3e5e82dd1366af416d227","sha256":"980e83767e783fc7a528d4b08379b753546d0a5bbd5c833f8b6e7991e3ad2d4a","sha512":"dc07bac28247f6bade1c399c094c1207c02aaba187b95e3c707e1ec01ae79f514462031b0f303081728792c927e3a385b2774883ceb7775dc4470279833f6b03","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-23","alert":"Scan result 2/73","trigger":"980e83767e783fc7a528d4b08379b753546d0a5bbd5c833f8b6e7991e3ad2d4a","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/980e83767e783fc7a528d4b08379b753546d0a5bbd5c833f8b6e7991e3ad2d4a","meta":null}]}},{"path":"bin/bcdedit.exe","filename":"bcdedit.exe","modified":"2015-07-09T19:30:48Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 6 sections","size":378560,"md5":"e48eee77a8a6390b89781ccd1d7bccc5","sha1":"b978202fc8574d9380f74a1c5b59fa290782079a","sha256":"8ab894fc1acdc83d3c54a3bb6ef65f2d8d06ac8015ee39ab52872eb0dd0dd826","sha512":"5a71b7f550c26196133ae78914f93d1ac4be7962e89ea86d298cb0481e9a522f28393fd43d1d8717927b8a783dc3704d6e9f83964295c6e878765a41dba92e8c","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bfi.exe","filename":"bfi.exe","modified":"2002-11-01T11:50:09Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections","size":92672,"md5":"edbdd5893d753fa68865ec3ad7dfe06d","sha1":"8d3a30e823f5d0c5e3fbca135bb04891475219de","sha256":"8f26a3f1a1f6f9ac0c279b7df56c41c79e4f23aaefd7da6e6ded16d091d4ad81","sha512":"0c0e88f1f5100a2f67ee947b86081d1c30507eb018c1484e12b9255f6578aa9e0b59d6e5dbbef8a8e34d9e36e90666d97d44e3f3cc29dbf0f8bb3bc7584e0756","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-23","alert":"Scan result 2/73","trigger":"8f26a3f1a1f6f9ac0c279b7df56c41c79e4f23aaefd7da6e6ded16d091d4ad81","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/8f26a3f1a1f6f9ac0c279b7df56c41c79e4f23aaefd7da6e6ded16d091d4ad81","meta":null}]}},{"path":"bin/bin64/libwim-15.dll","filename":"libwim-15.dll","modified":"2023-04-28T06:29:41Z","Modified":"","magic":"PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections","size":482830,"md5":"e00fa5e9967055c31a62410fa4a758a2","sha1":"334b69f34bb6eb3c4dcd4a3a5ff570642b672ef6","sha256":"b8f1f4a0a74bf2b009dcfa8854fd9146cd061ad39b78da24abbed5d9396759f0","sha512":"1f0db54b043da9749bda9902b71d9755d6b425856874a00f4005bc0d1ec09c99bd4d84321944ac20f04a0708afaf38f2b67256c06892828781655c7c92052458","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/bin64/wimlib-imagex.exe","filename":"wimlib-imagex.exe","modified":"2023-04-28T06:29:41Z","Modified":"","magic":"PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections","size":139278,"md5":"c297992a7e8a207508fe30c71bf2691c","sha1":"bdbf4936b0450cbaeb679f79bcbd1e719e13f813","sha256":"a2fabc32d5c405c013e29d5b5f553067aeed6896098945e490726269f415d1a2","sha512":"9662eee3563be1b9da683353b6b57091f96bce339d8732f1b9031867ac1ec5dbbc939f8adf297afd5c786347eecb5f801766a0f52edafb5e5c47803b87b58299","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/cabarc.exe","filename":"cabarc.exe","modified":"2013-10-14T16:12:38Z","Modified":"","magic":"PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections","size":81376,"md5":"a02a8702c6c539bd8648ccbb1869a604","sha1":"c16da959c5aa9f29346e22fb07802cfa8f7b453f","sha256":"cceaa59cb4e67f993b099c5e2693eb15231de