Report - uupdump.net/misc/uup-converter-wimlib.7z

Report Overview

Submitted URL
uupdump.net/misc/uup-converter-wimlib.7z
IP
172.67.140.132
ASN
#13335 CLOUDFLARENET
Submitted
2024-05-05 08:52:26
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
uupdump.net	117905	2021-01-09	2021-01-09	2024-04-17	494 B	1.7 MB	104.21.49.32

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
uupdump.net/misc/uup-converter-wimlib.7z
IP
104.21.49.32
ASN
#13335 CLOUDFLARENET

File type
7-zip archive data, version 0.4
Size
1.7 MB (1682320 bytes)
Hash
7929613e5c67498e73d7c58a7f0cfec1
70b343f95e33280564a545c43663c256a59e78c8
628e1acbbff4b9efd9ab865eacc7f8eaca4e0be34b02c3c4ea60abbb1c92d488

Archive (32)

Filename

Md5

File type

APAP.txt

8290f63c28641077804a56feb823dfba

ASCII text, with CRLF line terminators

bootmui.txt

a003f367d4f62cf15d4fdcb7edfe4d37

ASCII text, with CRLF line terminators

bootwim.txt

61eecc514db0594057cb77ac667aea99

ASCII text, with CRLF line terminators

CompDB_App.txt

01c712a8097b4adfa69836054bcfec20

ASCII text, with very long lines (306), with CRLF line terminators

PSFExtractor.exe.config

ef32e2b99b3ac0aaa4a1ade65a87bead

XML 1.0 document, ASCII text, with CRLF line terminators

Updates.bat

964be95db8fc4b0cc11bba08f07da0d2

DOS batch file, ASCII text, with CRLF line terminators

veData.cmd

9272fe6dccfcb4c25bc0c7f8e614df2b

ASCII text, with very long lines (2568), with CRLF line terminators

convert-UUP.cmd

04d266d104ddc00782a7dc7b2e977023

exported SGML document, ASCII text, with CRLF line terminators

ConvertConfig.ini

0eb7a7ca33e91028c12d1932789286f3

Generic INItialization configuration [Store_Apps]

create_virtual_editions.cmd

689a7358043fdfaf21e6d75d45b8319b

exported SGML document, ASCII text, with CRLF line terminators

CustomAppsList.txt

9dd104816e0c4a691097fd21c8252ec4

ASCII text, with CRLF line terminators

multi_arch_iso.cmd

3dc9743215c518e2a47d516919b012dc

exported SGML document, ASCII text, with CRLF line terminators

ReadMe.html

e7cdaa3865bb32c4321bfc86943edf2e

HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

Remove_Failure_MountDir_TempDir.cmd

91bd5b3d939aeb8beb083f425d8bcc9d

ASCII text, with CRLF line terminators

.README

c013ca3a8da389fbdecb49c6b0a5e913

Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

7z.dll

0dce103b0102adec3279797665b7a4ae

PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, 6 sections

7z.exe

7187ae605f4dce14bb23ea2623956335

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

APAP.exe

0ae0b18480a3aae780ed7ca6b44b073c

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

bcdedit.exe

e48eee77a8a6390b89781ccd1d7bccc5

PE32 executable (console) Intel 80386, for MS Windows, 6 sections

bfi.exe

edbdd5893d753fa68865ec3ad7dfe06d

PE32 executable (console) Intel 80386, for MS Windows, UPX compressed, 3 sections