3863e29da14ff130f24b66ff260","sha512":"6b871519e6d190d7703aed7e58d11b0bd69b731a44f90be0869efe00d256da982601b69d01721f8002c99d4cb5d36913b171306a79bb62bd4a5f9655f78ec3d3","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/cdimage.exe","filename":"cdimage.exe","modified":"2018-09-14T18:26:12Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":125456,"md5":"faaca366b14a036ff0fdd52654cb0798","sha1":"012971416995138fbd79a6f250b4e554808eb7ee","sha256":"14f31062294cd2e287343097435c5275e16e38a405c23af1a2384180fad075f4","sha512":"f8cc4374dcb9268fed6b0c744a4b992cd4ce0a56651b9bc60157e167c6560c5090eca6dfa65ab801e368192670144f2a475fc3d57d676d1d12ffc7fb72a78a7c","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-25","alert":"Qakbot New Campaign ISO","trigger":"bin/cdimage.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Malhuters","date":"2022-10-06","description":"Qakbot New Campaign ISO","malpedia_family":"win.qakbot","rule":"Qakbot_IsoCampaign","yarahub_license":"CC0 1.0","yarahub_reference_md5":"456373BC4955E0B6750E8791AB84F004","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cef91a6a-f270-4c35-87a4-98b6f78096db"}}]}},{"path":"bin/imagex.exe","filename":"imagex.exe","modified":"2017-03-17T23:30:22Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 5 sections","size":648512,"md5":"a452fd6f47c7f603c2c2034dacc8cac4","sha1":"81beb20db768bc42d5e7df7d77a02d792d5ef92e","sha256":"4edb6afb13477de51459096cc3f7d2a497f053fecf05cc3c360451fede667848","sha512":"0b4b211df29fe208a2d3f44c4c065cd840f991ae02a48bcecd0d886e7e52df51bd4c707f0f927f5955fe36f40a0eb9f751240f143e5f165be33f0b6e9ecde3e7","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/libwim-15.dll","filename":"libwim-15.dll","modified":"2023-04-28T06:29:31Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 10 sections","size":525838,"md5":"cb5fce32bb4559e6c078f68257b8cf03","sha1":"c6181dd756007700322d5fb519f0697dd56a671f","sha256":"e1b005c0f1391b30357e64885a08a09a2d41de93b38acaa25ed7a355f74f56b4","sha512":"a175be59ea81bfe2ad9d4590861e6634e089c025187552c2b7c0e023ad19af15588fb0f768c8c7f33f23c41f78f939a214aa1ffb68059a6b84e8fa03f260a395","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/Microsoft.Dism.dll","filename":"Microsoft.Dism.dll","modified":"2023-11-03T20:09:10Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":59392,"md5":"4a1fecccb25d0a97bdf7152d2f5768ef","sha1":"fe2da581ade12653bd05c3944097b849b0baa057","sha256":"3d5f97077dce927b2abe69ef5c48df6541710478f2f7d300f4506340c831b61f","sha512":"5cfe7e1353381ea05a15c8714d55cff1e2cdfbc45ab2dcd35b1654bc0f244fd6bbd0d251b174bf19850b76d09b12b46e9431dd6b137171cde475ad61f2200324","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/offlinereg.exe","filename":"offlinereg.exe","modified":"2017-11-29T20:39:16Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 8 sections","size":117760,"md5":"6dc5ad65078eb5229fbbd1f06f61cf0b","sha1":"e0f89640230db562d32099c4851e1ebb90dcfc98","sha256":"6ad78c3e6a07ec84bbe399f3be156edc3ee1da525bd87f7c0c716846708a111a","sha512":"a91f2dbf7b2435461805c3d756f5ac1eff27da8d84c9e3076e8cd1ac9ebcc9bbad77820d0eb3bfe3ea0de91d50fe69549baac9687ffa536d27522d8a775d57ec","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-03-24","alert":"Scan result 2/73","trigger":"6ad78c3e6a07ec84bbe399f3be156edc3ee1da525bd87f7c0c716846708a111a","verdict":"suspicious","severity":"","comment":"suspicious - 2/73","link":"https://www.virustotal.com/gui/file/6ad78c3e6a07ec84bbe399f3be156edc3ee1da525bd87f7c0c716846708a111a","meta":null}]}},{"path":"bin/offreg.dll","filename":"offreg.dll","modified":"2010-02-08T18:59:30Z","Modified":"","magic":"PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections","size":56200,"md5":"163db46b803e4c83c444a026ff17d269","sha1":"0a2585db6a5c2f7f467fd85df622e9c0632b9b2e","sha256":"a8e3149c77c235818cbbf2686cecd66683e2d3864860074f0777c13b1140a9a2","sha512":"9a14ef16e30f8bf72a89fe3154e04d879d1ce8bbdcee4942dcdfb74da6e5584a19853b64ee4a36fb9af04e2e641f1e0ba04b2f5187e2ceeaf9085685e1d78c31","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/PSFExtractor.exe","filename":"PSFExtractor.exe","modified":"2021-09-16T03:13:07Z","Modified":"","magic":"PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections","size":12800,"md5":"cdc246981d3c7d79133ba55f2e8e5cd5","sha1":"c4d23fa8b9c2dc150982f53fe18aad0523a12d42","sha256":"69aa3d57c1fb049d728ee99bbf6fd341c659526ab7ebe20e631929ce6cfd36d7","sha512":"11ec829b781dba24c82e11eccc05967352270e6bb040a4d73ab2ca4e9dd7770a74459615e29ebeb4eff4c3040c692d56180611015eb6ac10e82032e0804ac855","alerts":{"urlquery":null,"analyzer":null}},{"path":"bin/SxSExpand.exe","filename":"SxSExpand.exe","modified":"2016-01-10T15:15:53Z","Modified":"","magic":"PE32 executable (console) Intel 80386, for MS Windows, 8 sections","size":87552,"md5":"ca13105c6b1a532b8aeec611ec6459ef","sha1":"9758ecb1797e4037da3a20d117119129b6c3454e","sha256":"9e889abd2d6068bc59aededc64a45d96e04c7ad5cb1d70f606f8ab0a96433b4a","sha512":"12eb55abfb3cd97286f8d47c9c561cde1efbb025f356bc3eaa7b4665a75ec48364b31e9aa9ff2e68dfbc06a0b56a49ae46550acc93f65afb83402322d592d2ac","alerts":{"urlquery":null,"analyzer":[{"sensor_name":"virustotal","sensor_type":"file","title":"","description":"VirusTotal","scan_date":"2025-02-28","alert":"Scan result 1/72","trigger":"9e889abd2d6068bc59aededc64a45d96e04c7ad5cb1d70f606f8ab0a96433b4a","verdict":"suspicious","severity":"","comment":"suspicious - 1/72","link":"https://www.virustotal.com/gui/file/9e889abd2d6068bc59aededc64a45d96e04c7ad5cb1d70f606f8ab0a96433b4a","meta":null}]}},{"path":"bin/wimlib-imagex.exe","filename":"wimlib-imagex.exe","modified":"2023-04-28T06:29:31Z","Modified":"","magic":"PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections","size":149518,"md5":"c0605496fa0a86bcc78dbe13bd7aa29c","sha1":"102df32a155a895a3a79f15b00b10c01e7862b6d","sha256":"01168a00ffc84ebfa1bd3b9c841214ed114b9ae4e9b23d555c0686448fd56bde","sha512":"9059a28326cc9f739fdec85d1e5397d40302992b2d75832a44e58b051dc31cd43f5ca5107240897f81b9546bf1161d6f0418908043b406459260588286a3f555","alerts":{"urlquery":null,"analyzer":null}}],"alerts":{"urlquery":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"","description":"YARAhub by abuse.ch","scan_date":"2025-03-25","alert":"Qakbot New Campaign ISO","trigger":"bin/cdimage.exe","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"Malhuters","date":"2022-10-06","description":"Qakbot New Campaign ISO","malpedia_family":"win.qakbot","rule":"Qakbot_IsoCampaign","yarahub_license":"CC0 1.0","yarahub_reference_md5":"456373BC4955E0B6750E8791AB84F004","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"cef91a6a-f270-4c35-87a4-98b6f78096db"}}]}}],"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"uupdump.net/misc/uup-converter-wimlib.7z","fqdn":"uupdump.net","domain":"uupdump.net","tld":"net"},"ip":{"addr":"172.67.140.132","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-25T17:20:26.783Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"uupdump.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 06 Mar 2025 17:07:23 GMT","end":"Wed, 04 Jun 2025 18:04:28 GMT"},"fingerprint":{"sha1":"5B:A0:0F:70:C1:B4:07:A9:08:EA:AB:80:2F:79:51:41:A9:B5:13:15","sha256":"FF:D7:47:4B:97:E6:E6:13:C8:42:A9:4E:DD:BB:07:B6:9E:03:35:7D:17:01:13:99:6D:17:4C:81:53:AF:47:B2"}}},"request":{"raw":"GET /misc/uup-converter-wimlib.7z HTTP/1.1\r\nHost: uupdump.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":418,"data":"error=0.206%3Aauth%3A%3A0.000%3Aec.auth%3Bed.1%3Bes.This_helps_protect_our_community._Learn_more%3Ba6s.0%3Br.Sign_in_to_confirm_you_re_not_a_botsr.This_helps_protect_our_community._Learn_more\u0026session_token=QUFFLUhqbTBCUDE3a21sNm1hUEpwc1ctVUttellLZGh6d3xBQ3Jtc0tuMUdIQjdSdjZPMkRudDVhV0hLSGJHcDBLT2dKSms1THNrWFA0VGJ1ajlqWXB5RHI5Yl9BM3I3dnBKVkVKSndPdzVnUGpGaW9wY29OZk9hU1J3TzMxZGNIQjBjcFZrQlpGN3ZaSHQ0SHVZZ0J5bGQ2UQ%3D%3D"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Tue, 25 Mar 2025 17:20:26 GMT\r\ncontent-type: application/x-7z-compressed\r\ncontent-length: 1686920\r\netag: \"67e2afda-19bd88\"\r\nlast-modified: Tue, 25 Mar 2025 13:30:02 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nage: 949\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=9dtWCfo7cHQX4DwHy2mzopWX7KRjNQd%2B%2FNCQ0qGgv6XZ4SLrj5l1ujAgA6q%2B2GyDlScV8nFlb76ZgqyNGd%2BnGJqXAsw%2BsyB9GdKWWn%2BKYE6H9dSabUCTQ8kmIq2tfg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 926014384f36727c-HAM\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=48899\u0026min_rtt=47201\u0026rtt_var=12509\u0026sent=6\u0026recv=9\u0026lost=0\u0026retrans=0\u0026sent_bytes=3176\u0026recv_bytes=1111\u0026delivery_rate=82978\u0026cwnd=252\u0026unsent_bytes=0\u0026cid=3bf9541841df4a4b\u0026ts=96\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1686920,"size_decoded":0,"mime_type":"application/x-7z-compressed","magic":"7-zip archive data, version 0.4","md5":"baa2ee10a78d5e9e588e055a333539ba","sha1":"6203d376c1e87d839e709b45c0cde9c5b833eea1","sha256":"f7276e80fea3c8a556dacac9501e4135bfefb39097d592d091e924eea2f5d131","sha512":"712c29429957e8d247ffb2943743780ffcbc34f1f3c8550ec0bae2193c42b921254f08163927520c5ed8cce12c0342d181a2c4d52b6cd983d4d35c17d6758ffe","ssdeep":"24576:9bPgfLA68JYab59bFdpoIinU2DAPjii+4bFklZs/MUYD3zBqd8OqFW5t6NBQ/0cA:9bIfEj3qI8REmybFkly/MUczBqt5t5k","tlshash":"4875338564220f0f752dafbd576a2435d8eb483dda1817de24a2503a4932bf12f5ecbc","first_seen":"2025-03-25T17:21:01.123373Z","last_seen":"2025-05-01T06:39:19.762085Z","times_seen":6,"resource_available":false,"data":null}},"time_used":916,"timings":{"blocked":139,"dns":13,"connect":47,"send":0,"wait":73,"receive":565,"ssl":76},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}