libwim-15.dll

e00fa5e9967055c31a62410fa4a758a2

PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows, 12 sections

wimlib-imagex.exe

c297992a7e8a207508fe30c71bf2691c

PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows, 11 sections

cabarc.exe

a02a8702c6c539bd8648ccbb1869a604

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections

cdimage.exe

faaca366b14a036ff0fdd52654cb0798

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

imagex.exe

a452fd6f47c7f603c2c2034dacc8cac4

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

libwim-15.dll

cb5fce32bb4559e6c078f68257b8cf03

PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows, 10 sections

Microsoft.Dism.dll

4a1fecccb25d0a97bdf7152d2f5768ef

PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

offlinereg.exe

6dc5ad65078eb5229fbbd1f06f61cf0b

PE32 executable (console) Intel 80386, for MS Windows, 8 sections

offreg.dll

163db46b803e4c83c444a026ff17d269

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 5 sections

PSFExtractor.exe

cdc246981d3c7d79133ba55f2e8e5cd5

PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

SxSExpand.exe

ca13105c6b1a532b8aeec611ec6459ef

PE32 executable (console) Intel 80386, for MS Windows, 8 sections

wimlib-imagex.exe

c0605496fa0a86bcc78dbe13bd7aa29c

PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows, 9 sections

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	Qakbot New Campaign ISO

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	uupdump.net/misc/uup-converter-wimlib.7z	104.21.49.32	200 OK	1.7 MB
URL User Request GET HTTP/2 uupdump.net/misc/uup-converter-wimlib.7z IP 104.21.49.32:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjectuupdump.net Fingerprint98:51:63:84:E1:AF:4D:51:5B:AC:3C:4C:16:67:23:4A:B3:CC:68:13 ValiditySun, 17 Mar 2024 17:39:35 GMT - Sat, 15 Jun 2024 17:39:34 GMT File type 7-zip archive data, version 0.4 Size 1.7 MB (1682320 bytes) Hash 7929613e5c67498e73d7c58a7f0cfec1 70b343f95e33280564a545c43663c256a59e78c8 628e1acbbff4b9efd9ab865eacc7f8eaca4e0be34b02c3c4ea60abbb1c92d488 HTTP Headers `GET /misc/uup-converter-wimlib.7z HTTP/1.1 Host: uupdump.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sun, 05 May 2024 08:51:59 GMT content-type: application/x-7z-compressed content-length: 1682320 last-modified: Sat, 04 May 2024 18:00:04 GMT etag: "663677a4-19ab90" strict-transport-security: max-age=63072000 cache-control: max-age=14400 cf-cache-status: HIT age: 3409 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jISFPEd5U9YPeGXP76eKhxqfX0V%2Fw5v5mIPgciH3NtcAtThV62HD6tPDkb%2FBG8xjwHBP1Ljaqf0LKIgZcOolX1nY05VbX09pD1pFG2NsZZ1JayWANp9oL211dQjBLA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 87ef7de88aedb4f4-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

uupdump.net/misc/uup-converter-wimlib.7z

104.21.49.32

200 OK

1.7 MB

URL User Request GET HTTP/2
uupdump.net/misc/uup-converter-wimlib.7z
IP
104.21.49.32:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectuupdump.net
Fingerprint98:51:63:84:E1:AF:4D:51:5B:AC:3C:4C:16:67:23:4A:B3:CC:68:13
ValiditySun, 17 Mar 2024 17:39:35 GMT - Sat, 15 Jun 2024 17:39:34 GMT

File type
7-zip archive data, version 0.4
Size
1.7 MB (1682320 bytes)
Hash
7929613e5c67498e73d7c58a7f0cfec1
70b343f95e33280564a545c43663c256a59e78c8
628e1acbbff4b9efd9ab865eacc7f8eaca4e0be34b02c3c4ea60abbb1c92d488

HTTP Headers

GET /misc/uup-converter-wimlib.7z HTTP/1.1
Host: uupdump.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 05 May 2024 08:51:59 GMT
content-type: application/x-7z-compressed
content-length: 1682320
last-modified: Sat, 04 May 2024 18:00:04 GMT
etag: "663677a4-19ab90"
strict-transport-security: max-age=63072000
cache-control: max-age=14400
cf-cache-status: HIT
age: 3409
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jISFPEd5U9YPeGXP76eKhxqfX0V%2Fw5v5mIPgciH3NtcAtThV62HD6tPDkb%2FBG8xjwHBP1Ljaqf0LKIgZcOolX1nY05VbX09pD1pFG2NsZZ1JayWANp9oL211dQjBLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ef7de88aedb4f4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (32)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers