Edit tour

Windows Analysis Report
BIGIPEdgeClient 2024.exe

Overview

General Information

Sample name:BIGIPEdgeClient 2024.exe
Analysis ID:1654034
MD5:f5ddc35484fadc74b8b577278c85ba10
SHA1:0db38695a6e070a2b2eb75a89482a9460a1d63c3
SHA256:6552659af321c91350cdb76dbf30219ed16bea081c7fb43e308fb137da1f541f
Infos:

Detection

Score:56
Range:0 - 100
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Drops executables to the windows directory (C:\Windows) and starts them
Possible COM Object hijacking
Sample is not signed and drops a device driver
Adds / modifies Windows certificates
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious Msiexec Execute Arbitrary DLL
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • BIGIPEdgeClient 2024.exe (PID: 7016 cmdline: "C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe" MD5: F5DDC35484FADC74B8B577278C85BA10)
  • svchost.exe (PID: 7056 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msiexec.exe (PID: 6304 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6616 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3555B9D485EA83A0FDEA8171A39D06B8 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 2960 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 310CDDAF466B936AED0765534A1690B1 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • F5Win32CheckHelper.exe (PID: 6132 cmdline: "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver MD5: 8C0A7C17B8F454D43BDCDCC2DA1F8F1D)
      • f5vpn.exe (PID: 5696 cmdline: "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer MD5: A8FADC9A889949AA2FEFE3291887A5C3)
      • F5ElHelper.exe (PID: 5072 cmdline: "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer MD5: 3E9C46E3A9020CD0015F6B16F74B46F8)
    • msiexec.exe (PID: 2752 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding EC09CA06B5A28F19EDBCFDBCBB7AABBA E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • F5ElHelper.exe (PID: 404 cmdline: "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer MD5: 3E9C46E3A9020CD0015F6B16F74B46F8)
      • f5vpn.exe (PID: 6152 cmdline: "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer MD5: A8FADC9A889949AA2FEFE3291887A5C3)
      • F5Win32CheckHelper.exe (PID: 6772 cmdline: "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /regserver MD5: 8C0A7C17B8F454D43BDCDCC2DA1F8F1D)
      • ursetvpn.exe (PID: 456 cmdline: "C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetvpn.exe" /q MD5: F9D1E6428A59AC5E7B68862D20B52C72)
        • urset64.exe (PID: 6228 cmdline: urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
        • urset64.exe (PID: 4532 cmdline: urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
        • urset64.exe (PID: 1468 cmdline: urset64.exe InstallAdapter 0x60048 C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
    • msiexec.exe (PID: 2424 cmdline: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll" MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 2072 cmdline: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • svchost.exe (PID: 6128 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 5632 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 6624 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6868 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 4796 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 5108 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 6932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
No yara matches
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 23.39.37.29, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 2752, Protocol: tcp, SourceIp: 192.168.2.18, SourceIsIpv6: false, SourcePort: 49704
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll", CommandLine: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll", CommandLine|base64offset|contains: , Image: C:\Windows\System32\msiexec.exe, NewProcessName: C:\Windows\System32\msiexec.exe, OriginalFileName: C:\Windows\System32\msiexec.exe, ParentCommandLine: C:\Windows\system32\msiexec.exe /V, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 6304, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll", ProcessId: 2424, ProcessName: msiexec.exe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7056, ProcessName: svchost.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION f5fpclientW.exe
Source: BIGIPEdgeClient 2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\readme.txt
Source: BIGIPEdgeClient 2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: C:\Windows\System32\msiexec.exeFile opened: z:
Source: C:\Windows\System32\msiexec.exeFile opened: x:
Source: C:\Windows\System32\msiexec.exeFile opened: v:
Source: C:\Windows\System32\msiexec.exeFile opened: t:
Source: C:\Windows\System32\msiexec.exeFile opened: r:
Source: C:\Windows\System32\msiexec.exeFile opened: p:
Source: C:\Windows\System32\msiexec.exeFile opened: n:
Source: C:\Windows\System32\msiexec.exeFile opened: l:
Source: C:\Windows\System32\msiexec.exeFile opened: j:
Source: C:\Windows\System32\msiexec.exeFile opened: h:
Source: C:\Windows\System32\msiexec.exeFile opened: f:
Source: C:\Windows\System32\svchost.exeFile opened: d:
Source: C:\Windows\System32\msiexec.exeFile opened: b:
Source: C:\Windows\System32\msiexec.exeFile opened: y:
Source: C:\Windows\System32\msiexec.exeFile opened: w:
Source: C:\Windows\System32\msiexec.exeFile opened: u:
Source: C:\Windows\System32\msiexec.exeFile opened: s:
Source: C:\Windows\System32\msiexec.exeFile opened: q:
Source: C:\Windows\System32\msiexec.exeFile opened: o:
Source: C:\Windows\System32\msiexec.exeFile opened: m:
Source: C:\Windows\System32\msiexec.exeFile opened: k:
Source: C:\Windows\System32\msiexec.exeFile opened: i:
Source: C:\Windows\System32\msiexec.exeFile opened: g:
Source: C:\Windows\System32\msiexec.exeFile opened: e:
Source: C:\Windows\System32\svchost.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: ocsp.entrust.net
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: ocsp.entrust.net
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEGW4HADKtspZvoBq8nstnNM%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: ocsp.entrust.net
Source: global trafficHTTP traffic detected: GET /evcs2.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: crl.entrust.net
Source: global trafficDNS traffic detected: DNS query: ocsp.entrust.net
Source: global trafficDNS traffic detected: DNS query: crl.entrust.net
Source: global trafficDNS traffic detected: DNS query: portal.azure.com
Source: global trafficDNS traffic detected: DNS query: f20770a9f85a7260d7dbad27e5d4dba6.clo.footprintdns.com
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltDrv.sys
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\4b5314.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5631.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5845.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5A3A.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5netprov64.dll
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5CredMgrSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5FltSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5InspectorService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5InstallerService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineCertService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelInfo.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5TrafficSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI617F.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI626A.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI676C.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6B94.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI73E2.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI756A.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7701.tmp
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_1C71A55BE4D771E763612A0A7E2744CE
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_1C71A55BE4D771E763612A0A7E2744CE
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper64.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhostres.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F599B66E34645915D6CE3B9990A2673F
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F599B66E34645915D6CE3B9990A2673F
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.inf
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5vpn.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5LogViewer.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urSuperHost.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxshost.inf
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\scew_uls.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialerres.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialer.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxvpn.inf
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI5631.tmp
Source: BIGIPEdgeClient 2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal56.evad.winEXE@38/111@4/40
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\F5 VPN
Source: C:\Windows\SysWOW64\msiexec.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6932:120:WilError_03
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeMutant created: \Sessions\1\BaseNamedObjects\F5_Networks_Log_File_Mutex_12288
Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\F5_Networks_Log_File_Mutex_16384
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeMutant created: \Sessions\1\BaseNamedObjects\Global\F5_VPN__MSISETUP_{9F05164C-C169-4BFA-B1AC-79CD53651349}
Source: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exeMutant created: \Sessions\1\BaseNamedObjects\08fbfb56-5137-47e6-8dc4-f9dd19d0577c
Source: C:\Windows\Downloaded Program Files\F5ElHelper.exeMutant created: \Sessions\1\BaseNamedObjects\e3e66f19-f7a5-44f5-b826-37c04e3700f3
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7
Source: BIGIPEdgeClient 2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\CustomDialer.ini
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile read: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
Source: unknownProcess created: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe "C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3555B9D485EA83A0FDEA8171A39D06B8 C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 310CDDAF466B936AED0765534A1690B1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding EC09CA06B5A28F19EDBCFDBCBB7AABBA E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetvpn.exe
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urset64.exe urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urset64.exe urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urset64.exe urset64.exe InstallAdapter 0x60048 C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3555B9D485EA83A0FDEA8171A39D06B8 C
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 310CDDAF466B936AED0765534A1690B1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding EC09CA06B5A28F19EDBCFDBCBB7AABBA E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetvpn.exe
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msisip.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cryptnet.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: webio.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cabinet.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: srpapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: tsappcmp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wkscli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msihnd.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: pcacli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: jscript.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: occache.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: traffic.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wmiclnt.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: occache.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: occache.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{317D06E8-5F24-433D-BDF7-79CE68D8ABC2}\InProcServer32
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile written: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\CustomDialer.ini
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: BIGIPEdgeClient 2024.exeStatic file information: File size 32294824 > 1048576
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: BIGIPEdgeClient 2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: BIGIPEdgeClient 2024.exeStatic PE information: section name: .didat

Persistence and Installation Behavior

barindex
Source: C:\Windows\SysWOW64\msiexec.exeExecutable created and started: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeExecutable created and started: C:\Windows\Downloaded Program Files\F5ElHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeExecutable created and started: C:\Windows\Downloaded Program Files\f5vpn.exe
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltDrv.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltDrv.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltDrv.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpndrv.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnx64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnw2k.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltarm64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnarm64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urset64.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5netprov.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\scew_uls.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltDrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5TrafficSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialerARM64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5vpn.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpndrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5InstallerService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProvARM64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5netprov64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpapi.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnx64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltDrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5TrafficSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\MSIAF7D.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltwlh.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\setup2000.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpclientW.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\F5Win32CheckHelper.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnwlh.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1451551554011321261\urSuperHost.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5MachineCertService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5netprovARM64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetvpn.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\F5Win32CheckHelper.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltarm64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\scew_uls.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpc.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnv64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetarm64.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnw2k.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\setupdrvdll.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5InspectorService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7701.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialer.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1451551554011321261\f5LogViewer.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnarm64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5DialSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredMgrSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltDrv.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnwlh.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelInfo.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urxdialerres.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_6220292165147188111246\F5ElHelper.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhostres.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5LogonUI.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialer.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\scew_uls.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5vpn.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhostres.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7701.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\readme.txt
Source: C:\Windows\System32\msiexec.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F5MachineTunnelService
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run F5_SAM_Client
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run F5_SAM_Client
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5netprov.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\scew_uls.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltDrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5TrafficSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialerARM64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpndrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProvARM64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5InstallerService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpapi.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5netprov64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnx64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltDrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5TrafficSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIAF7D.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltwlh.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\setup2000.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpclientW.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\F5Win32CheckHelper.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Downloaded Program Files\F5ElHelper64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnwlh.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1451551554011321261\urSuperHost.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5MachineCertService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5netprovARM64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\urfltarm64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpc.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnv64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\ursetarm64.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\covpnw2k.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\setupdrvdll.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5InspectorService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI7701.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Downloaded Program Files\urxdialer.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1451551554011321261\f5LogViewer.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnarm64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5DialSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredMgrSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltDrv.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1159146214241963367\2017\covpnwlh.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelInfo.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Downloaded Program Files\urxhost.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_6220292165147188111246\F5ElHelper.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5LogonUI.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe TID: 6276Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7140Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\msiexec.exe TID: 6076Thread sleep time: -90000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 Blob
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
1
Replication Through Removable Media
1
Windows Management Instrumentation
1
Component Object Model Hijacking
1
Component Object Model Hijacking
121
Masquerading
OS Credential Dumping1
Query Registry
Remote ServicesData from Local System1
Ingress Tool Transfer
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job2
Windows Service
2
Windows Service
3
Virtualization/Sandbox Evasion
LSASS Memory3
Security Software Discovery
Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Scripting
11
Process Injection
11
Disable or Modify Tools
Security Account Manager3
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Modify Registry
NTDS1
Process Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
DLL Side-Loading
1
DLL Side-Loading
11
Process Injection
LSA Secrets11
Peripheral Device Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials2
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion
DCSync23
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
BIGIPEdgeClient 2024.exe0%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredMgrSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredMgrSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProv64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProvARM64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CredProvARM64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialer64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialerARM64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5CustomDialerARM64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5DialSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5DialSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltDrv.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltDrv.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5FltSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5InstallerService.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5InstallerService.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5LogonUI.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5LogonUI.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelInfo.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelInfo.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelService.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5MachineTunnelService.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5TrafficSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\F5TrafficSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltDrv.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltDrv.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5FltSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5TrafficSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\amd64\F5TrafficSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltDrv.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltDrv.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\arm64\F5FltSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5InspectorService.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5InspectorService.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5MachineCertService.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5MachineCertService.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpapi.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPeff1435b39ae14f7\F5 VPN\f5fpapi.dll0%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D0%Avira URL Cloudsafe
http://crl.entrust.net/evcs2.crl0%Avira URL Cloudsafe
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEGW4HADKtspZvoBq8nstnNM%3D0%Avira URL Cloudsafe
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
a1516.d.akamai.net
23.206.121.62
truefalse
    unknown
    spo-9999.spo-msedge.net
    13.107.136.254
    truefalse
      high
      s-part-0021.p-0010.p-msedge.net
      150.171.84.21
      truefalse
        unknown
        e6913.dscx.akamaiedge.net
        23.39.37.29
        truefalse
          unknown
          f20770a9f85a7260d7dbad27e5d4dba6.clo.footprintdns.com
          unknown
          unknownfalse
            unknown
            portal.azure.com
            unknown
            unknownfalse
              high
              ocsp.entrust.net
              unknown
              unknownfalse
                unknown
                crl.entrust.net
                unknown
                unknownfalse
                  unknown
                  NameMaliciousAntivirus DetectionReputation
                  http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3Dfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEGW4HADKtspZvoBq8nstnNM%3Dfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3Dfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://crl.entrust.net/evcs2.crlfalse
                  • Avira URL Cloud: safe
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  23.210.73.5
                  unknownUnited States
                  20940AKAMAI-ASN1EUfalse
                  184.31.69.3
                  unknownUnited States
                  20940AKAMAI-ASN1EUfalse
                  23.39.37.29
                  e6913.dscx.akamaiedge.netUnited States
                  16625AKAMAI-ASUSfalse
                  23.206.121.62
                  a1516.d.akamai.netUnited States
                  33490COMCAST-33490USfalse
                  IP
                  127.0.0.1
                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1654034
                  Start date and time:2025-04-01 21:22:59 +02:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:30
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Sample name:BIGIPEdgeClient 2024.exe
                  Detection:MAL
                  Classification:mal56.evad.winEXE@38/111@4/40
                  Cookbook Comments:
                  • Found application associated with file extension: .exe
                  • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe
                  • Excluded IPs from analysis (whitelisted): 23.210.73.5, 23.210.73.6, 184.31.69.3, 172.202.163.200, 184.86.251.28
                  • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • Report size getting too big, too many NtSetInformationFile calls found.
                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • Timeout during stream target processing, analysis might miss dynamic analysis data
                  • VT rate limit hit for: a1516.d.akamai.net
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):663022
                  Entropy (8bit):6.6241912364882625
                  Encrypted:false
                  SSDEEP:
                  MD5:6ED27D90AF0CB8A27C31CBB534B01349
                  SHA1:FA859B8F962AE44926F14C95B0F72D382C57C040
                  SHA-256:8EB05F0AF88A622267CED4B3E12FF0451FA6FF690D2F46270931E7BBE84314AE
                  SHA-512:6E1EDF13E78DC1D626396F60BAE4DAAFD766FC2A31AE233CBB2EEA61B81C85A56A7D5C7513BCE9A237736246FDD5D6846F3F4657D5009E54048D433C49360900
                  Malicious:false
                  Reputation:unknown
                  Preview:...@IXOS.@.....@.{.Z.@.....@.....@.....@.....@.....@......&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..BIG-IP Edge Client..f5fpclients.msi.@.....@...H.@.....@......icon.ico..&.{F2489D24-E7C7-4BD8-9D9B-933153C62330}.....@.....@.....@.....@.......@.....@.....@.......@......BIG-IP Edge Client......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{C8364D8B-2E12-443E-A5B9-57B31D020598}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{E3878270-33D5-4DC7-B7F4-84CC2D6AB810}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{8C1382BF-B240-4F12-9E9F-B694205CD979}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{73483232-DFAA-4530-8DB2-CF46F76D4052}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{8A28F97F-917B-4B91-9F36-72E6537DE5DD}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{319124F7-54E1-427D-A4A2-0BEBB9475BBA}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{540ADBDD-7947-407B-AD66-FDB8BEDA9B
                  Process:C:\Windows\System32\svchost.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):1310720
                  Entropy (8bit):0.3266745996089371
                  Encrypted:false
                  SSDEEP:
                  MD5:26434C0E41F3937FBAEE2345D1660F42
                  SHA1:2CBC32B8FA9843AB89BAEF751F2ED819B1861821
                  SHA-256:1A2E5D01F31A7C495BB725EBF8EAB589B705A1AC0669FD0DC05E988ED6048AD6
                  SHA-512:F029716813F1535521545E068AD16B4F12E7E28C147EE6EE5AD6BD14A8B68DFF74F6211A1522532F701A71B65F715665612C73F8DB8F6A7422D2A4022C877ACB
                  Malicious:false
                  Reputation:unknown
                  Preview:=...........@..@"....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..................................-L......#.........`h.................h...............X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                  Process:C:\Windows\System32\svchost.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):16384
                  Entropy (8bit):0.0790276921132646
                  Encrypted:false
                  SSDEEP:
                  MD5:10367D120C3CB06A28F0C17A9469A390
                  SHA1:126C7342E272AA7D4EB5CB4FE558C80C31980E21
                  SHA-256:583098D74539F1C06A45B563E9D0032AB1CBE3EA1162BF58EBBAFBCCE8894BE8
                  SHA-512:A326DEE8C0C5FF345D91EB49FA90A7BD8134631EB1B936161346F1CF22ECACB3FB0D75980B39B25FB404248DFE051BD6B818029B38C2352AAC2CAED55ADD6462
                  Malicious:false
                  Reputation:unknown
                  Preview:.........................................;...{.......}.......{...............{.......{..:..O.....{.H................y........}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):330
                  Entropy (8bit):3.569123101988449
                  Encrypted:false
                  SSDEEP:
                  MD5:5EC6A3A2C277CE8A77776902E7FAFABB
                  SHA1:4B9026E8051E4122D124E3C98D68CDE054BF6D81
                  SHA-256:DCEE22B5095A4BEA8B1A160044A300AF25DDDE9205E568C5773812442E582D74
                  SHA-512:34A6BD29E99C3FB8525E5E94381149E75415634841B51D4625CAD46BE0B815E0C10E0C6ECBE9B2B1B3060F6E1D4A696B5B95B83B5B630DCBC743A0B3FA166CCD
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ...........;...(................................................,c4C... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Generic INItialization configuration [SRCEI VPN]
                  Category:dropped
                  Size (bytes):1563
                  Entropy (8bit):5.195509425022107
                  Encrypted:false
                  SSDEEP:
                  MD5:041A111B8E7DFA0BE0F59F4FDF86765A
                  SHA1:5E1EFE994E0CFFA3C252C51F6D07E07990B97FFD
                  SHA-256:4C5660389EA617541191C2FEBEC22738894E77E802C3057A3F4FA509FE4095C4
                  SHA-512:C095B21CB7F2FD31DEE2A4C6D58E40635C07E0E38DA6F7EF7DC734EB352A234EE06AC4CF90AEBBFDBDF1C17743EC09AF92226492EFB43331ADA26959E336ECAC
                  Malicious:false
                  Reputation:unknown
                  Preview:[__Entry__]..Name=SRCEI VPN....[SRCEI VPN]..Encoding=1..Type=1..AutoLogon=0..UseRasCredentials=1..DialParamsUID=..Guid=179A8CD5AAC779E81D0BD9A281D98D1D..BaseProtocol=1..VpnStrategy=0..ExcludedProtocols=3..LcpExtensions=1..DataEncryption=8..SwCompression=1..NegotiateMultilinkAlways=0..SkipNwcWarning=1..SkipDownLevelDialog=1..SkipDoubleDialDialog=1..DialMode=1..DialPercent=75..DialSeconds=120..HangUpPercent=10..HangUpSeconds=120..OverridePref=15..RedialAttempts=3..RedialSeconds=60..IdleDisconnectSeconds=0..RedialOnLinkFailure=0..CallbackMode=0..CustomDialDll=..CustomDialFunc=..CustomRasDialDll=..AuthenticateServer=0..ShareMsFilePrint=1..BindMsNetClient=1..SharedPhoneNumbers=1..GlobalDeviceSettings=0..PrerequisiteEntry=..PrerequisitePbk=..PreferredPort=..PreferredDevice=..PreferredBps=0..PreferredHwFlow=0..PreferredProtocol=0..PreferredCompression=0..PreferredSpeaker=0..PreferredMdmProtocol=0..PreviewUserPw=1..PreviewDomain=1..PreviewPhoneNumber=1..ShowDialingProgress=1..ShowMonitorIconIn
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):326032
                  Entropy (8bit):6.4063988115370485
                  Encrypted:false
                  SSDEEP:
                  MD5:F9A07C0A471BB2630FC5D2C7A30E58AF
                  SHA1:B680A4D6AD4A3D4E3A234FA7B29ACCC8DBE650FE
                  SHA-256:9FE88F23F76F3E6B3A1C2F6D179383AB674E142342769A93E318ABC0B92ADD07
                  SHA-512:23CD5B10DD34EF1978D40CFBE2C7CB04A23C7CAC6DCA3829DE20AD3C71682547E99B85E04FBBA0D3DC71653399F5BFD4EAE2EC9376B5201184CCB23482C2A75F
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0.0.0.$...:.$.....$...".\...#.\...".\.....$...!.0.0...8..H.1.0. .1...1.Rich0.................PE..L....Z.d.................:...................P....@..................................K....@.................................`}..x........................-......p<...:..p...................@;.......:..@............P..T............................text....9.......:.................. ..`.rdata..B;...P...<...>..............@..@.data...|............z..............@....rsrc...............................@..@.reloc..p<.......>..................@..B................................................................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):278928
                  Entropy (8bit):6.6332271790116595
                  Encrypted:false
                  SSDEEP:
                  MD5:E8D6595097142F5827B37AD1A929DB73
                  SHA1:6A6C10C38915A6FE2581FF4CFC55B359D4261A95
                  SHA-256:644AE70347BF92C38BD17AFF652E9DD78FF2E0137023F274F7178B2704C84FBA
                  SHA-512:313962989AF2A56FE9436BDA72DE70C235BAA5B874530CBE874C0464E880C2896DC8BA09D58F5F7EFAD98209949893DBCD0038752F7D3F49D94E9101D6106398
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&..tb.'b.'b.'v..&n.'v..&..'...&r.'...&q.'...&D.'v..&v.'v..&{.'b.'..'...&o.'...&c.'..E'c.'b.-'c.'...&c.'Richb.'........PE..L....^.d...........!.................Z.......................................P.......L....@A............................p... ............ ...............-... ...,.....p...........................8...@...............,............................text...z........................... ..`.rdata..B...........................@..@.data...d...........................@....rsrc.... ......."..................@..@.reloc...,... ......................@..B................................................................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):339344
                  Entropy (8bit):6.398259775788912
                  Encrypted:false
                  SSDEEP:
                  MD5:008A6E4D7544EC515D4C21B80389C8B8
                  SHA1:F178998E2C1155A026C189C301E799C18752B251
                  SHA-256:AC68375229F02CF50350397B0FA5755F3FCD3D338AA1B68F028137FBB2B8FC0D
                  SHA-512:CDDD1F37402209B132B083AFBE63E30DD3726A938C38B8667461ED8A090C2D6AB16667B851130AECB50244699F6477C9DCC1C84EA49C12755465333B3DBD7814
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..Y............................d.......d.......d.../..........................................e....................Rich............PE..d....^.d.........." .....~...........y.......................................`............`A........................................P...p............ ... ......d#.......-...P.......H..p....................J..(...0I..8...............p............................text...<}.......~.................. ..`.rdata..n...........................@..@.data.... ..........................@....pdata..d#.......$..................@..@_RDATA..............................@..@.rsrc.... ... ..."..................@..@.reloc.......P......................@..B................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):350608
                  Entropy (8bit):6.310052847827286
                  Encrypted:false
                  SSDEEP:
                  MD5:B38D17EBB14F307E38FF2D4CBB39391C
                  SHA1:B41539C9D5B6D8A9A4D0D3CC483E4BB133C4FFE2
                  SHA-256:837CD81F20964F52FCB7EF760DD9636F70067304021FF84CCD6A7CAC3A6679B0
                  SHA-512:6714D6BDBB402419F22D73C986267E33D2372A28D05CAA055D6965C792AE03C5492962654050E89F5BC84E121FAC3B930BDF60A73EFAE7AD30FDE87FA924548A
                  Malicious:false
                  Antivirus:
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.0V..cV..cV..cBy.bT..cBy.b...c:f.bF..c:f.b_..c:f.bs..cBy.bY..cBy.bO..cV..c...c.f.b[..c.f.bW..c.fCcW..cV.+cW..c.f.bW..cRichV..c........PE..d....^.d.........." .........................................................p............`A........................................P...t............0... ...........,...-...`..h....l..T....................n..(...pl..8...............`............................text...|........................... ..`.rdata...(.......*..................@..@.data...............................@....pdata..............................@..@.rsrc.... ...0..."..................@..@.reloc..h....`.......$..............@..B........................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):308624
                  Entropy (8bit):6.395067495963149
                  Encrypted:false
                  SSDEEP:
                  MD5:ADB04D900DB585AAD045EC50526B6890
                  SHA1:76FBD34E08A55D76381FF47F5D350C432BE0C2ED
                  SHA-256:40E71854D5435C7999A83D8FDD188FF9B2D481C0B280FCC53B507BC49EE2C34F
                  SHA-512:56D133C630EAC08229A898D858492522FBB56E771BC973BF347E6499E9AFC4619E3327EB6765BBC38E0BEA1C0DD349643E6B60FF304C68F8937B2924A57CA3E2
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.%...v...v...v.l.w...v.l.wH..v.s.w...v.s.w...v.s.w...v.l.w...v.l.w...v...v'..v.s.w...v.s.w...v.s*v...v.s.w...vRich...v................PE..L....^.d...........!.................^..............................................Kk....@A.........................z.......{..........x................-.......#...i..p...................@j......pi..@............................................text............................... ..`.rdata..,...........................@..@.data...............................@....rsrc...x...........................@..@.reloc...#.......$...d..............@..B................................................................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):338320
                  Entropy (8bit):6.16514275858668
                  Encrypted:false
                  SSDEEP:
                  MD5:B4B3A46D9291A062C8643722CD194C34
                  SHA1:DED2D051CE50A85E21C740474DFBF0179FC4742E
                  SHA-256:02FCF673804D8186C54304C8EA7C87817A6858358C2CD01764D6BA071EDFB2DE
                  SHA-512:F6E6D697470C205776140447ABFEB0FF0B9D961169F6CECFF305590E0796A308C009E8A5E7F334C203565A04331C8BA1B2020DE40CE6E834408B5AB25D894D12
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q;...U...U...U..{V...U..{P.I.U..dP...U..dQ...U..dV...U..{Q...U..{T...U...T.(.U..d\...U..dU...U..d....U..dW...U.Rich..U.........................PE..d....^.d.........." .................@.......................................p.......a....`A............................................................(....@..<!.......-...`......`...p.......................(......8...............h............................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..<!...@..."..................@..@_RDATA.......p....... ..............@..@.rsrc...(............"..............@..@.reloc.......`......................@..B........................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):327568
                  Entropy (8bit):6.099110509324885
                  Encrypted:false
                  SSDEEP:
                  MD5:3EF678DF80099E78B9859780FFB76F78
                  SHA1:54E21933FCEF303CAF280AA7D3ED71FB239F8676
                  SHA-256:509B01AD13B0B21181FEB7221C8006C3CB04D6BFB5B2BDE15DDB059B32B7D3CF
                  SHA-512:71868BD99956827E796442DA362A8ADFE52E0418FFFE1F123A3B4A80DFB7D522F2E94351DD91F709E7FC9CF9A8CC4A4A03DFDA8D1236311A3E94E51D1F306FC3
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ap../#../#../#..,"../#..*"../#..*"../#..+"../#..,"../#..+"../#..."../#...#o./#J.&"../#J./"../#J..#../#J.-"../#Rich../#................PE..d....^.d.........." ................`P....................................... .......p....`A........................................P.......\........0..(................-..............T.......................(...p...8............ ..h............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...(....0......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):3141008
                  Entropy (8bit):6.853037239086006
                  Encrypted:false
                  SSDEEP:
                  MD5:BC969F1D821935BCCD6EBF509705B8E9
                  SHA1:36C9AC7869B9948E05FBCDCED1A2D78B9E9C52BF
                  SHA-256:EC741E5B8BAAB91FB30D1AAE855079C8BAE6BF3FD40CF15F1057B0AE5D600FB5
                  SHA-512:BC00B31907655B741DAF8565C4A0CD0317F32222E4C281FB8CB4797CC898C3353DC1B4464F90F68D3103042B8B3208C30EF9C82848DC1FEBE28B9FD77F3162B8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........,.X.Mk..Mk..Mk..-h..Mk..-n..Mk..-o..Mk..Mk..Mk.,.o..Ok...h..Mk...n..Mk...o..Mk.^.n..Mk..-m..Mk.,.j..Mk..-j..Mk..Mj..Lk.,.b..Mk.)....Mk.,.i..Mk.Rich.Mk.........................PE..L....^.d.................."..0......P........."...@..........................@0......_0...@.................................`.,.h.....-..R............/..-...P........+.p...................|.+..... .+.@.............".H............................text....."......."................. ..`.rdata..t1...."..2....".............@..@.data....... -..z....-.............@....tls..........-......~-.............@....rsrc....R....-..T....-.............@..@.reloc.......P........-.............@..B................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):46432
                  Entropy (8bit):6.84055318092562
                  Encrypted:false
                  SSDEEP:
                  MD5:C5C798582BCE0CEDE113102A0FFE098E
                  SHA1:BB5C782050F96E3FF25F433D405E6B2AE36D5EB4
                  SHA-256:ACC6408C5D90B4C208507FC0291557189D937FC5BD63EEDF3DD8498F546CDC0C
                  SHA-512:A8B9DEDBCAB1F0CCE2B246F4FBA5E831F8BD9B18EA91D482AB977C34930E01C70756A3F3ACDCBC54C2C16AF49D9E7EA273627AA3CCFD4B67DEF20C87B9131B45
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.@.6l..6l..6l....(.1l..6l/.zl..../.1l....-.2l....+.2l....*.9l...2*.>l...2..7l...2,.7l..Rich6l..................PE..L....`.Z.................^..................P....@.................................YY....@.....................................P....................v..`?...........T..8............................U..@............P..<............................text....:.......<.................. ..h.rdata.......P.......@..............@..H.data...T....`.......H..............@...PAGE.........p.......J.............. ..`INIT.................b.............. ..b.rsrc................l..............@..B.reloc...............r..............@..B........................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):661392
                  Entropy (8bit):6.403800444384193
                  Encrypted:false
                  SSDEEP:
                  MD5:6C43416F64E447471792896E5117AA97
                  SHA1:E4038B30CD6CA3877A5AF49E110E0DDC0BCD9627
                  SHA-256:33D7E1E40B8BE3779E10CE6B417C605BA5004AF649116E80944089D8C16F997A
                  SHA-512:103B3EFA44C16DE3F0445110ABCBC080750B12C7B7D53F58AC5EE6849A27912B696F2C853477D63E4681AE15E750CD8FBA7E8D811C088A92CF18F2B2C0DAEBDF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.................................................................................Rich............................PE..L....a.d............................`_............@......................................@.................................._.......P...................-...`...o......T...........................H...@............................................text............................... ..`.rdata..............................@..@.data........p.......^..............@....tls.........@.......n..............@....rsrc........P.......p..............@..@.reloc...o...`...p...z..............@..B........................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):594320
                  Entropy (8bit):6.588263490398597
                  Encrypted:false
                  SSDEEP:
                  MD5:D7E961A9B532F5C1046EF3E63224E448
                  SHA1:DB352FEAF613DE516C7649C178B8734950D355DF
                  SHA-256:C83A6FE8226B24A658E5604C06D4DC031B074196D1334F438DBE595D51EBADB4
                  SHA-512:62A3B2106906EF1FE60AF30C9EB98AB11BA3D403E0C7C1087A5AD07F4CF622ED5E1A8850161BD746CBBB3FF96253A8F8A9E6B918AD5FA9ECAB885D4DFE495C92
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.J.Y.J.Y.J.Y.h.Z.G.Y.h.\...Y.q.Z.^.Y.q.].X.Y.q.\.a.Y.h._.H.Y.h.].Y.Y.h.X.].Y.J.X.f.Y..\.I.Y....K.Y..[.K.Y.RichJ.Y.........................PE..L...TT.d.................T...................p....@..........................0............@..................................!..........8................-......P.......T...................4..........@............p...............................text....S.......T.................. ..`.rdata..F....p.......X..............@..@.data....5...@...*..."..............@....tls.................L..............@....rsrc...8............N..............@..@.reloc..P............X..............@..B................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):207248
                  Entropy (8bit):6.623266892379698
                  Encrypted:false
                  SSDEEP:
                  MD5:51EAF40E43EC9489EE0C16151F24D264
                  SHA1:F4311CAA445B2502778946F9E90543BEB754C85A
                  SHA-256:66E18EBBBBDB19D48239F51C5B49A6C3F8E0A71BCC6CD92790B22AED824646F8
                  SHA-512:25CAEB99AD1385882D7C97B5B8496451B29ACAB6343D2138EA4FB0AB2C9B155E2188337F43738C79D20ABBC8855A72A33ADE53FCDC305F9D8B2B239BBA4FB718
                  Malicious:false
                  Antivirus:
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  • Antivirus: ReversingLabs, Detection: 0%
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...`...`...`...a...`...a4..`...a...`...a...`...a...`...a...`...a...`...a...`...`\..`1..a...`4..`...`1..a...`Rich...`................PE..L....^.d.....................................0....@..........................P............@.................................d...........x................-... ..|#..`...p...................,..........@............0.. ............................text............................... ..`.rdata.......0......................@..@.data...............................@....tls................................@....rsrc...x...........................@..@.reloc..|#... ...$..................@..B........................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):776592
                  Entropy (8bit):6.513833956797653
                  Encrypted:false
                  SSDEEP:
                  MD5:F39C8DF6B4F99368B7246CF56D013605
                  SHA1:DE02F001D4652029946982F7253919450DE6BDE4
                  SHA-256:BFE2D75E338851BB2521272CBC0CA00B221F8AB057A16916C4BCA2D3EBAB78D3
                  SHA-512:BC49C7E8CCF4ABF015716405BF6CBA7AB38A20631DAC133429CE67E710E49E90EC63E5592536FC99FD31BF7305247DC7181677FD0CDC8D33072A0EC21E2969C6
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.S.%...%...%...E...%...E...%...E...%...{...%..3{...%...{...%...{...%...E...%...%..S%..3{...%..6{E..%..3{...%..Rich.%..................PE..L...df.d.................R...j...............p....@.................................g,....@..........................................`...................-...p..,...`...p...................,...........@............p.. ............................text....P.......R.................. ..`.rdata...q...p...r...V..............@..@.data...PV.......D..................@....tls.........P......................@....rsrc........`......................@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):5659536
                  Entropy (8bit):6.672080831369846
                  Encrypted:false
                  SSDEEP:
                  MD5:350E0F5133C0F8ED3DF49890E0A544E5
                  SHA1:FEB3EC2B885B6FA58FA9971ACC105F1B6F45B84F
                  SHA-256:A138868A8B52E27345F3A7205597A9ADA6859216D1FE1B74E08E1F41BED18285
                  SHA-512:8ECF422E106C98BD40A48D004263F4B2C529B5F705418AB08D7064259EEEDC21B88FDFD0293637C275784EB3AABC0543B22A8C4AB13D94534C1F7D5C5284BC75
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$............~...~...~......I~..a ...~..h.$..~... ...~..O/}..~... ..~... ...~...'...~.......~.......~.......~...~..(~..a ...|.......~...~...|..a ...~..d ...~...~t..~..a ...~..Rich.~..........................PE..L....f.d..................>..$......`97.......>...@...........................D.......V...@.................................T.Q.|.....?...............V..-....@.4.....M.T...................T M.......M.@.............>..............................text.....>.......>................. ..`.rdata...l....>..n....>.............@..@.data........0Q......"Q.............@....tls..........?.......R.............@....rsrc.........?.......R.............@..@.reloc..4.....@.......R.............@..B........................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):259472
                  Entropy (8bit):6.592021102815433
                  Encrypted:false
                  SSDEEP:
                  MD5:4994AC0DB31AFE77C07EC580A3D1574B
                  SHA1:5BD9484FABD2DD3C91D3200B0A18DABE3C34B656
                  SHA-256:24B1A3E731221C5F3A8EACD7C62599C8E7678261BB576F4E9A09A6ECAC0B59CA
                  SHA-512:F56BCC9018572D11DBB3E3C3E90B6B42F5033A64BAC9A1A6CE3D0E798772868884C459557A885BD28E1F2B7FDD1CFA7C5A5D0A2CFE069504128EB37744BE9C98
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............^...^...^.._...^.._...^..._...^..._...^..._...^.._...^.._...^...^c..^..._...^..i^...^...^...^..._...^Rich...^........................PE..L...^a.d.............................n............@.......................... .......j....@.................................$...........x................-......x1...S..T...................TT.......S..@............................................text...:........................... ..`.rdata..............................@..@.data...$............~..............@....tls................................@....rsrc...x...........................@..@.reloc..x1.......2..................@..B................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 2099915 bytes, 7 files, at 0x44 +A "InstallerControl.dll" +A "f5instd.exe", flags 0x4, number 1, extra bytes 20 in head, 172 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):2111603
                  Entropy (8bit):7.99982528246657
                  Encrypted:true
                  SSDEEP:
                  MD5:85DC799A2312183C854145CFC6B02446
                  SHA1:20AFF101BB53732040C40E2A64F1D0A7A07EDCE9
                  SHA-256:E525E1963D6CD20F2E0BE2A23A836772AA980DD583460D26DA9F45606F59F32C
                  SHA-512:F72F829CC397C209D161A06C9DA30A2225C9C6A7B8EA955E2443AC2204F5FCD8C70D6D1C72AB2889FB9F58166E70F51C101F52EFD1DC04091E1CB477818B55B7
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF...... .....D............................. ..-.............................V.. .InstallerControl.dll............V.. .f5instd.exe..{.. ......VV. .F5InstH.exe..q.........V]. .F5InstP.dll.....@......V.. .uregsvr.exe..!9..s.....V.. .f5unistall.exe.....`.U....V.. .InstallerControl.inf...$.2..[...T.@..."R`4..o...nt.\.W.++).J....ti.Z{.v......s7.J........x=.c..0....\...6pa......l.V.%+E6.e#2.W............O....w.>.s...9.V....ewn...Z......-.b.6....>...$D.*.....$.Z...P...nG.Z....{.B......H....`....={...w..ww.y.9..23Yd.r.LfS........]..6j......!."|.`B........?..C...4.?._....../.E.<P\A.......'..v.f...%....[b?...~"..M.=..7.o...%?.}./.(=.^.W..>.:g...R.'z..-+W.........>]f..G.x..../N.~.Z....|..^.j.....J_oo.Ks.?[..v{...<....S.-.7...\..^*.j..;.....).s.hw..n...Y.PT.X.....x....*..DD....2..[...\t......eH'.m......_m...VM..3....as.?tY_..hai......B..}..>D_.`N>..z>.[.)i.....WFJ.......%.I.w.W.)..1........%.?..i.Ko..x.E.J.O../....S..7.e ......vD...e.m8.."..z.;gLz..zU.......
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 8373253 bytes, 10 files, at 0x44 +A "f5OesisInspectorCom.dll" +A "f5OesisInspectorCom4.dll", flags 0x4, number 1, extra bytes 20 in head, 470 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):8384941
                  Entropy (8bit):7.999958387169331
                  Encrypted:true
                  SSDEEP:
                  MD5:3C3FCDD44F469395975BE592482A28B9
                  SHA1:5ED00297D258E095A507EC582F0DDA14DDC06738
                  SHA-256:2D73F4FF8CCC728FD7A51C05734BFC89229399C79036BA33723707DF0F00CF2E
                  SHA-512:495FA6639A345E17B15BE105DED98C374DFB68F771F24F892AF488088B0D1266D5F133CEC17078DD6E4580CDD8087791D3BD04809EBB14FE126CABC653BE822C
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF............D................................-.............................V.# .f5OesisInspectorCom.dll..Q.........V.$ .f5OesisInspectorCom4.dll..... ......V.$ .OesisInspector.inf.p..........V.+ .libwaapi.dll.p>..D.%....V.+ .libwaheap.dll.p\....&....V.+ .libwalocal.dll.p.9.$"?....VX9 .libwaresource.dll.p.%.."x....V.+ .libwautils.dll.p."........V.+ .wa_3rd_party_host_32.exe.p.*.t).....V.+ .wa_3rd_party_host_64.exe..{..Z3..[...A...."3P4..]....m..+W..1`.F...@..O........M..P{5(.S.78z>..6..T...F...T..3..l ....4..ys...\..d..F......U.V..H.w....o.w.3s>p..R..s'..>..*.......Tm...HF...v...ZR.*G].A.T.r;..P.T.. ..`-m9....V=.K8H%Z).`.F..h..........y.o..o..zW..{U..Wu..r...JS.#....T.H)G.F(0.M!..........$x.0...`..#(.:F.0...-.1......5....,..w...-.......Q)..W.U.j._.......?...gh.O.z.O.I....Ru.I..z...1c..c}..a.Fk.\/...Z.....)[.I.....k..t`\......jn.:....~kc-n....{kS..o.z.....Y..`.>|....R3.+...k......0g/.....o.D...z...}........_.+e....y."{..Wk...:.n...y.J...z........+M.i..}\i..$
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 242637 bytes, 3 files, at 0x44 +A "cachecleaner.dll" +A "cachecleaner.exe", flags 0x4, number 1, extra bytes 20 in head, 19 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):254325
                  Entropy (8bit):7.998080655532996
                  Encrypted:true
                  SSDEEP:
                  MD5:77D51E8993B991E4E52325E7B3C3C246
                  SHA1:C96AD0A322A8B708140119CB6E4BB947D6807BA5
                  SHA-256:646AAB0AEF66786ADD6DB17F34F3F8F0DFA8038DBDABAFFEFA0BE87AAE56BC93
                  SHA-512:D0502F0DF0B96AE9FE3F47F8767C7A35D8DBBDF568E4EBA91984C512B0E44126F0B9CDE5E508A6A3246487580A750551D95565DCD70BFA6A5B59FE183BF6AE69
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF...........D...............................-.............................V.. .cachecleaner.dll..M.........V.. .cachecleaner.exe.2... A.....V.. .cachecleaner.inf.....6..[...D.0..."R`4..o...n..9W6++.-J....t..Y{.v@j..(.]S#...;.........x......h.M..\....v.+..3".*.......~...4X9'.#.}....n7.v7..<.I....IR....CR-R..vF.$.~h.;..U$.Z.r.z...K...ZU..%.j.*.r...P......h............n.w7o.~&_.]..2w9.s.r.TeQ.m.n.n.HR.v$$...u.....$..E...u..E\..@.........<waa@..W.GD.v.N.."..o.....s.....!.).}S...C....T..Mn.t...........U=t+....<...+.O{%......~>Y.......l..<;B.d#..a$?-.".*.V.Y%......._..[."..p?..kP..D.O.oW6d.[j........w~...;......-..........:0.z.4..3...}+.;.....?..z.....l8......<.jC.[q..<C.3.........D...Ts....ur....D.3.vX.hR=.l..d.J.;...x...$.&7:6+m..a.7.}..:.'t8.d..}...S.U..Ce..;.b5\S......1k...M.M.S.(}Bx..X. ".%.=.v.M6qw..:...L+...J.&..W...9...D..v..i:....W.-g}.)..Q.JE.Cl...O...\.R]..f..r.....6....D...vY.....D9.V....$..PF....x{..P":....f!o7m.*.C..[o:....8..
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 1189171 bytes, 5 files, at 0x44 +A "f5InspectionHost.dll" +A "f5PolicyServer.exe", flags 0x4, number 1, extra bytes 20 in head, 107 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):1200859
                  Entropy (8bit):7.999619501905294
                  Encrypted:true
                  SSDEEP:
                  MD5:0429ED781F6EA4E523DE8DDC7BD6C9C2
                  SHA1:0F764EA06AC9E19CD96061F6D5E5706AA389ECC4
                  SHA-256:B5799C5D0640F5F1EFFEC9ECEB9E592C2C9A8478C7AF857685E5F71D05C3C7CD
                  SHA-512:0A626E7A97D10B04B10C02FA82E65E84E5206C95C13C0D65D1EA84A021A4DA1D926099CDDE42FEAD1FC1E67BB55AAF4109EA9F4BDC508E0BC242FFD40FE28E7B
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF....3%......D...........................3%...-..............k....W.........V.. .f5InspectionHost.dll......W.....V.. .f5PolicyServer.exe..... o.....V.. .f5epi.exe......X2....V.. .ietrust.exe.....@05....V.. .f5InspectionHost.inf..F.*.&..[...O....."B`5..o...........i..\.V.K#..K.e.OG....#.S6X....... ....8..]..6.eM......0.."..EdDV5".x.....z.(...>|{....]..vU....k..."..|.H.......*H.k..".3...C..]L..K.LS"n..%..H.*..=..Q..S_e.W.......".."..?4...{..{.|...yw.....77......W.S....U #.R2..*.0 .0.@.D........'@?...?...gp..P.Af.....8..`:L._...U._.../s..=....{)..;...i........z.d.M7........Rs.L.~.Y6.L/Q..T.....D........_.`..P....p..^..{Q..l...K\?5......KW...:.b.%wh.r.....+v.....bG..v.7.T.U_...b>.3.................T<..5...|("...r..Z..P....8..=}.v*......[..2?)P...../.h......K9l.....NS....Qt.[.v.4P.V.@..ET...+.*..r...},<........h...H..........jbo..?...Y...wkD_...Ot.....[..kp...``.yG..N..&.._..n.f.....z6k...ue9.R...o......jeS..H.....Zt,l[Q.k..P...0g...+..W!.X..`7...|
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 474152 bytes, 4 files, at 0x44 +A "f5certchk.dll" +A "f5certchk.inf", flags 0x4, number 1, extra bytes 20 in head, 36 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):485840
                  Entropy (8bit):7.9992978661870575
                  Encrypted:true
                  SSDEEP:
                  MD5:3439E2057FF50AA92F21E6531CCBACB2
                  SHA1:4FD8B4F4870AE164E3B4EC7E1A3092C3E778B4D5
                  SHA-256:DA359EADE996F4FFC085D23214E01CD5A05CBCB55F98A33FCEA1AC2BF7E3B3DD
                  SHA-512:94D89303FEEB7AA60C937CEA229E8D327CE1AD587E2DE26451625FA6A011B01B4F92374F167942D30D0E05D88074BBE48AD544DF129479291A1439AFB22AB890
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF....(<......D...........................(<...-..............$..............V`. .f5certchk.dll.s..........V[. .f5certchk.inf............VM. .F5CertHelper.exe............V[. .F5CertHelper.dll..?..`1..[...B.0..."B`5..o.....z..l9V.MV...B].Z5.....8..K@...F.F..>_...N#N.....#E.P.K.%...w..E.M+E6TW#2.h..........6.w3{|..w....?t.s*...C.......n5.....5..IY.X...[..BT..kHF.*..I...\r...@...r.....T\.6....D..U..U......}........y....{.......%..*#YT.TM...R...`.......88. .9..c8....X.............U....0...e.s.V.g9..E...x..+$U.j.G...GTzGo..7.....cT#.Kod....5...}...m|.o.M.WC.a...~.....[...yK.=c..,...n.)...K..r"..L.m..l.g.A{..vkW.0.i6....s.n...D.c.....He....CP.........\.3..f..t3...+.....D....w........ykKf..e.b.>..k..}.1.m.&9.L..\........|.....}..r..x+U.~5.....FY.xURn......ZiK8H....p{k.m.......C_|.}..W.h..{...o["K....t..o.q.8.g.o./6,w.'...5j.*..Z&w..D..A)M...[.l..^[.5.........I..<.$J4..S./V3....Ux.i..xJH.,3.^+..h..@5(.h.L.A..C7.V7.p.............wX%C[-....\RX]..A B.oE..:.U..
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 375784 bytes, 4 files, at 0x44 +A "Win32SystemCheck.dll" +A "F5Win32CheckHelper.exe", flags 0x4, number 1, extra bytes 20 in head, 30 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):387472
                  Entropy (8bit):7.998776425635658
                  Encrypted:true
                  SSDEEP:
                  MD5:C7952F1E989E638CD2332A9333AC5651
                  SHA1:29EF4553525964CBE3FF3D0ADF61D318A2AC8104
                  SHA-256:1F00B38530CBCF570B7E1F25058006C475C18756EBF2ED96D8F856C737B1A748
                  SHA-512:1BAEDFCBC34866A3CE8C1E2DC4306D326BC242E2A800932FAF1095F933E97C10DEA6F1CB0D60F26F521EF98DA649FF32580EE5BC0990B4497F309BD0E41116B8
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF...........D...............................-...................+.........V.. .Win32SystemCheck.dll..5...+.....V.. .F5Win32CheckHelper.exe..... a.....V . .F5Win32CheckHelper.dll.r..........V.. .f5syschk.inf....&..[...M.P..."R`4..o...n...W..+.....t.]j...mH....e.kj.u.u....._...@|.G...).m..6.+`..r.N2`Z..ia..P.............1'=.......so.93...{..z.7.Ye.&....4.aHBB[.F. %V..jy...ZR..A.@..h.....,ZT.....P@.. .....*................y/o.-...v7.v..l..m...$....$....0Z...I...Y.l.2f!...j <.......i..<._!*........D..EC;....4..h.f..G.s...U.Y..ta[>..5.z.C}z.....H....W..m...S....=W....W..f..]...t.d...a..R.|..9.j...m...: ...-7O...:.;?.\....8L...@....^.J.+.J.#..-..P.k.^qD7.......#&.>,.V.L.v..".j."..._..a]I..."..y).>.z..X.r[&.L..S......../.......n....,..x[...6..*%......woH..$....-D..[t.*..^....kO..6.q...]}... ..f...Rz.~...._}......).79.Y.N.Te..@F,...}.]m[.G.R.iF...?.........X...$M.k.}.}c...a............IT....&.....+............S@.k...-....m|zP......5?.V9.h...B...
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 1719502 bytes, 3 files, at 0x44 +A "TunnelServerX.dll" +A "TunnelServer.exe", flags 0x4, number 1, extra bytes 20 in head, 139 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):1731190
                  Entropy (8bit):7.999803470561026
                  Encrypted:true
                  SSDEEP:
                  MD5:19CE3267ADC4B3247DB30373DC69BC28
                  SHA1:4B0F554309F864CE0939D0B7D15822B89FA79D60
                  SHA-256:4E0381DBA01EFB0684EDD05F01D9D7B9B0FFDCE49533161961AFCB1B3566AE1C
                  SHA-512:35B5464C03D4D0CDB35372E84DDCE1DB4428254FAED663DCBACC6087E58F136571F1B41CA335991EF79B646A52142951BDB2E8740EACD6519696C444D485B142
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF.....<......D............................<...-.............................V5. .TunnelServerX.dll...<........V8. .TunnelServer.exe..... .E....V2. .f5tunsrv.inf.h5...,..[...M....."R`4..n....].f..r.\..]&N+..V{i.Y..L ......]....$......7W.++...m.\....!v.+......D..l....{..o..C....Gn...7.77.Svs....uJ.}....'.....d...j.G.HBF.K....2.Z.r.#...T\.#\.....D\...0>@"j..f.........o.~w..wo+w..f.]].U.t.T..I.1U#..n....EMh%.#..p...@.xB..B......G.. @@../.9.$.l..1(....\..@Bt.S...b.....+\.Q.[?HLR...K.^.#.z._...D.W.$..R..[.g.J[Gz....[.J.3..._d.}..u..9..\.S.'.U=V'71r....\.1n.ob..>.[......).......N.[DC....s,..^;....r..,.@..!..0&1>..o*.F..Y.R..V.....J...d.=t#y..k....z..[0Y...S..'..=W....!.c......1...@g;..bq..*5."W..a.0.1.#.].$p....a...........>.......n;K.z.....p..B..J7'\0...."I....z.5....J...i.b.u...F......R..&X...eN4.X.L.n.}...M...U...j.E..T.s.k..z..j..*u...R.....V65s....m.iMSD..Y.[.......m.].......7.a..... ......d........Q"|..I.V.{{.Y..Vg.c7..j./...N..-
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 947494 bytes, 6 files, at 0x44 +A "urxhost.dll" +A "urxhostres.dll", flags 0x4, number 1, extra bytes 20 in head, 80 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):959182
                  Entropy (8bit):7.999608417711804
                  Encrypted:true
                  SSDEEP:
                  MD5:A7C8202CE8B188EB6D06514B975BFB4E
                  SHA1:6099D40F2FFF661ED207B1DBE3F5DA9C86CB07EA
                  SHA-256:0725503A0EE1286B2F61440E6223FA9708C990792D667818A7C7E054FE090591
                  SHA-512:82AEC144745A3D1B48906782AD4B1B61FB4C1BC0CF9106F6DC388CF152745403124CC009671D6B7DB9006FEA617A454AA43126F6E134B279D642DC6325ED2111
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF....&u......D...........................&u...-..............P....;.........V.. .urxhost.dll......;.....V.. .urxhostres.dll.!... A.....V.. .urxhost.inf.....AD.....V.. .F5ElHelper.exe..U...[ ....V.. .F5ElHelper.dll.....a.#....V.. .F5ElHelper64.dll.....*..[...L.P6.."BP5....o{.m.W.z[.+....J..Z7.V.....3.+.4...K...G....1Gwst....GV.M-..d.......d.r!..*+.1;........~........{..t...{..{...fHR.U...I..X-.F.{.TIjj....da.Ye...P.*.\raK....\.{B...U\..q.....B..".....{8..w....{.w...{.....T...n....JT.%...."E.q.H. M.... .HBBx..0.Xh.... .)...,...[.h..a...}...j.-...d.k.T.e.Q.......C....C..z.>.z.^../z.QI=?D.G.}E.B..3.......n.r.eX..z...t......'...D.S......z..[{Bs..;lYkm....I..Du.;.{.q...........J.E..........\.."..`.O..M.......F.....=.>.Z.u......7.L.ZX9ydg.s9H:........0.w[.`..........T9...2.zc...K..rV.k......f..*.U.C\j."H.X.....U..m...R.r)...._..d..6.l7...A.......U..%..G....Ys.h........\.O5..(....Y..W....^.<.e)s..e.....K..]w..\.U.[g...M...p^Z)..D.."....(.l.=>c..'.s
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 1630937 bytes, 4 files, at 0x44 +A "urSuperHost.dll" +A "urxshost.inf", flags 0x4, number 1, extra bytes 20 in head, 138 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):1642625
                  Entropy (8bit):7.999781026765009
                  Encrypted:true
                  SSDEEP:
                  MD5:4F88E64FE6A4F1B95E72019BB09B84B4
                  SHA1:0F73A9C03758E04DD538E3096C56A76BADEE2A7C
                  SHA-256:9262DBE53DC8D1B6CDC3CA2AD5232AFBE2A88FA5680E4BB682D6F59D2C16BA0A
                  SHA-512:B60DC6024C8ECAB0F885A13A7E95F070630015A159CF7BC3E997D5337662A2341AD4634CD5CFFD07ED64C73C517D557AB14D2469449E9AE9107FC7BECE283BC5
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF............D................................-...................7.........V.. .urSuperHost.dll.F....7.....V.. .urxshost.inf......9.....V.. .f5vpn.exe...!.fU#....V.. .f5LogViewer.exe.xn...5..[...P.@..."R`4..o...n..W6.-..J.e.i..4..A. 5q$...n....K........A<...r%...y[.r..`..0....fe...jD.......w...g.}....=>g..9.ye.oBI9.'... .....5->!.MV...6...6.j9..6.P...r.v..\...j.*7...m..,....tR.......Z.......y.s..7os7lf..2.&.If...[.je.I.nUG._\...7M.b.... ..B..@.4."... ....@?.(/....:z.......V.u..L..wQ.)....X..+.....O...i.........>I..z.W$._..N..i..>..6...UO7.O.Ks..O.m.+.OvSS....4.fN$.r\f.0=.T..B.zZy..^.j......../Zy.&..R.[g.....p^...C\...6S...*..a.\.......b."h.v..E...&)...n/{.."...d4..`a.@./.#.T.|..$.../.4..^[.+..h.O|{r....DC`V..n...KuV?.!....-..C...%14.[k.>..#h5m..y.^..Y.B...R.{.Q'...u'..&{..Bz..W....:7.v........S.B.$.;@.g..e_.J.-....e.........).............>...m.3..LR=}am.......M.a..K.$.yU...k.D.V.c.....5i.'g#...4vJ..sf..+.>.l=..........1&.Y.E....U_U..
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 1600376 bytes, 31 files, at 0x44 +A "urxvpn.inf" +A "ursetvpn.exe", flags 0x4, number 1, extra bytes 20 in head, 133 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):1612064
                  Entropy (8bit):7.9997360974894836
                  Encrypted:true
                  SSDEEP:
                  MD5:CDA7AD6F6D7DF610B59CCA9DE46D943A
                  SHA1:6B36081AB3EDA03C669AB7CCC4EFC35D940569DB
                  SHA-256:CCE51330EAF404DAAA900318A38377A6E09578B112BE8BB63D42F185D0BE8DB2
                  SHA-512:7F9840616C452AE1982E71FF931B8EFA2DF58107DB3CC6802782217904E8736968F38E922594F9640DF188CB6E280D225158904AEDCBE6D636BB455A2C67A036
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF....xk......D...........................xk...-.............................V.. .urxvpn.inf..y.........V.. .ursetvpn.exe.....,~.....V.. .urxvpnad.tag..G..A~.....V.. .setup2000.dll............V.. .setupdrvdll.dll.....a......V.. .readme.txt.....k......V . .urset64.exe............V#. .ursetarm64.exe..$.........V.. .covpndrv.cat.. .........V.. .covpn2000.inf.P...3......V.. .covpndrv.sys.....r.....V.. .covpnx64.sys.P...S......V.. .covpnw2k.sys.P..........V.. .covpnwlh.sys.....K.....V.. .covpnv64.sys............V.. .covpn10.inf.G$.........V.. .covpn10.cat......9.....V.. .urfltwlh.sys............V.. .urfltv64.sys.....B......V.. .urfltarm64.sys......c.....V.. .urxdialer.dll..!..jm4....V.. .urxdialerres.dll..5....5....V.. .F5Win32CheckHelper.exe.......9....V.. .F5Win32CheckHelper.dll......H;....V.. .scew_uls.dll.......?....V.. .2017\covpnwlh.sys.....r.?....V.. .2017\covpnv64.sys.....R.@....V.. .2017\covpnarm64.sys.....:.A....V.. .2017\covpn10.inf..2....A....V.. .2017\covpn10.cat.......B...
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:Microsoft Cabinet archive data, many, 1228409 bytes, 8 files, at 0x44 +A "f5Sandbox64.exe" +A "f5_mini_browser.exe", flags 0x4, number 1, extra bytes 20 in head, 98 datablocks, 0x1003 compression
                  Category:dropped
                  Size (bytes):1240097
                  Entropy (8bit):7.9996747865933635
                  Encrypted:true
                  SSDEEP:
                  MD5:C502A03D71C81D099AB4C253AF692F5A
                  SHA1:1B89216FA7A0184B6EBED160D1260362D095BC0D
                  SHA-256:C6592EE0FC3B3D626D84F1A56FCF49785E27945937479EFCFBC24E14C88330E0
                  SHA-512:02BE7E7CEF378231565FAAC74DD3B8A6B6B1FD5A91BC584DFC8FEE67B69965910857573F35711C1DC986C2607CBF1DDCB050D52FADE212018F1CDACBBAA79E15
                  Malicious:false
                  Reputation:unknown
                  Preview:MSCF....y.......D...........................y....-..........A...b....}.........V.. .f5Sandbox64.exe......}.....V.. .f5_mini_browser.exe..g.. ......V.. .f5_sandbox_desktop.exe..?.........V.. .detoured.dll..M..@0.....V.. .f5Hook64.dll..{...}.....V.. .HookDll.dll.....`.!....V.. .vdeskctrl.dll......0....V.. .vdeskctrl.inf...u..D..[.......`."C`3.._..vky...ZV.F.(....fu...Q$...b!.@..(...5.h..3!@.$:.;I.....P.........c....BrQ2.......@..v...@......}...t...R.}[[W. .l.5...].2.d..H.\~.[.c..q..,).........r.......6n...[t/..........h......Wy.%c..C..+......=.. .....f..$l.>b19...cN.v(.y!..2cDa.T.n...uk..W..6FT..{..d...n.wdD.J.G.n.v...(..&S..\wm..:.....p;.....X...o}.........l.aL.....b.0Y.?.w.....Fw...@....r{.w.J.s....D.DQ.'8..~..}.S..@.:?..b.....N..VW........J.......O%..E...7.irU.Y. i._Sr..U.|.,.%.#...A5.]..L...99..$.o.u_..6......:...p@$]..........7.R.....fM.......q....~r..-$=....R...oG.../.K.#.p..S'o,V..W8..5n.P9...E..+Xf.C..I.).^...+...X1.TL.......u(ndsK{.XE....(LNMl
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (native) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):55648
                  Entropy (8bit):6.511804090450235
                  Encrypted:false
                  SSDEEP:
                  MD5:02D45AC8D7194ADF647CADF73BA0DA59
                  SHA1:6142A950C3D3153A1C6D83277CD84398A00C9612
                  SHA-256:AB5C8CD7382D2B8BA769A6315A67361D028936A95E5CA2F8B400450715FCFEDC
                  SHA-512:EC619D0F501DF3788C4B1A90F820C3739325364126A8608DF5264F6523F54A4AF8060C387D9EB1AC1E8A3873FB8C61C2EBD32138D00E0448057ED7A0156C3608
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-..C...C...C...E...C...B...C...B...C...F...C...@...C...G...C...G...C.......C...A...C.Rich..C.........................PE..d....`.Z.........."......n...(......x..........@.....................................u....`.................................................p...<...............t.......`?......4....h..8............................i...............`..X............................text...QF.......H.................. ..h.rdata..0....`.......L..............@..H.data................`..............@....pdata..t............d..............@..H.gfids...............j..............@..HPAGE.................l.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..4...........................@..B................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):717200
                  Entropy (8bit):6.115733360810361
                  Encrypted:false
                  SSDEEP:
                  MD5:7F043412A160F2E5447F9F86F8F89719
                  SHA1:0BBC4F97BA55EE8ED813F89EEA3D4F034C02CB7D
                  SHA-256:1B31833A4F15AA67788238D5D9C5C72A97CA8EFCB9DCBE3AC59366F80E407A51
                  SHA-512:2EFD172B0E1232AFBA3B7DC58BA5E8DBBC4A7A0724ADB8821E619005E1A6C92FB445595B61A45EEDE4DA7090EFE4DD9AB4041F87064C8844C7D60DA7FF6EB0EF
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'Q..tQ..tQ..ts..u..tj..uV..tj..uz..tj..uG..ts..uB..tQ..tY..ts..uV..ts..uZ..t...uY..t...tP..t...uP..tRichQ..t........................PE..d....a.d.........."......F...>......`..........@.............................. ......Z....`..................................................W........ ......P ..E.......-.... .L.......T...................x...(....................`...............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data........p.......V..............@....pdata...E...P ..F...h..............@..@.tls.......... .....................@....rsrc......... .....................@..@.reloc..L..... .....................@..B................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):315792
                  Entropy (8bit):6.236533061471821
                  Encrypted:false
                  SSDEEP:
                  MD5:F1EF203FA6415FE3458B79B5BB947DB8
                  SHA1:820789ED2EA773A5DA315FED1212F424554377EE
                  SHA-256:3308208A573BAC7AC713F3865D5CBDA415D6AFFB0149CA8A0A347BA483F847EE
                  SHA-512:D4422E9FCDDB40466DC58B22EAD88DCE4F3DF5AAD87586763EFC2634678A90E28E2DDDC1EB3B4DFF1B2051EFA2EB8F5098DAAA124E1425989A92BB0FC683C035
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=+Z.\E..\E..\E..<@.M\E...F..\E...A..\E...@..\E..<F..\E..<A..\E..<D..\E..\D.#\E.J.@..\E.O....\E..\...\E.J.G..\E.Rich.\E.................PE..d...ha.d..........".................`..........@....................................4.....`..................................................e..........x.......P%.......-......P.......T.......................(...@................ ...............................text............................... ..`.rdata...R... ...T..................@..@.data....!...........\..............@....pdata..P%.......&...l..............@..@.tls................................@....rsrc...x...........................@..@.reloc..P...........................@..B................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (native) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):54704
                  Entropy (8bit):6.67984472350497
                  Encrypted:false
                  SSDEEP:
                  MD5:BD34349A2090189EF3C0DC84A3A075E7
                  SHA1:4E7AC66CC22141FCD6040C0FB6BAD61153FC1501
                  SHA-256:6A6B4E4ED6E3BA2C2AF8191E3F8181D675B70B8CD2FBCC98DCBF5A762198B4BD
                  SHA-512:A8C4BDAE37CD5F74A7995114480C89D25C1DB8E2790382F05178C594040D93243C6893E2D7999AB7444EA2D2E75CA8B89EAAA6F25BC50240BBC9DE051A28F967
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..h..u;..u;..u;..s:..u;..t;G.u;..t:..u;..q:..u;..v:..u;.}:..u;..;..u;.w:..u;Rich..u;........................PE..d...-..b.........."......d.....................@....................................$.....`A......... ......................................h...P............p..`........Q......l...xT..8............................T...............P..@............................text...d7.......8.................. ..h.rdata.......P.......<..............@..H.data...`....`.......H..............@....pdata..`....p.......L..............@..HPAGE...., ......."...P.............. ..`INIT.................r.............. ..b.rsrc................|..............@..B.reloc..l...........................@..B................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (console) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):837008
                  Entropy (8bit):6.243684227308001
                  Encrypted:false
                  SSDEEP:
                  MD5:0E4EF17985C0671EEEC2FB803DAA332F
                  SHA1:5992F0AAA6FDB99097CB0F6F803E27A552B78F9C
                  SHA-256:B0E78AB2710C34AF8F0EC039FF4427903E239BF4F962845BBE6D0D276978E6C4
                  SHA-512:3FBAA86620645F84620FB1241F994EF5851F0D482A497A2883DEC5D755075116685AE591E63271E3F94E9D5B889521469D956627D28E6DEE1F0489C46391D749
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.A.?./I?./I?./I..*H../IS.+H-./IS.,H6./IS.*H../I...H,./I?..I0./I..+H4./I.*H7./I..I>./I.-H>./IRich?./I................PE..d...-a.d.........."............................@.............................."...........`.................................................<&.......p"...... "..I.......-...."......a..T....................c..(....a..8............................................text............................... ..`.rdata...i.......j..................@..@.data...t....@.......&..............@....pdata...I... "..J...:..............@..@.rsrc........p".....................@..@.reloc........".....................@..B........................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:XML 1.0 document, ASCII text
                  Category:dropped
                  Size (bytes):638
                  Entropy (8bit):4.715424147257329
                  Encrypted:false
                  SSDEEP:
                  MD5:254FABC463EBE978CA9BA89E30A1CA87
                  SHA1:BDE920D4EDE24498FAD546E962EC7C949F77E5B0
                  SHA-256:679E94B9330543985F2BF5E1834FF7AAC39343E38ABD04DBE34CD5C8525AF2B5
                  SHA-512:215A912E55EB3479846EA17F042A252D2FE9DAE0894842B0CB0F9D590E7657241DB959C7E11AB33E594BEBDBF44745C9BC023B530117A1F7C4AEDE4D364A2B2F
                  Malicious:false
                  Reputation:unknown
                  Preview:<?xml version="1.0" encoding="UTF-8"?>.<PROFILE VERSION="2.0">.<SERVERS TRUSTED="YES">.</SERVERS>.<SESSION LIMITED="YES">. <STAYCONNECTED>YES</STAYCONNECTED>. <RECONNECTIONS>5</RECONNECTIONS>. <SAVEONEXIT>YES</SAVEONEXIT>. <SAVEPASSWORDS>NO</SAVEPASSWORDS>. <REUSEWINLOGONCREDS>NO</REUSEWINLOGONCREDS>. <REUSEWINLOGONSESSION>NO</REUSEWINLOGONSESSION>. <PASSWORD_POLICY>. <MODE>DISK</MODE>. <TIMEOUT>240</TIMEOUT>. </PASSWORD_POLICY>. <UPDATE>. <MODE>YES</MODE>. </UPDATE>.</SESSION>.<LOCATIONS>. <CORPORATE>. </CORPORATE>.</LOCATIONS>.<UI>. <CUSTOMIZE>. <LANGUAGE>. </LANGUAGE>. </CUSTOMIZE>.</UI>.</PROFILE>.
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):617872
                  Entropy (8bit):6.470134510383238
                  Encrypted:false
                  SSDEEP:
                  MD5:4940B76C5B820E8CA543D339BCF8FAF3
                  SHA1:80896B3EA281725AF6596CDC8FF04D848E8103AB
                  SHA-256:315503B27BEF212A3E4594E11C89144CACE115C58EC0268D0C0E9A54C5BC4179
                  SHA-512:69B02CB7300D76E962AF98D68A0EEB9EB3C8C13660AB4940469528D23A38F88A475EC9B6A1F91AFC252FEAF6471319B9C7E60BA87FB43B44F4DFB4370E67E944
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........:...[.G.[.G.[.G.;.F.[.G...F.[.G...F.[.G...F.[.G[..F.[.G.;.F.[.G.;.F.[.G.;.F.[.G.;.F.[.G.[.G.Z.G)..F.[.G,..G.[.G.[pG.[.G)..F.[.GRich.[.G........................PE..L...1f.d.................:...................P....@..................................Z....@............................................X............@...-.......x.. ...T...........................x...@............P..(............................text....9.......:.................. ..`.rdata...F...P...H...>..............@..@.data....C.......0..................@....tls................................@....rsrc...X...........................@..@.reloc...x.......z..................@..B................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):586640
                  Entropy (8bit):6.453373650945441
                  Encrypted:false
                  SSDEEP:
                  MD5:055B72D0282B79299C39DEC924C0057B
                  SHA1:5C3FC3B8A38F9B60D44D2994893379C3D41206A6
                  SHA-256:E7D5CB0D62398912282D3F485DFFB1FA6627249C7DA67CA5D0DFC1AD9DB1EFCC
                  SHA-512:5B1AEF215CE2637DE117D7963BC7A364F9CE3499B5FC79C6694EFC6A96DE051F6066FB21A25C8BCE4C66112D043125EA74745E4E16B5D41A9D08494295FFF3A8
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......<..Tx.d.x.d.x.d.Z.a...d.C.g.m.d.C.`.k.d...a.z.d.Z.g.t.d.Z.`.k.d.Z.b.y.d.C.a.L.d.Z.e.k.d.x.e.J.d..a.h.d...y.d.x...y.d..f.y.d.Richx.d.........................PE..L...;`.d.................2..........p........P....@.......................... ............@..................................4...........................-......Di.....T...........................H...@............P...............................text....1.......2.................. ..`.rdata..f....P.......6..............@..@.data...X1...P..."..................@....tls.................P..............@....rsrc................R..............@..@.reloc..Di.......j...\..............@..B................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2513808
                  Entropy (8bit):6.690226114375449
                  Encrypted:false
                  SSDEEP:
                  MD5:A136634EF01C80960DA33D680A0A1382
                  SHA1:03FB96C0BB5D420981A395E0D8D01EB7F648A4A8
                  SHA-256:B974C57655CDA12F76295C63566E5EB536CEC8F95F15AC4124F2DA3E41A5EC0D
                  SHA-512:7DA57221E0E8FCF1579CC73AAC2C70C4D3D5E15CA25E662F58106A9D888C289D8E8BD6BC45E90E80D1F09FE383804BECC047FD37062088EBB77D9689EE2C1B46
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  • Antivirus: Virustotal, Detection: 0%, Browse
                  Reputation:unknown
                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........*.q.K.".K.".K.".+.#.K.".+.#`K.".+.#.K."6..#.K."M.l".K."...#.K."...#.K."...#.K.".+.#.K."D..#.K."D..#.K.".+.#.K.".K.".I."D..#.K."D..#.K."A.T".K."D..#.K."Rich.K."........................PE..L....Y.d...........!.....P...<......pc.......`................................&......H'...@A........................./".....t0".......#.@.............&..-....$..@...+..p...................0,..........@............`.......)"......................text.../O.......P.................. ..`.rdata..v....`.......T..............@..@.data....#...`"......N".............@....didat........#.......#.............@....tls..........#.......#.............@....rsrc...@.....#.......#.............@..@.reloc...@....$..B....#.............@..B................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):459664
                  Entropy (8bit):6.6511856034726495
                  Encrypted:false
                  SSDEEP:
                  MD5:35F44F005B65B89DE6F0D247EE116688
                  SHA1:0217C835827A32CA62AA5868B25E5B63BB22BBC5
                  SHA-256:9CAB95BA2B65F507371751B9473F9AEE1B2F62CC846E562EE48668BA3406276C
                  SHA-512:4831EB32FA9A98D0B6B164A3B14367B5BFAE026B4D9E7E41992A4140852297EC229C4640F870D6AC6D455D789DFA9C0CBDFC2BFEE03BE9B0063D21CD7C357106
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i5...[D..[D..[D.hXE..[D.h^E..[D.VXE..[D.V^E..[D.V_E..[D.h_E..[D.hZE..[D,VZE..[D..ZDB.[D,V_E..[D,V^E..[D)V.D..[D,VYE..[DRich..[D........PE..L....Z.d..................................... ....@.......................... ......?.....@.................................|n..d.......(................-......<G......T...........................(...@............ ..p............................text............................... ..`.rdata...[... ...\..................@..@.data...H(...........h..............@....tls................................@....rsrc...(...........................@..@.reloc..<G.......H..................@..B........................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):5020560
                  Entropy (8bit):6.602013450050986
                  Encrypted:false
                  SSDEEP:
                  MD5:04F92E6A46911B98B1CBF97B478A1F19
                  SHA1:B9663D1F65C9E5368D117B2EF2654FC54135CCC6
                  SHA-256:F903DB2DD82ED76508213527285F1876A915F4AC4C45366AE2665DEBD4E16162
                  SHA-512:E0F275B73BEE57F7D87E191B7480DD7C3B637360E44356AE288B4C5C7702CD85D39E7ED5F0E51B1B947AA60C9955DA3A367A86AA3C6493C75795D045CE8C1738
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........'..^F..^F..^F..|&..GF..|&..KF......XF......\F..|&...F..|&..OF......\F..|&..CF..^F..@B..e...FF..e...JF..e...'G......9F....S._F..^F;._F......_F..Rich^F..........................PE..L....Z.d.................4*...".....`.$......P*...@..........................0M......L...@...................................4.@....P6.hp...........nL..-....I.`[....1.p.....................1......T..@............P*.......4......................text....2*......4*................. ..`.rdata.......P*......8*.............@..@.data.........5.......4.............@....didat.......06.......5.............@....tls.........@6.......5.............@....rsrc...hp...P6..r....5.............@..@.reloc..`[....I..\....I.............@..B........................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):275344
                  Entropy (8bit):6.496919331751083
                  Encrypted:false
                  SSDEEP:
                  MD5:A896071F38DC1C67FAE4ED9B64DA6070
                  SHA1:0C9B32DB338F0056AB2FA696A4912EC608164E89
                  SHA-256:39ACD91AA26AE8E636B3FC8E24EF55870B277FECF7BF5D9618C05840E9681135
                  SHA-512:9A903442ED407B2B94BD615175F5EDD9A4C6AC3589B6754E12600E55D6399568D278C9C880B710620336AB977E55B3F030CC9DDD1091F17C529913984A372023
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#...p...p...p...q...p...qv..p...q...p...q...p...q...p...q...p...q...p...p...p3..q...p3..q...p3.*p...p..Bp...p3..q...pRich...p........................PE..L....Z.d...........!.........D.......u.......................................P.......b....@A............................................P................-......83.....p...........................8...@...............T............................text...:........................... ..`.rdata..n...........................@..@.data...............................@....rsrc...P...........................@..@.reloc..83.......4..................@..B................................................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):348048
                  Entropy (8bit):6.261687864292811
                  Encrypted:false
                  SSDEEP:
                  MD5:B418178E4299F4C5B701225E4CE52A42
                  SHA1:DEF76599FDF5E68883D4007C417E1A4515B743E5
                  SHA-256:A149361C91B8877F4DC274DF9E744A27B2AC97F8AE24C818E69BAF9F981F21B1
                  SHA-512:D1DBF46B60A53BBC812D6396D27C23246BAAAB883FA0964B828A5B1340FE7904904476BCBE1A15BAC1DD571FB836A3BD31744C1536EBD4046245CABE278D5FEB
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F..F..F..-..F..-..F..-..F..2..F..2..F..2..F..-..F..F..G.B2..F.B2..F.B29..F..FQ..F.B2..F.Rich.F.........PE..d....Z.d.........." ................pI....................................................`A................................................`........p..P....0...%..."...-......t....v..p....................x..(....v..8............................................text...\........................... ..`.rdata...Q.......R..................@..@.data..., ..........................@....pdata...%...0...&..................@..@_RDATA.......`......................@..@.rsrc...P....p......................@..@.reloc..t...........................@..B................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):363408
                  Entropy (8bit):6.208026730975063
                  Encrypted:false
                  SSDEEP:
                  MD5:E6386B5A8798FBE3CDA2082F7AFD3773
                  SHA1:73104DCFB455F7AD9C2D41EE9A763C5B134BE8D8
                  SHA-256:D7C24959C540CC350203C73A51CB72D1B79B80C21D93856C1F619434150EF83E
                  SHA-512:384E649B85EAFC1A6A9E899A00E28A0AEE4D7D6CCE358BC191E818DDEC2FCE7A303A1391882B31DE1197CEF53E87F1E29619546D8E10BE616B69EB0C8635D178
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.,.'.B.'.B.'.B.3.A.%.B.3.G...B.3.F.,.B.K.F.7.B.K.A...B.K.G...B.3.C.2.B.'.C.#.B...K. .B...B.&.B.....&.B.'..&.B...@.&.B.Rich'.B.........................PE..d....Z.d.........." .................j....................................................`A........................................0...................P....P.. ...^...-......T...(...T.......................(.......8............................................text...<........................... ..`.rdata..<i.......j..................@..@.data...T....0......................@....pdata.. ...P..."...,..............@..@.rsrc...P............N..............@..@.reloc..T............V..............@..B........................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):249232
                  Entropy (8bit):6.635985952808732
                  Encrypted:false
                  SSDEEP:
                  MD5:BDEECAFA6794195CE89DE95EDC5183D1
                  SHA1:3EB39C1569E219859EB2D574ED9F931BB5B03FB2
                  SHA-256:715694717D07D5A354C413EFFB2983844CB79343D8E45BE990E9D9392D3DC265
                  SHA-512:0B6124E31C0DEA329B0EE950FD2D4CF869BF6A4EA73A64317A23E1B3214347667AC13A85E5D7487031709363CDCA83DA0103627D7EC875A76BED66F9290A2A8A
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`f.Y...Y...Y...{a..S...{a......b_..H...b_..O...b_..W...{a..J...{a..Z...Y........_..V...._..X...._..X...._..X...RichY...........PE..L....Y.d...........!................0.....................................................@A.........................^......Lo..(........................-......4&..pU..T............................U..@............................................text...;........................... ..`.rdata..^...........................@..@.data................f..............@....rsrc................r..............@..@.reloc..4&.......(...x..............@..B........................................................................................................................................................................................................................................................................................................
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:XML 1.0 document, ASCII text
                  Category:dropped
                  Size (bytes):1150
                  Entropy (8bit):5.047269531953663
                  Encrypted:false
                  SSDEEP:
                  MD5:F4F8D65E998E539690929A54575B36FC
                  SHA1:8A9C8FAB53956534D41A65A1D9417B506B913217
                  SHA-256:784C8D42F8BE686ADEE81C63BC87EC9DD9C435A5404C26EB7622CB3DA3D93CBF
                  SHA-512:523A6565F639BCD90A596842A1F4186609FA6530E67862D605B76063EC14088497B63F95D0E2FB4D32F37B698AD04C73BFCECAC57D87A8F7FE1ADC8467A43CEB
                  Malicious:false
                  Reputation:unknown
                  Preview:<?xml version="1.0" encoding="UTF-8"?>.<CLIENT_CONFIGURATOR>. <SETUP_CONFIGURATION>. <PRODUCTNAME>BIG-IP Edge Client (TM) package</PRODUCTNAME>. <DATABASE>f5fpclients.msi</DATABASE>. <MINIMUM_MSI>150</MINIMUM_MSI>. <PROPERTIES>STARTAPPWITHWINDOWS=1 MACHINETUNNELDNSSUFFIX=""</PROPERTIES>. <OPERATION>INSTALLUPD</OPERATION>. </SETUP_CONFIGURATION>. <FEATURES>. <FEATURE>TRAFFICSERVICE</FEATURE>. <FEATURE>InstallerService</FEATURE>. <FEATURE>MachineTunnelService</FEATURE>. <FEATURE>CERTCHECK</FEATURE>. <FEATURE>CLEANER</FEATURE>. <FEATURE>PortRedirector</FEATURE>. <FEATURE>BASE</FEATURE>. <FEATURE>InspectorService</FEATURE>. <FEATURE>CredMgrSrv</FEATURE>. <FEATURE>InspectionHost</FEATURE>. <FEATURE>VPN</FEATURE>. <FEATURE>StandaloneConfiguration</FEATURE>. <FEATURE>CUSTOMDIALER</FEATURE>. <FEATURE>MachineTunnelServiceConfiguration</FEATURE>. <FEATURE>OesisInspector</FEATURE>. <FEATURE>Standalone</FEATURE>. <FEATURE>API</FEATURE>. <FEATURE>SANDBOX</FEATURE>. <FEATURE>
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):13018
                  Entropy (8bit):7.23198178362531
                  Encrypted:false
                  SSDEEP:
                  MD5:C13AEA7CC1080BFFE2C771C9D288A6C1
                  SHA1:B47185969470C0E5A3C6220A75117BBB95B2637D
                  SHA-256:4EDF7CF5AC056D50DF4D9EF94F9AD76859C76EEDC87C10695B141152396145F3
                  SHA-512:870D4D74C93C19B866A82F97B76A9FCA924004C19A4FD94115374569763F5524A1C507012325B00D34C9DD958EA25477AFAC3D26B0AA595A9913B848007C6DA8
                  Malicious:false
                  Reputation:unknown
                  Preview:0.2...*.H........2.0.2....1.0...`.H.e......0..7..+.....7.....(0..$0...+.....7......1m.k. A....!d....220512170521Z0...+.....7.....0...0....#2.s.....e...]..9!.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........c.o.v.p.n.1.0...i.n.f...0....f.N.G...)~m.A...Qn.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.v.6.4...s.y.s...0.... j.0..i&k...FCF..o..Y...v.S.....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.v.6.4...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... j.0..i&k...FCF..o..Y...v.S.....0.... ..V?.... 7..3v.`.Y.<.mqq....,1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.w.l.h...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..V?.... 7..3v.`.Y.<.mqq....,0....
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Windows setup INFormation
                  Category:dropped
                  Size (bytes):6557
                  Entropy (8bit):4.995630592430446
                  Encrypted:false
                  SSDEEP:
                  MD5:5802B997AA23F9A7AF5771D0F61D95F0
                  SHA1:2332FC73AB11D687D81E658995D05D84CF3921EB
                  SHA-256:FE97EB18742905E1E023B9E643D76C1F064D16EACE160D97CC002AE7E30472FB
                  SHA-512:C2E8E9DA862D58F5F93FF823817CBD1F9445DE6235EFF10C4226FD1B2562BC39DF8B6BBE1462B63360B247D77B2D68FC1D8D4B62392F9C25F455E16A66543A32
                  Malicious:false
                  Reputation:unknown
                  Preview:;***********************************************************************..; Copyright . 2000-2021 F5 Networks, Inc...;..; VPN adapter NDIS WAN/TAPI device installer script...;***********************************************************************....[version]..Signature = "$Windows NT$"..Class = Net..ClassGUID = "{4D36E972-E325-11CE-BFC1-08002BE10318}"..Provider = %VER_PROVIDER_NAME_STR%..DriverVer = 05/12/2022,7221.2022.512.934..PnpLockDown = 1..CatalogFile = covpn10.cat....[Manufacturer]..%VER_VENDOR_NAME_STR% = Models,NTx86.6.0,NTamd64.6.0,NTarm64....;Vista and newer on x86 CPU only..[Models.NTx86.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.wlh,"F5_Networks_VPN_Adapter"....;Vista and newer on AMD/Intel 64 CPU only..[Models.NTamd64.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.wlh64,"F5_Networks_VPN_Adapter"....;ARM 64 CPU only..[Models.NTarm64]..%DEVICE_NAME_STR% = COWAN.Ndi.arm64,"F5_Networks_VPN_Adapter"........;********************************************
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (native) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):60392
                  Entropy (8bit):6.78869825693542
                  Encrypted:false
                  SSDEEP:
                  MD5:4EB1174E3A1B8EA7E69D5161DE658CAA
                  SHA1:CF6CD7F463C23F84676610AF3E5671D72133821D
                  SHA-256:49C8FD94E176E09F380B05F052DDD0C2A2B9FAA39F259A8F7823803368674EA9
                  SHA-512:B16BF21262ABEFA9680E8246A9071C42E97BC4F3DB0C577BC10596D863AE3F860E4640E2D86FD113D9C4001BAFD6D8054C2C25E098FFC6F576DEDF9F6ABD44CC
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.e.$...$...$...$...u...0...#...0...#...0...!.......6......%.......%...Rich$...........................PE..d.....|b.........."......v.....................@..........................................`A......... ......................................h...P........................U...... .......8............................................................................text....i.......j.................. ..h.rdata..H............n..............@..H.data................|..............@....pdata...............~..............@..HINIT................................ ..b.rsrc...............................@..B.reloc.. ...........................@..B................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (native) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):61920
                  Entropy (8bit):6.734919619188896
                  Encrypted:false
                  SSDEEP:
                  MD5:104F8BDADCD7E83A1EFE4FEEF035EEA9
                  SHA1:D4DF90126248F1D2A3A9A0E45EBC02088B802DB7
                  SHA-256:AEB9F3D29FDD1BCFE6671440590442A6289C70998F70269E959E137DAB1CE4C9
                  SHA-512:C7BAA5FC7057585CC3C67753728A43E8C70DBBDEDE059197CF0419B89219A13E91527CEBB811AED59C29D55E9ED43E2CA05B899DAE57A29E22B4F15114945AEF
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........!...r...r...r..s...r...r...r..s...r..s...r...s...r..+r...r...s...rRich...r........PE..d.....|b.........."......v...".................@..........................................`A................................................\...P...............4........U...... .......8............................................................................text...=h.......j.................. ..h.rdata..4............n..............@..H.data................~..............@....pdata..4...........................@..HINIT................................ ..b.rsrc...............................@..B.reloc.. ...........................@..B................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):53192
                  Entropy (8bit):7.015918205433078
                  Encrypted:false
                  SSDEEP:
                  MD5:E3DB66D3DEFA9E59F1B345F6EFFBAFA8
                  SHA1:3F6AF37F4CC7D458276EA65F1EE1A0374FE90663
                  SHA-256:3CBA184253B97962B5C020C82E645E26FCE1D8761CAD03D4ED851094F211A17F
                  SHA-512:85D134C0F65DD878ED1357DF29E129148D65D0E45C719D60C47668F4566FA75C39E0E66886E37AD5D34CCE8B9BEAE23117D891A38C433B4EF1FC4117D79F482E
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............n...n...n.......n.......n...n..n.......n.......n.......n.......n..Rich.n..................PE..L.....|b.................`...................p....@......................................@A................................0...d....................z...U...........r..8............................r...............p..T............................text....T.......V.................. ..h.rdata..|....p.......Z..............@..H.data...0............b..............@...INIT.................f.............. ..b.rsrc................p..............@..B.reloc...............v..............@..B................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):19
                  Entropy (8bit):3.0761031709967233
                  Encrypted:false
                  SSDEEP:
                  MD5:40DAA9CAB1A38486FF88A9C7D8F008FF
                  SHA1:2B19739A012F7FD6B9D90D4AE42025600F487327
                  SHA-256:634F4A138C787AF5937944F42A9010FC64D9D0E5CEA2A98FA2BE72A513CF5B36
                  SHA-512:C36D028EAE8FDDBAD294D2E1F71286FEB0591552FFCEB676419D4C49147599624BDF5D842144C0100B21E1487799C7A5DE4FA8CC5E76EC4AAD5B7957AC8940CB
                  Malicious:false
                  Reputation:unknown
                  Preview:7221,2022,512,934..
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):99216
                  Entropy (8bit):6.554032746085711
                  Encrypted:false
                  SSDEEP:
                  MD5:501379EB48675C8F7B232BD371944B53
                  SHA1:38BE1D7D976E68065F19C0DD8721BF9BDE2565DC
                  SHA-256:03434B378BB8FEFDEEC047AF5FC64B8AACA18057191DD9FD64FB8A6DAAD2C67F
                  SHA-512:05E54E24CA4AB7B1EE1DB55C0424CE854A10B7BE75605E89CD9F80B4624142E50E364E9208690DD1313E1DF2128C04C2DB152A5EFC7A6891BBC8D802556C6C4C
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.1D..bD..bD..bfm.cM..bfm.c?..bfm.cV..b.S.cU..b.S.cQ..b.S.cK..bfm.cC..bD..b...b.S.cF..b.S.cE..b.SxbE..bD..bE..b.S.cE..bRichD..b........................PE..L....^.d...........!................................................................V.....@A.........................7......|8..P....p..8............V...-.........../..T...........................80..@...............l............................text............................... ..`.orpc............................... ..`.rdata...a.......b..................@..@.data........P.......&..............@....rsrc...8....p......................@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):275856
                  Entropy (8bit):6.598823958419446
                  Encrypted:false
                  SSDEEP:
                  MD5:8C0A7C17B8F454D43BDCDCC2DA1F8F1D
                  SHA1:7C9BB9984553AB927DB96F301EAC0807898470BF
                  SHA-256:AC2ED419772D433FAFC8A130F52DD5F83F69917D4ACA9E55D68962CB08F1A7F9
                  SHA-512:BF0F388DF664B4AA21F1D9FCD0C91E7D2CAF612030A5E1F31D7BD1076BD103ED6DED3568C838B0810FDD2BB424FDDE33AA535F4697A98A8BA181CA7CE92171D4
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p..;...;...;....q..6....q.......O../....O..)....O.......H..9....q..(....q..:....q..*...;...6....O..>....O).:...;.A.:....O..:...Rich;...........PE..L...._.d.....................8....................@..........................P......R.....@.............................................8................-......h2...v..T....................w......8w..@...............h............................text............................... ..`.rdata..............................@..@.data...h...........................@....tls................................@....rsrc...8...........................@..@.reloc..h2.......4..................@..B................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):9287
                  Entropy (8bit):7.223692993404583
                  Encrypted:false
                  SSDEEP:
                  MD5:99E1D9EF3F11FFAA112065E7E6AE0EDD
                  SHA1:9B55D690735548AB3B4ABDC56DDCF0C28D50404C
                  SHA-256:1820E0EAAF0DC9312FAB5CE99F0B9DD74E8FEF0868311A0D8D135AF741769D1E
                  SHA-512:971A88B3754E96DE1BE8C3090D0FB2B21F754B49E61132705B824D5AAE0A83994E82722D5B1D57DE7F693D23D6A3AFEFADFA4E541E25B782EC81CA15648AA7AA
                  Malicious:false
                  Reputation:unknown
                  Preview:0.$C..*.H........$40.$0...1.0...+......0.....+.....7......0...0...+.....7.....5.qjy1mE.Tx#......150701192322Z0...+.....7.....0...0....RB.3.7.0.3.B.9.F.F.5.D.A.4.6.A.1.F.C.2.E.E.A.A.1.D.1.7.2.B.4.8.0.6.6.9.F.1.C.C.F...1..A02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.w.l.h...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........p;...F.....r..f...0....RB.7.0.C.A.4.C.C.B.7.E.A.0.3.D.1.B.E.E.B.0.E.5.9.C.7.2.5.B.D.B.6.A.C.3.4.3.A.3.F...1..A02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.v.6.4...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.................Y.%...4:?0....RC.9.F.D.4.D.A.5.7.E.0.D.1.A.3.7.2.4.6.5
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Windows setup INFormation
                  Category:dropped
                  Size (bytes):5640
                  Entropy (8bit):4.815154939706102
                  Encrypted:false
                  SSDEEP:
                  MD5:F13167B49E40C5CA6671B85E5B36EDED
                  SHA1:C9FD4DA57E0D1A372465567012D79BE2A37B8691
                  SHA-256:3822346A9E749FF52F415D4F0B766B45212196053AACA5EDBCCB1BFF1C2D4FC2
                  SHA-512:EC0D5E259D355CA148157A14DEEB03EC8E297424817A41A17B879E14C0F610E389B43AAD9C62CFE0E2F01E4867900F7D5FF5CFD7E5ACA389FC133455A9DFDB8A
                  Malicious:false
                  Reputation:unknown
                  Preview:;***********************************************************************..; Copyright . 2000-2011 F5 Networks, Inc...;..; VPN adapter NDIS WAN/TAPI device installer script...;***********************************************************************....[version]..Signature = "$Windows NT$"..Compatible = 1..Class = Net..ClassGUID = "{4D36E972-E325-11CE-BFC1-08002BE10318}"..Provider = %VER_PROVIDER_NAME_STR%..DriverVer.= 03/22/2012,7061.2012.0305.1700..CatalogFile.NT = covpn10.cat....[Manufacturer]..%VER_VENDOR_NAME_STR% = Models,NTx86.6.0,ntamd64.6.0....;Vista and newer on x86 CPU only..[Models.NTx86.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.WLH,"F5_Networks_VPN_Adapter".. ..;Vista and newer on AMD/Intel 64 CPU only..[Models.ntamd64.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.WLH64,"F5_Networks_VPN_Adapter"......;****************************************************************************..; COWAN Main Install Section..;*************************************************
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Windows setup INFormation
                  Category:dropped
                  Size (bytes):8338
                  Entropy (8bit):5.143429115767423
                  Encrypted:false
                  SSDEEP:
                  MD5:09AB2B87A64EAB403984550AE9F51E9D
                  SHA1:22D90E6ABE306CF4A03A30327B70EE6722FA458D
                  SHA-256:AAB03BF2132A4C106A8CC6A77AC441338A976B044DB2163751C2DE514F43D245
                  SHA-512:032ED546D52E49FB0B9175F99E949C944CFB2E7440E67CEF04F5FB248462B771F6A791C71514C57F5F1C6C228C0B090245D26425F219EBA223170C8D61501BFB
                  Malicious:false
                  Reputation:unknown
                  Preview:;***********************************************************************..; Copyright . 2000-2011 F5 Networks, Inc...;..; VPN adapter NDIS WAN/TAPI device installer script...;***********************************************************************....[version]..Signature = "$Windows NT$"..Compatible = 1..Class = Net..ClassGUID = "{4D36E972-E325-11CE-BFC1-08002BE10318}"..Provider = %VER_PROVIDER_NAME_STR%..DriverVer..= 03/22/2012,7061.2012.0305.1700..CatalogFile.NT = covpndrv.cat....[Manufacturer]..%VER_VENDOR_NAME_STR% = Models,NTx86.5.1,NTx86.6.0,ntamd64,ntamd64.6.0....;For WinXP later..[Models.NTx86.5.1]..%VER_DEVICE_STR%" Adapter" = COWAN.Ndi.XP,"F5 Networks VPN Adapter"....;Vista and newer on x86 CPU only..[Models.NTx86.6.0]..%VER_DEVICE_STR%" Adapter" = COWAN.Ndi.WLH,"F5 Networks VPN Adapter".. ..[Models.ntamd64]..%VER_DEVICE_STR%" Adapter" = COWAN.Ndi.XP64,"F5 Networks VPN Adapter"....;Vista and newer on AMD/Intel 64 CPU only..[Models.ntamd64.6.0
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):9238
                  Entropy (8bit):6.917432343840214
                  Encrypted:false
                  SSDEEP:
                  MD5:8B798E797B7F295FD3E72AA2C792D519
                  SHA1:AAAB239C8640102F93080884658E50A8A02BC819
                  SHA-256:99F7C9191231E3435A9ACCF600653893965D66B0B27730ADF2F2DAD0D36275ED
                  SHA-512:DB604CAA74494AC74CAA9D4530BEA2981427C706D9644968967A7D38C2EFFA2AA7C66CB05A4E1ACAB2F454E44ED37DBB8DF28E5C9F88874EBD6A80E4E74904B7
                  Malicious:false
                  Reputation:unknown
                  Preview:0.$...*.H........$.0.#....1.0...+......0.....+.....7......0...0...+.....7......1.3..C....2..6..120403142005Z0...+.....7.....0...0....R0.6.4.0.1.1.8.F.D.E.1.3.B.5.D.4.7.2.8.C.A.A.9.5.6.8.2.5.A.4.1.8.4.2.7.B.7.0.C.1...1..M0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.d.r.v...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........@......r...h%..B{p.0....R2.2.D.9.0.E.6.A.B.E.3.0.6.C.F.4.A.0.3.A.3.0.3.2.7.B.7.0.E.E.6.7.2.2.F.A.4.5.8.D...1..G0>..+.....7...100....F.i.l.e........c.o.v.p.n.2.0.0.0...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........"..j.0l..:02{p.g".E.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R6.2.D.0.E.A.E.8.B.6.2
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):37456
                  Entropy (8bit):6.503576533464098
                  Encrypted:false
                  SSDEEP:
                  MD5:733267F0E5B393EFEB42E471A5C05E5B
                  SHA1:B0EFC8E7F997D62F8EB267DB007E624C65DD25D3
                  SHA-256:B3771E5842B1D853B1F42E57C7C8BFC9CE89CFD0A6563A94F38F73F80CAEC449
                  SHA-512:37071F90DA730A39D8F6652FCEBE70F4DEA2D7308AB41843E5888DD90FFA86D8071EAA902E94A3305F5EDD6CD3278768712212833221E6670B414E1DA6EEC934
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................@....G...G...G.]SG...G../G...G?.sG...G?.qG...G.]CG..G.]RG...G.]VG...GRich...G........................PE..L.....kO.................^...........b.......Z...............................x......~.......................................Hb..P....l...............x..P....r..L....[...............................\..@............Z..T............................text....S.......T.................. ..h.rdata.......Z.......Z..............@..H.data...p....^.......^..............@...INIT....`....b..
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (native) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):45776
                  Entropy (8bit):6.392476280136505
                  Encrypted:false
                  SSDEEP:
                  MD5:C3912689DF0AE9FFD353112BE6EF5BCF
                  SHA1:90CB5AF58B8ADDCA27227AEB3F4311E4AA100C9C
                  SHA-256:5F3B94A2CCC7444B1A639E5630B9B8CF1A3932BFF5563311AF4DE9FA61A5556E
                  SHA-512:B23D9657B57F4030678361FD76EA4B9C637590E56BF0B803B35687A3F2342ED11055B9A93AB458EDD4740B8DFA69AC7F85D7CD15484F2AF4DC415BFCCE30489B
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}4...g...g...g.".g...g...g...g."hg...g."ng...g."~g...g."bg...g."og...g."kg...gRich...g........................PE..d.....kO.........."......|...........................................................X......................................................d...P.......................P............v...............................................s...............................text....o.......p.................. ..h.rdata..d....s.......s..............@..H.data........}.......}..............@....pdata..............................@..HINIT................................ ....rsrc...............................@..B.reloc..<...........................@..B........................................................................................................................L..I.[.I.k VWATAUAVH..0H.a..H.A.H..I.C.CARD.....L...l..I.K.D....D$ }....)............H.D$`...
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):37456
                  Entropy (8bit):6.502049362639514
                  Encrypted:false
                  SSDEEP:
                  MD5:9F8831EF79E5FD7D39A470AC42741123
                  SHA1:DC4D106A429C4A3FEE49F9A7CD76781B9C68EC56
                  SHA-256:F603F890612E2FC4476066C8BD3CD2C1A77F1139CC4230752F40F3C176AE8788
                  SHA-512:92564924FE3CA16348960E4F8B38F92A48A240FFD4270F5BB7F95BE6167C032CB3C6D5E7F809372076B3B6997BDCF9A5EF72D307DD733E0D94EC91B699EF0010
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................T..b:..b:..b:..G..b:..b;..b:..A)..b:..W..b:..F..b:..B..b:.Rich.b:.................PE..L.....kO.................^...........b.......Z...............................x..............................................Hb..P....l...............x..P....r..L....[...............................\..@............Z..T............................text....S.......T.................. ..h.rdata.......Z.......Z..............@..H.data...p....^.......^..............@...INIT....`....b.......b..........
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):40528
                  Entropy (8bit):6.410884784964346
                  Encrypted:false
                  SSDEEP:
                  MD5:3DEEE767FE848697E0CD7E7374F12EA8
                  SHA1:1FECBBF938D323F1198A591B198C7E7A9BAA904A
                  SHA-256:810919754D1902FAC10A4041EEA4A47505406BA97F51A38E42E8D3374FF56587
                  SHA-512:2D186614D2B940CE13600F151A04C9464ACA95668FCD5CB6E5E2CD8A6F136A2CF50609A3351B74440F212275DCD6F93FC30EB154CEEAB25E32A6A9CFF0C8363F
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................M.u#..u#..u#..u"..u#...X..u#...^..u#...N..u#..._..u#...[..u#.Rich.u#.................PE..L.....kO.................h...........l.......b......................................b.......................................Hl..d....x..................P....~.......c...............................d..@............b...............................text....Z.......\.................. ..h.rdata.......b.......b..............@..H.data........h.......h..............@...INIT.........l.......l..........
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (native) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):43216
                  Entropy (8bit):6.412989601611674
                  Encrypted:false
                  SSDEEP:
                  MD5:871B8E307879F499C4CB73733BF675DB
                  SHA1:F6AE84E649A4CE48309B90D5ED14498BA8F520D2
                  SHA-256:E1B1FA77B3A948BDB4F2DD06C9FC0F3D58834E33229AE58FC9BF51149B903684
                  SHA-512:F39E3DDF2DBA5D89AD909BC2C10F7305A9102180A43069F1D96F679B73E4765E1BFBEC52688EF24E7FCAE98FA089DB537203E07F7F9BB78E732E79BAC3383654
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...8...8...8..0....8...9...8..kC...8..kE...8..0U...8..0E...8..kU...8..0I...8..0D...8..0@...8.Rich..8.........................PE..d.....kO.........."......s...........~.......................................................................................................~..<............z..,.......P............n...............................................l..x............................text....h.......h.................. ..h.rdata.......l.......l..............@..H.data........u.......u..............@....pdata..,....z.......z..............@..HINIT....H....~.......~.............. ....rsrc...............................@..B.reloc..<...........................@..B........................................................................................................L..I.[.I.k VWATAUAVH..0H.a..H.A.H..I.C.CARD.....L...d..I.K.D....D$ }....(............H.D$`...
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1802
                  Entropy (8bit):4.893860816310472
                  Encrypted:false
                  SSDEEP:
                  MD5:A513C57BB84B33C0DCA67369B4BCE8CE
                  SHA1:F74D6111DAAEA15F8CDF82F3D56968D5E1E8B4F3
                  SHA-256:91F9C8CB0DCC8EB659616B6EA19D3A3B37C7895CEA3156F64C2D8A459062D98E
                  SHA-512:1A85EAACEE3C47324B01961D04D79D03B4194D0117C84B01EE9B0D1DA18694B7C8FB6E45AC7FEAC4ADDD5A5E75DA983F2E7A9DFE01F73EDEB9140E9208CDD92F
                  Malicious:false
                  Reputation:unknown
                  Preview:To manually install F5 Networks VPN Adapter driver follow this steps....1) For Windows Vista, Windows XP, Windows ME and Windows 2000....Go to Control Panel folder and launch Add/Remove Hardware Wizard....Select Add new device and click Next...Choose I want select the hardware from list option...Select Network Adapters ...Click Have Disk button and browse for destination folder ....where you save the files...Select F5 Networks VPN Adapter from list of available adapters ....and click Next...After Wizard finished click Finish....2) For Windows 95/98 and WinNT 4.. Go to Control Panel folder and launch Network applet... Click Add button and select Add new adapter.. Click Have Disk button and browse for destination folder....where you save the files.. Select F5 Networks VPN Adapter from list of available adapters....and click Next.. ....You need Remote Access Service installed on your system.....Also it is highly recommend to upgrade MS Dialup networking to version 1.4 ..on your
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):214928
                  Entropy (8bit):6.652686016080596
                  Encrypted:false
                  SSDEEP:
                  MD5:84277E73D8BD6E317C1E3CE453D41AF1
                  SHA1:D5891F12A66E817FF4F9E04236CE4A08155A669D
                  SHA-256:8C252EA30B0F89554E665D93FB3F190C4AF7117B70635389810EE9D7AD1C8B45
                  SHA-512:6E8733AB0039BEF25CF6956B0E2D225037191C1FAE5D883DA9B8ABBB869BBD107A3878C40D3FF85BCD11F855CE0A2A379D981080BD2ED32A0251E67C0E2CAB83
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.....t...t...t./.w...t./.q...t.6.w...t.6.p...t.6.q...t./.p...t./.u...t.T.g...t...u...t...q...t...t...t.......t...v...t.Rich..t.........PE..L...._.d...........!.....0...................@...............................`.......X....@A................................l........ ...................-...0...%.....T...........................8...@............@..(............................text............0.................. ..`.rdata......@.......4..............@..@.data...............................@....tls................................@....rsrc........ ......................@..@.reloc...%...0...&..................@..B........................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):257936
                  Entropy (8bit):6.669257582308144
                  Encrypted:false
                  SSDEEP:
                  MD5:8D13BC845620E832415B43948E750AF8
                  SHA1:565CFAA54FD94BF6A19F4C0338BB0D71D14A90B5
                  SHA-256:C4B5AC17C7B43F360C991596D5CB8C33BCD95E36AD9AEA3A2CD565B56C2AD7BB
                  SHA-512:B24E10ACBD35ECDFDFFC4E682F382A0001137F5BC9BEE1604034F082305470BF21B55FDFB9D4A9D2262A4E742E30DEDFCA3712081F34C693137D696B70E8DB57
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M4...U|..U|..U|.+5...U|.+5y..U|...y..U|.2....U|.2.x..U|.2.y.*U|.+5x..U|.+5}..U|..U}..U|...y..U|...|..U|......U|..U...U|...~..U|.Rich.U|.................PE..L...._.d...........!.................+....................................................@A........................ ...l.......d.......X................-......p,...R..T....................S......HS..@............................................text...j........................... ..`.rdata..............................@..@.data................|..............@....tls................................@....rsrc...X...........................@..@.reloc..p,..........................@..B........................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (native) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):50072
                  Entropy (8bit):6.769836329115215
                  Encrypted:false
                  SSDEEP:
                  MD5:DB54C33A39B3E82633BAC99D3A158705
                  SHA1:CB2AEA85D530EC089C15DED641DF0733D5D4A0BF
                  SHA-256:6542CA28AFEFE14F9E5C789590A3390A397C16224E4FD97F82AB5535833C22A5
                  SHA-512:9F03BF647EAECD14D8C10798377352BA4ADD066337668AEC86C7E5EE090D1A99BC0A35DE6693D451949946BC90295DEAB203CD06FC68C563B0D6BE55E5118551
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VLK..-%..-%..-%..F#..-%..-$.&-%..F$..-%..F!..-%..F&..-%..Y-..-%..Y...-%..Y'..-%.Rich.-%.................PE..d......b.........."......X.....................@..................................... ....`A......... ......................................h...P............`.......r...Q......4...8C..8...........................pC...............@...............................text....-.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......>..............@..HPAGE...., ...p..."...@.............. ..`INIT....\............b.............. ..b.rsrc................j..............@..B.reloc..4............p..............@..B........................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (native) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):49560
                  Entropy (8bit):6.770563382852907
                  Encrypted:false
                  SSDEEP:
                  MD5:BF901F72700769492BEF37003AC8BAD9
                  SHA1:6846E7EEADD8FB8FDD0889FCAE6799A038A26ECA
                  SHA-256:82893F0E797869C0BA52DC130D7CAD7281AD1ED699FE93DFCF18F58893368C31
                  SHA-512:0F2AAAB6C5BD450C1AEC1B76F0DD2CFF58A55F5660EF488E56C72DB9BE74BA41B9EE6EA4952380976C53706DB2CD0345D6C509584FDF5591D2F8219CFA720201
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.:A!.T.!.T.!.T.5.R.&.T.5.U.&.T.!.U...T.5.W.$.T.5.P.'.T...P.$.T..... .T...V. .T.Rich!.T.................PE..d......b.........."......L... .................@....................................q.....`A....................................................P............`.......p...Q......4....F..8............................F...............@...............................text...*%.......&.................. ..h.rdata.. ....@.......*..............@..H.data........P.......:..............@....pdata.......`.......>..............@..HPAGE.........p.......B.............. ..`INIT.................`.............. ..b.rsrc................h..............@..B.reloc..4............n..............@..B........................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):42392
                  Entropy (8bit):6.9680531885205
                  Encrypted:false
                  SSDEEP:
                  MD5:7350F9E24DFB5B5762BFDE488F63EB14
                  SHA1:E797E313F207D99D63BEF90B5C6AA07A87FFCB64
                  SHA-256:E5869C79DAA6B3D3856BB20C5347810F95A4E6FFA15E26587A5055E4530891EF
                  SHA-512:8E1C844A9D5A7BFAD99448169168004E2C0C25D1A9DE44EDDFB16B71B42981A2165CFB3CF61235E63F7B08C390DF6EF385C13D849C32565775D15184369EE8D5
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.L..."..."..."...$..."...#..."...#.4."...&..."..&...".....".. ...".Rich..".........PE..L......b.................>...........p.......0....@.......................................@E................................Hp..d....................T...Q......X...X2..8............................2..@............0...............................text............................... ..h.rdata.......0......."..............@..H.data........@.......(..............@...PAGE.........P.......*.............. ..`INIT.........p.......B.............. ..b.rsrc................J..............@..B.reloc..X............P..............@..B................................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):317328
                  Entropy (8bit):6.4007319515592656
                  Encrypted:false
                  SSDEEP:
                  MD5:FC36A4D74E5757F633B0B2FB3583700D
                  SHA1:B9AC02B9F24C6CDE78331F24E89BA753D3F2E634
                  SHA-256:72E48541351A989352669E295573C4D7281791D00DCF45E169F7C592F1852283
                  SHA-512:87801AE1BA213E4783890E602D1876DFF50FCF3EFD30D54C1EEC4B06EFEA2D34E7725EE74175078F93D1B30EE7ABE5C27A536AB86FB9C201D862F6765A4C0AA7
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.[]...]...]...It..P...It..Z...It......1k..O...1k..T...1k..r...It..L...]........k.._....k6.\....k..\...Rich]...........................PE..d...._.d.........."......P...j......Pd.........@....................................Q.....`..................................................a..........8................-......p...0...p.......................(.......8............`..x............................text...,O.......P.................. ..`.rdata.......`.......T..............@..@.data.... ...........f..............@....pdata........... ...t..............@..@_RDATA..............................@..@.rsrc...8...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (GUI) Aarch64, for MS Windows
                  Category:dropped
                  Size (bytes):329616
                  Entropy (8bit):6.303665513894844
                  Encrypted:false
                  SSDEEP:
                  MD5:0694E6D1E75867442A6E25E8D38128DF
                  SHA1:E5C95701CAE93128B3FEE3363BE42DF5A4ED77CD
                  SHA-256:CCD139951E35E38DED3EC60C693F980F387186FF5F5059426072C9DD178E7E89
                  SHA-512:FC3D49EF56C0E3D113D15A9AD71809738548FFDD0729C9845EB517CC6309934CAEDBD233F192755E6BEF14792DC26003C9CF0C4B34E0C727BF924ACBE5165CE5
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%..XD.LXD.LXD.LL/.MZD.LL/.M.D.LL/.MVD.L40.MJD.L40.MQD.L40.MuD.LL/.MID.LXD.L.D.L.0.MZD.L.0eLYD.L.0.MYD.LRichXD.L................PE..d...._.d.........."......b.....................@............................. .......f....`.................................................D...........8........!.......-......X....#..T....................%..(...0$..8...............p............................text...<a.......b.................. ..`.rdata..D,...........f..............@..@.data...............................@....pdata...!......."..................@..@.rsrc...8...........................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):227728
                  Entropy (8bit):6.59952375867537
                  Encrypted:false
                  SSDEEP:
                  MD5:F9D1E6428A59AC5E7B68862D20B52C72
                  SHA1:64451EBAB7F71C51B3EDC06CF8247931DAE1EA6F
                  SHA-256:26B1595CB1E2BCCA2E7F28D9BB32F39C7D9F113193A4F3C306CDDB3E5CA4E30F
                  SHA-512:4A9E5AFAD44F2B3F3C7B915E1DB48026607C7E020C5581FF0E523AF606522ED56C8BE20CB4C9FC05A77A0E9A64E671AD5D7C46554DBB6DB744F3636DE1FB7DA2
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^........................................................................m.............Q.............Rich............PE..L...._.d.....................N............... ....@.................................2o....@..............................................h...........L...-...p..."......T...........................8...@............ ..X............................text............................... ..`.rdata....... ......................@..@.data...,...........................@....tls................................@....rsrc....h.......j..................@..@.reloc..."...p...$...(..............@..B........................................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):74128
                  Entropy (8bit):5.337108882833322
                  Encrypted:false
                  SSDEEP:
                  MD5:44DE2C081DCF94A49913059F713F65BE
                  SHA1:EEB682A542FDBB1AEB8D15B01C9CB508C13B1397
                  SHA-256:8043D4DE94B5EFF762F489996CF6CC6F05CF4F8ADB4FB9CE5E094E27CC4C01ED
                  SHA-512:95B9955AE7E49B4906AD2334FF2863F720135A708EB23D7A9AEB086C2F66FF9859A523176540AAE79FADF9626BB7477D2245B126D9433D59AAA9734B7FA4DD42
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s...s...s.......r...s...r.......r...Richs...........PE..L...._.d...........!................................................................eO....@.......................................... ...................-..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@....._.d........|...T...T........_.d........................._.d........T...........RSDS.....Y.D....CJ......G:\cc-builds\apmclients724x-win\1431747\src\rh\vpn\ActiveXDialer\out\Release\f5ActiveXDialerRes.pdb.............................T....rdata..T........rdata$zzzdbg.... ..0....rsrc$01....0-.......rsrc$02....................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):21
                  Entropy (8bit):3.0104340890333376
                  Encrypted:false
                  SSDEEP:
                  MD5:F523EAF68A478C6D24EA689E75E8C996
                  SHA1:E31339399A5E9EB4270A09598339F0FBA759187E
                  SHA-256:73FA0546693D81B34C17E677DA1A4C7470675035CBF7687E26185FAED5D5EDFB
                  SHA-512:EEC863FF888E08E53C426E3783A3D68D4657F56522C5FFD868ED934526D15B8243686B04313F0A0CFB74EF00CDB2639184A6BF88D5246461F8C30699112B6FCB
                  Malicious:false
                  Reputation:unknown
                  Preview:7061,2012,0305,1700..
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):2197392
                  Entropy (8bit):6.552948387916146
                  Encrypted:false
                  SSDEEP:
                  MD5:278781E9719A59C3CF38452A928005D9
                  SHA1:8E3428550844B5A7871BAEFD1CCE9D7DD56C5258
                  SHA-256:5D7D5A6AE3F540FFBAEB5026C6FC0C1742F8C9FF53CCB4A90B9714CF23D02370
                  SHA-512:029D3A4F0B334DECB1656CEBAEC654A2A75BD08AED1D91D9ABFD123D3A74541E1EBCBE83BB3F16D6C85A51D3F6CCDC8939EF34DA52283E86AA57AF9CF28E796D
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..U-.}.-.}.-.}...~.4.}...y.8.}...x./.}...x...}...{.#.}...~.5.}...y.9.}...x.O.}...|...}.-.|...}...x.*.}....,.}.....,.}.Rich-.}.........PE..L....Y.d............................P.............@...........................!......>"...@..................................5..T........]...........Z!..-......4...P...T...............................@............................................text............................... ..`.rdata...z.......|..................@..@.data........p.......Z..............@....tls.........p......................@....rsrc....].......^..................@..@.reloc..4............R..............@..B........................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):997264
                  Entropy (8bit):6.580675917419389
                  Encrypted:false
                  SSDEEP:
                  MD5:D340A86DA682E365D861BD5975C6FA93
                  SHA1:4009D62D5712E25604A0F59A3F6B358CA61F1757
                  SHA-256:027824A791DB610B063A791A98D78FBB84ECB768D452DFACA42B301D8978F042
                  SHA-512:D861CDEB7290951D03585D21CB4E6CF94058A0B42A9F2B3BD7AD09C4576EFDA3E953B8B87817D354C3DD7BD1F348A34EE915B58A04667A3EDA6672D39EDF5CCF
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......B0IA.Q'..Q'..Q'.$1$..Q'.$1"..Q'......Q'.=.$..Q'.=.#..Q'.=."./Q'..."..Q'.$1#..Q'.$1!..Q'.$1&..Q'..Q&..P'...#..Q'..."..Q'...'..Q'......Q'..Q...Q'...%..Q'.Rich.Q'.........PE..L... [.d...........!.....h...................................................P.......U....@A....................................,....0...................-...P..........T...........................(...@............................................text....g.......h.................. ..`.rdata...............l..............@..@.data...<...........................@....tls......... ......................@....rsrc........0... ..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):218512
                  Entropy (8bit):6.6511007193173715
                  Encrypted:false
                  SSDEEP:
                  MD5:64206BB5164B21C6F0977237BA5EAB71
                  SHA1:148DBAB773D523DA5846110D5C217958DA082161
                  SHA-256:E8A49FB124A7BAB264A76452F12A6DFE192B7599FC1F1D22415AB7570F0F79F6
                  SHA-512:AAC2B8813F94DCF43A633AED9D22A4A3A5F254C3FE95573DDFC80655D2E1A1DE3C06D4EA24214E454A12CD5E9660EEDBDEDEB7EF422CEBCA6248E1DF8DF0CF39
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........J...$...$...$...'...$...!.m.$... ..$...'..$... ..$...!..$...!...$...%..$...%..$.`.-...$.`.$...$.e....$.......$.`.&...$.Rich..$.........................PE..L....U.d...........!......................... ...............................p............@A....................................x.......0>...........(...-...@..P".. ...p..............................@............ ..0............................text............................... ..`.orpc...c........................... ..`.rdata..(.... ......................@..@.data...x...........................@....tls................................@....rsrc...0>.......@..................@..@.reloc..P"...@...$..................@..B........................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Windows setup INFormation
                  Category:dropped
                  Size (bytes):801
                  Entropy (8bit):5.256625677768919
                  Encrypted:false
                  SSDEEP:
                  MD5:09C5ED186785B63A8E202CC4FB41FD96
                  SHA1:C50493C62C5733BBDECC86DFE9EFD72CE4956E6E
                  SHA-256:C1061730889320D7848ED98945EEB89F4D4E10214AF01DB7796BBB6C01424438
                  SHA-512:72FDCC39C33E8A8F90C70A9ED2F6586E4F2805C41234BEAB212BC8AE5567708644984AC3D4B086ECB46CBBEA270D798217DFEFEDC2A444BAF596BC707EE06D5E
                  Malicious:false
                  Reputation:unknown
                  Preview:[version]..signature="$CHICAGO$"..AdvancedINF=2.0....[Add.Code]..urxhost.dll=urxhost.dll..urxhostres.dll=urxhostres.dll..F5ElHelper.exe=F5ElHelper.exe..F5ElHelper.dll=F5ElHelper.dll..F5ElHelper64.dll=F5ElHelper64.dll....[Deployment]..InstallScope=user|machine....[urXHost.dll]..file-win32-x86=thiscab..clsid={E0FF21FA-B857-45C5-8621-F120A0C17FF2}..RegisterServer=yes..FileVersion=7243,2023,718,858..UserEntryPoints=yes....[urxhostres.dll]..file-win32-x86=thiscab..FileVersion=7243,2023,718,858..RegisterServer=no....[F5ElHelper.dll]..file-win32-x86=thiscab ..FileVersion=7243,2023,718,858..RegisterServer=no....[F5ElHelper64.dll]..file-win32-x86=thiscab ..FileVersion=7243,2023,718,858..RegisterServer=no....[F5ElHelper.exe]..file-win32-x86=thiscab ..FileVersion=7243,2023,718,858..RegisterServer=no..
                  Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:modified
                  Size (bytes):509840
                  Entropy (8bit):6.681687040363451
                  Encrypted:false
                  SSDEEP:
                  MD5:911814550210F47D6EDB9E2A2F07D215
                  SHA1:BD21583C0278379B95EA61C374876202D857099C
                  SHA-256:7851CEAB411580BC4F02CF62B18F3EEA4D2EFE8AD46F4E14889BC82B9566C343
                  SHA-512:52E77AA95DB64B7EE56D12117B0667931DE6929CE3D98766ED1C42806EB3539F627FDE16A465449CC26ED91EA552289F062CA60B9C49C2EFFC4BEC4581E7C478
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.b.b...b...b...@...o...@.......Y...v...Y...r...Y...F.......`...@...`...@...q...@...{...b...........a.......c......c.......c...Richb...................PE..L...bZ.d...........!.....b...@......P...............................................P.....@A.........................................`..p................-...p...r..p...T...................$..........@...............\............................text...j`.......b.................. ..`.rdata...............f..............@..@.data....4.......*..................@....tls.........P......................@....rsrc...p....`....... ..............@..@.reloc...r...p...t...&..............@..B........................................................................................................................................................................................................................................
                  Process:C:\Windows\Downloaded Program Files\f5vpn.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):28079
                  Entropy (8bit):5.028246438279467
                  Encrypted:false
                  SSDEEP:
                  MD5:12231B91574E1975FC437F08B5B8E107
                  SHA1:D381D76BA20BEA0A27F961146944B1A7E402C6C3
                  SHA-256:85A7EDB36EA7767100FE87730621A91628EDFCDF191F20FC7A121E884794F6CF
                  SHA-512:1A94B238DC1D9CC1C68429FCBB551865953E4A90EB6869FB7E623732F519C4BE4CD35954C437778B019AC26846799F1D77B2202D6E49C244B7AEA08B95939BF9
                  Malicious:false
                  Reputation:unknown
                  Preview:OS Name: Windows 10 Enterprise..Version: 6.3..Build: 19045..Type: Multiprocessor Free (4 Logical Processor(s))..Primary UI language: 0x9..Short Name: Win1064..WOW64....2025-04-01,19:24:22:886, 6152,6280,, 0,,,, ..2025-04-01,19:24:22:886, 6152,6280,, 0,,,, =====================================..2025-04-01,19:24:22:886, 6152,6280,, 0,,,, Location: C:\Windows\Downloaded Program Files\f5vpn.exe..2025-04-01,19:24:22:886, 6152,6280,, 0,,,, Version: 7243.2023.718.858..2025-04-01,19:24:22:886, 6152,6280,, 0,,,, Locale: en-CH..2025-04-01,19:24:22:886, 6152,6280,, 0,,,, =====================================..2025-04-01,19:24:22:886, 6152,6280,, 0,,,, ..2025-04-01,19:24:22:886, 6152,6280,, 48,,,, current log level = 63..2025-04-01,19:24:23:014, 6152,6280,, 2, \f5/system/Process.h, 154, f5::system::getProcessNameByID, OpenProcess() failed (PID, error), 4, 5 (0x5) Access is denied...2025-04-01,19:24:23:014, 6152,6280,, 2, \f5/system/Process.h, 154, f5::system::getProcessNameByID, OpenProcess
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):627
                  Entropy (8bit):4.811279082682799
                  Encrypted:false
                  SSDEEP:
                  MD5:D6D46493211391DA014B017DCB560A24
                  SHA1:55965D9C76D9BA021540AB173BA1D022BB8CCE45
                  SHA-256:AC9A6723F75C4F46E4375B7EF17316BD40DC0A581DE850962489714912B309A8
                  SHA-512:BE175E6BF28B9E2E6F46E45BC73248C251D08A32AE128F419D09595236855B737A90F3AB59DDE85D2742F2FCA83945E0FDB8B2D3F59A9B36F0D88A17B986712F
                  Malicious:false
                  Reputation:unknown
                  Preview:OS Name: Windows 10 Pro..Version: 6.3..Build: 19045..Type: Multiprocessor Free (4 Logical Processor(s))..Primary UI language: 0x9..Short Name: Win8.164....2025-04-01,19:24:20:731, 2424,6352,, 0,,,, ..2025-04-01,19:24:20:731, 2424,6352,, 0,,,, =====================================..2025-04-01,19:24:20:731, 2424,6352,, 0,,,, Location: C:\Windows\System32\MsiExec.exe..2025-04-01,19:24:20:731, 2424,6352,, 0,,,, Locale: en-CH..2025-04-01,19:24:20:731, 2424,6352,, 0,,,, =====================================..2025-04-01,19:24:20:731, 2424,6352,, 0,,,, ..2025-04-01,19:24:20:731, 2424,6352,, 48,,,, current log level = 63..
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:ASCII text, with CRLF, CR line terminators
                  Category:modified
                  Size (bytes):64973
                  Entropy (8bit):5.463742593192846
                  Encrypted:false
                  SSDEEP:
                  MD5:A2F6F1F76AAFA4B49942151B7B517A8C
                  SHA1:0E5421376D866106AB5B3B08FE9D6F320EE13941
                  SHA-256:3FE8EFCB85C0BB4836A522126B8022DF922211B9D95BE178AA8E9752ADFA8DFF
                  SHA-512:B4A5CAA6B2081D4BC4CD3E58107A0F5DB4CDB483E1A6D81FF316D76C8A8A2C808E72E829F3454A32E097C1F1875CCCD9996DB38232365237F2A66025E5F0F9E1
                  Malicious:false
                  Reputation:unknown
                  Preview:OS Name: Windows 10 Enterprise..Version: 6.3..Build: 19045..Type: Multiprocessor Free (4 Logical Processor(s))..Primary UI language: 0x9..Short Name: WinVI64..WOW64....2025-04-01,19:24:10:898, 6616,6768,SETUP, 0,,,, ..2025-04-01,19:24:10:898, 6616,6768,SETUP, 0,,,, =====================================..2025-04-01,19:24:10:898, 6616,6768,SETUP, 0,,,, Location: C:\Windows\syswow64\MsiExec.exe..2025-04-01,19:24:10:898, 6616,6768,SETUP, 0,,,, Locale: en-CH..2025-04-01,19:24:10:898, 6616,6768,SETUP, 0,,,, =====================================..2025-04-01,19:24:10:898, 6616,6768,SETUP, 0,,,, ..2025-04-01,19:24:10:914, 6616,6768,SETUP, 48,,,, current log level = 63..2025-04-01,19:24:17:822, 2960,988,SETUP, 0,,,, ..2025-04-01,19:24:17:822, 2960,988,SETUP, 0,,,, =====================================..2025-04-01,19:24:17:822, 2960,988,SETUP, 0,,,, Location: C:\Windows\syswow64\MsiExec.exe..2025-04-01,19:24:17:822, 2960,988,SETUP, 0,,,, Locale: en-CH..2025-04-01,19:24:17:822, 2960,988,
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):530320
                  Entropy (8bit):6.5803655216505526
                  Encrypted:false
                  SSDEEP:
                  MD5:3E9C46E3A9020CD0015F6B16F74B46F8
                  SHA1:79127C8AA08BDF467BC98340D04477183D2E0FD0
                  SHA-256:D03680FEB3CE0EA3CC7B62CD32CB2C100D2A2F7F9A1DC0639BDB945E876B993E
                  SHA-512:0FC3241C96CC5D47992D6DA674273F1A883432DDA70857B7B5A23E0A23C71654862C5A0C46885EEC4182FC7088043EE55EA1B45B8C9764911B4B1348E9D73260
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=..y..y..y..[...t..[......[...k....z..B...m..B...I..B...j..[...x..[...f..y.......b...X.x....x..Richy..................PE..L....U.d.....................^....................@..........................0............@.....................................,....p...<...............-......px......p...........................P...@............................................text.............................. ..`.rdata..............................@..@.data...P"...0......................@....tls.........`.......0..............@....rsrc....<...p...>...2..............@..@.reloc..px.......z...p..............@..B................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):250768
                  Entropy (8bit):6.275178276127356
                  Encrypted:false
                  SSDEEP:
                  MD5:84408139AF50719F6DDC2639D2677815
                  SHA1:89E0482B9B0C2C590C7F3E199678B4C519258620
                  SHA-256:6E1843E4C3E8A6E46FCBF012077BD52AE1F302068F3628C0702E86A93E709994
                  SHA-512:954557C26C8B8225406384792349277200F691C0349F4080B29DB9807A4228D7066240FE001A22A7FF28A776F79BB9CC964142F346020FBDA1B1C499E69B3BD0
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........El..+?..+?..+?../>..+?..(>..+?...>..+?..(>..+?../>..+?...>..+?u..>..+?..*>..+?..*?..+?..">..+?..+>..+?...?..+?..?..+?..)>..+?Rich..+?........................PE..d....U.d.........." ................................................................P.....`A........................................@3.......4..x.......0>......,........-..........@...p...................H...(....................0..x............................text............................... ..`.orpc........ ...................... ..`.rdata..L....0......................@..@.data...."...P.......*..............@....pdata..,........ ...:..............@..@.tls.................Z..............@....rsrc...0>.......@...\..............@..@.reloc..............................@..B................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1317776
                  Entropy (8bit):6.29985654206837
                  Encrypted:false
                  SSDEEP:
                  MD5:A8FADC9A889949AA2FEFE3291887A5C3
                  SHA1:9605F39CF664FE80EEC77601A52AD7DADEE90BF1
                  SHA-256:DE78647EF74D188986F65839972BE6247D63B2B028ED65CDE2D8AAC5091E6B3C
                  SHA-512:FA6656814C97F71453E06FBFE622E5BF772C62F087EA49754A04A496727F4AD9966F2061CCEC915B12D25C3F2F48D40EACDA0771CF169B363D0861291896E446
                  Malicious:true
                  Reputation:unknown
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0F..cF..cF..cd..b...cd..bP..c..bB..c}..bP..c}..b...c}..bb..c...bB..cd..bI..cd..b@..cd..b[..cF..c+..c..bN..c.-cG..c..bG..cRichF..c........................PE..L....[.d.................T...................p....@..........................@............@.....................................,.......X................-...`..........p...................\...........@............p...............................text...3S.......T.................. ..`.rdata.......p.......X..............@..@.data....w.......f..................@....tls.................^..............@....rsrc...X............`..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):249232
                  Entropy (8bit):6.636203333111193
                  Encrypted:false
                  SSDEEP:
                  MD5:9FF9D60AADEE1FEFD8E010FF0F3DFB00
                  SHA1:5177FF21FE7C4014868DF077CECDFAFAB6D4EB71
                  SHA-256:E57A26C32ECBC3F242BA2A828C26819A75D90C81C26A3B87EAC3A02384F5B6AF
                  SHA-512:FA998405809EBFC16C6CA6E3A20FAA65E55E40A000835AD030AA622D0E082D5C3E9A08FFF54684C2E2534C6FAE5DA103DF7E6B7422A47A8D05E2C405328B1332
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`f.Y...Y...Y...{a..S...{a......b_..H...b_..O...b_..W...{a..J...{a..Z...Y........_..V...._..X...._..X...._..X...RichY...........PE..L....Y.d...........!................0.....................................................@A.........................^......Lo..(........................-......4&..pU..T............................U..@............................................text...;........................... ..`.rdata..^...........................@..@.data................f..............@....rsrc................r..............@..@.reloc..4&.......(...x..............@..B........................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1706384
                  Entropy (8bit):6.555697428446486
                  Encrypted:false
                  SSDEEP:
                  MD5:4DB8A429C1ACE3790CEAF7B9940A89AC
                  SHA1:CA66798EE145E53480A07C5A15775F506C51C985
                  SHA-256:1D67D036E2B2FA1F5A98DE5D953A569572ED5A2F07CFC3F6C02F3B0370D3EAA6
                  SHA-512:0A2F7140DFF466FC29D0C50769BB65560B5CCC69AACC7F4E9817E0FC3837C504B5486742E56D701E5A06491C5063250F009ED6438014FDECAA1FFAE3405FEFEE
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._9...X`..X`..X`.98c..X`.98e.X`. .c..X`. .d..X`...e..X`.98f..X`.98d..X`.98a.8X`..Xa..Y`. .e.)X`..i.1X`..`..X`.....X`..b..X`.Rich.X`.........PE..L...._.d...........!.....J...........p.......`............................... ......V.....@A.........................D..,....E..T....`..H................-...`...... ...p...........................x...@............`..T....B..`....................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data...h....p.......X..............@....didat..\....@......................@....tls.........P......................@....rsrc...H....`......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):1457040
                  Entropy (8bit):6.644677473310041
                  Encrypted:false
                  SSDEEP:
                  MD5:275A369AF858DE0F54398BC351B3F0C4
                  SHA1:B63C757968802B290FBED5B163B07FB2BAE46216
                  SHA-256:1337B5462B72E51D7F3058E42F8C99D9AB5F5BE03F070BF4163976FB279C049F
                  SHA-512:F7838F328C554C6977DEDB1EBAD58D557774D9AF40D2C84D2AAFED99DF142004857AFCEB79DD6596DE2A9734938D83C315A67FD45612C49E54A7C21FEBED5C18
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........l..d..d..d.....d......d.....d..:..d..:..d..#:..d..:..d..Q=..d.....d.....d..d..Oe..#:..d..#:..d..&:..d..d..d..#:..d..Rich.d..................PE..L....U.d...........!.....H...........h.......`...............................`......N......A.........................,.......-..h........(...............-.......F..@...p...............................@............`...............................text...FG.......H.................. ..`.rdata..t....`.......L..............@..@.data....h...`...Z...@..............@....tls................................@....rsrc....(.......*..................@..@.reloc...F.......H..................@..B........................................................................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):132496
                  Entropy (8bit):5.0897854097099815
                  Encrypted:false
                  SSDEEP:
                  MD5:FEAD441558FA715C6FEAE99026E8FAC4
                  SHA1:B3D1A71AC2072F9B34F3ED34207DD81E08230929
                  SHA-256:1197E76F47F2AF172F72FCEC28F2CA5F82FE930FE05A5BF3486AF482F939E6B6
                  SHA-512:F6A56BC506907508DD0CD3475BC7BC0E9EC22FC14A09A26006994E053019F97B8B42E20BEC848937050068C8D9000FCF022F22EDFB1F4DA6505A0AB293EA7BDD
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s...s...s.......r...s...r.......r...Richs...........PE..L....U.d...........!................................................................^................................................ ...................-..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@.....U.d............T...T........U.d.........................U.d........T...........RSDSP..Y...D.tXm#1%.....G:\cc-builds\apmclients724x-win\1431747\src\rh\TerminalProxy\ActiveXHost\out\Release\f5ActiveXHostRes.pdb...............................T....rdata..T........rdata$zzzdbg.... ..`....rsrc$01....`9.......rsrc$02............................................................................................................................................................................
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Windows setup INFormation
                  Category:dropped
                  Size (bytes):582
                  Entropy (8bit):5.34908616088762
                  Encrypted:false
                  SSDEEP:
                  MD5:3AF8693AE9E020A35CCC5D62BF17D1FF
                  SHA1:9D9B1770FF7CAB5C9EB04B868A04775CC04663F4
                  SHA-256:5F4B756AF46F5AD92A15033865FCB9DAFC488F3C5E0124B4B3C2EF8ACD5C5CA9
                  SHA-512:BEAAC8D78DE4E46FEF8AC40AB224B200361FB437CAF3F87DB59944053BBB8CC4C8D6FEBC3A8C4F98F84500DEEFD6FEC582104FE166F9517754EBABDB1AA01C18
                  Malicious:false
                  Reputation:unknown
                  Preview:[version]..signature="$CHICAGO$"..AdvancedINF=2.0....[Add.Code]..urSuperHost.dll=urSuperHost.dll..f5LogViewer.exe=f5LogViewer.exe..f5vpn.exe=f5vpn.exe....[Deployment]..InstallScope=user|machine....[urSuperHost.dll]..file-win32-x86=thiscab..clsid={CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7}..FileVersion=7243,2023,718,858..RegisterServer=yes..UserEntryPoints=yes....[f5LogViewer.exe]..file-win32-x86=thiscab..FileVersion=7243,2023,718,858..RegisterServer=no..UserEntryPoints=no....[f5vpn.exe]..file-win32-x86=thiscab..FileVersion=7243,2023,718,858..RegisterServer=no..UserEntryPoints=no..
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:Windows setup INFormation
                  Category:dropped
                  Size (bytes):1180
                  Entropy (8bit):5.2983927205824415
                  Encrypted:false
                  SSDEEP:
                  MD5:0F79B3ABFDEF4951DCAAFA03B3F73610
                  SHA1:7D29E82964EE35D01216187DDB82D158BE4475C9
                  SHA-256:0C24D58147428FDDEECFD5ED676D1284C84AAF4C012F95F66FE232F188BC5723
                  SHA-512:D0CC86DDA6AF82A387AEB51798C0E138943DE457F7728E730DFA0AC38577BF3D4329E93DA4D1D286524330759C05A2188296E32D2E521871BA7D05BDE6324A59
                  Malicious:false
                  Reputation:unknown
                  Preview:[version].. signature="$CHICAGO$".. AdvancedINF=2.0..[Add.Code].. .adapter=adapter.. .urxdialer.dll=urxdialer.dll.. .urxdialerres.dll=urxdialerres.dll .. .urxvpnad.tag=urxvpnad.tag...ursetvpn.exe=ursetvpn.exe...setupdrvdll.dll=setupdrvdll.dll ... F5Win32CheckHelper.exe=F5Win32CheckHelper.exe.. F5Win32CheckHelper.dll=F5Win32CheckHelper.dll...scew_uls.dll=scew_uls.dll....[urxvpnad.tag].. .file=ignore..[ursetvpn.exe].. .file=ignore..[setupdrvdll.dll]...file=ignore....[urxdialerres.dll]...file-win32-x86=thiscab ...FileVersion=7243,2023,718,858...RegisterServer=no....[urxdialer.dll].. file-win32-x86=thiscab.. clsid={2BCDB465-81F9-41CB-832C-8037A4064446}.. FileVersion=7243,2023,718,858.. RegisterServer=yes....[adapter].. .hook=setupadapter.. .....[setupadapter].. file-win32-x86=thiscab.. run="%EXTRACT_DIR%\ursetvpn.exe" /q ....[F5Win32CheckHelper.exe]...file-win32-x86=thiscab ...FileVersion=7243,2023,718,858...RegisterServer=no....[F5Win32CheckHelp
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):9068192
                  Entropy (8bit):6.69108482416884
                  Encrypted:false
                  SSDEEP:
                  MD5:BC1EA39856AA3F474E5892F5DDD50BF9
                  SHA1:DECB1F000485B14BFA13DD0900E1E79832859321
                  SHA-256:3BB23450CC1B190CC95235C3B527FAB55E2206E2F036FD7A2C63E57D615D0AC9
                  SHA-512:F5BE7975658ACBFEE319A990D9C0BAC53EF3070015E5864D11EACCBFDE4ED13CB9B3A2B66F84FF5867F61A4832A8AF29A08DC33A23BEA7BB7FC4BEBD94C12526
                  Malicious:false
                  Reputation:unknown
                  Preview:...@IXOS.@.....@.{.Z.@.....@.....@.....@.....@.....@......&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..BIG-IP Edge Client..f5fpclients.msi.@.....@...H.@.....@......icon.ico..&.{F2489D24-E7C7-4BD8-9D9B-933153C62330}.....@.....@.....@.....@.......@.....@.....@.......@......BIG-IP Edge Client......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{1FDD76FE-AC12-4C83-BE85-9F997D574EDC}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..&.{1FDD76FE-AC12-4C83-BE85-9F997D574EDC}...@.....@.......@#....@.....@.]....&.{C8364D8B-2E12-443E-A5B9-57B31D020598}*.C:\Windows\SysWOW64\F5InstallerService.exe.@.......@.....@.....@......&.{E3878270-33D5-4DC7-B7F4-84CC2D6AB810}$.C:\Windows\SysWOW64\F5CredMgrSrv.exe.@.......@.....@.....@......&.{8C1382BF-B240-4F12-9E9F-B694205CD979}...@.......@.....@.....@......&.{73483232-DFAA-4530-8DB2-CF46F76D4052}#.C:\Windows\SysWOW64\f5netprov64.dll.@....
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                  Category:modified
                  Size (bytes):215440
                  Entropy (8bit):6.6251185104463275
                  Encrypted:false
                  SSDEEP:
                  MD5:ABD2E801CAE365912285581B1EA53B41
                  SHA1:569D5316CB355D89857C4E195326ED8F68EA678B
                  SHA-256:36FB8AF6616908B273F3354CD6D7551E7BD3E76C98E6D0D309C37777566AA889
                  SHA-512:EEDD29B61C554FB41E39E406FCFB422B6C6AD06CD14BA8B8169A830B8BF6BED84C32224B33A4AECD491D0055FA1C8431BDBCB0ABF1CFCB84F21A280A8C413ECC
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........Re,R3..R3..R3..pS.~_3..pS.~.3..im.~F3..im.~B3..im.~v3...j.~P3..pS.~P3..pS.~A3..pS.~E3..R3..K2...m.~Q3...m.~S3...m..S3...m.~S3..RichR3..........................PE..L...bZ.d...........!......................... ...............................p.......G....@A............................x.......d....0..p................-...@...)..p...T...................$..........@............ ...............................text............................... ..`.rdata....... ......................@..@.data....3.......(..................@....tls......... ......................@....rsrc...p....0......................@..@.reloc...)...@...*..................@..B................................................................................................................................................................................................................................
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):2.634795758826229
                  Encrypted:false
                  SSDEEP:
                  MD5:1EFF258B3B7936DA6EA8B955607A9E8F
                  SHA1:19BCB70DA471CEE0C685A2E8A8C9375D82F76CCA
                  SHA-256:ECFD7E4EFC286206873A1B5E858BAC79E4BF1DB0B6455D7C0E17208BE8F9A411
                  SHA-512:C187200EDD3EBFA37188071DBD460CAF417D8F51407B3D8142953CFFA5759A86CAE0D3736335C085942D737EB8656BD21519D8613CC9EF20A8F15E8D8F27C0C8
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):20480
                  Entropy (8bit):1.8933655376939689
                  Encrypted:false
                  SSDEEP:
                  MD5:4B1C079611827F8DA87B23DD83BCE1E6
                  SHA1:149999FF4EE051E278ACB654E5C6D4D1B743B557
                  SHA-256:759E2F9C16BDD4E0498F050F83B7D6E8C21F7E4A5EA81FE1730070093E4DC5ED
                  SHA-512:E49705DFABED5723D7544440264A8063528114E896499E1B20F2A578935A9B9AC2616E3E1D792098AB0123E07BC49934A8ED2DC9B8A4E95B3E1DF788967374DF
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):403157
                  Entropy (8bit):5.359750654291887
                  Encrypted:false
                  SSDEEP:
                  MD5:0005347EDB56BF022F6B08D7E5404616
                  SHA1:569F8E432194242785915A6FB393D6A72379E83B
                  SHA-256:3E816127F16B47FB9D893CEEA81079F3022265138978FC339043FE62C6E86F86
                  SHA-512:AB9AC2F309ACF1D93C5C0B92BAFB34180296B02F0B001301A3B12A465F8C5D7DDA0ACD027710B8864D1B5CF8F91AAEEDA3474620F1FFD864F1AA97B218FA739C
                  Malicious:false
                  Reputation:unknown
                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
                  Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                  Category:modified
                  Size (bytes):7388
                  Entropy (8bit):3.243656560723182
                  Encrypted:false
                  SSDEEP:
                  MD5:863D14578148CE8AAE5B2E75313A8937
                  SHA1:2ECF24FB11D2A8C64D4DD1388EE866030A5F2B41
                  SHA-256:DECABFA77190E727BB96B68EB48FB13617942FE11EEE4F563C79F1AC4C4FFABF
                  SHA-512:2F51A748B9C9E2C45051919BCF4C717B68C83808F4CBE6480673B98D81036F71BEB916278B15A17FC86B567E5768DCCF3D38BD8E905BD37FA073581D2D49C518
                  Malicious:false
                  Reputation:unknown
                  Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.2.:.3.4.:.5.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):812
                  Entropy (8bit):7.531546623751836
                  Encrypted:false
                  SSDEEP:
                  MD5:113834E9AF5E0EF8CB14306D25BBB5F1
                  SHA1:C1359FD5220F3FCE5AC6030244BF1FE8FF4CDAE9
                  SHA-256:4F91D3CA4CCDA6A25C0377F7B1AB882C4CCF21F18831511CEBEA93C17B350499
                  SHA-512:2522C1880A31C549F810F847BC34D506907C219DBD088F60FD21E1A91DB523A1234728140415B7CA3896E70BEC7055E15E280C85F010366D83C20E28EEBE2618
                  Malicious:false
                  Reputation:unknown
                  Preview:0..(......!0.....+.....0......0...0..k0i1.0...U....US1.0...U....Entrust, Inc.1B0@..U...9Entrust Code Signing Root Certification Authority - CSBR1..20250122144700Z0s0q0I0...+........k..E<L.L.j.Q..9@XZ......=...q.7....i5W...5..{.4.j...F.15+....20250122140000Z....20260122135959Z0...*.H.............G8]..\..q}B._(8..8W...B.aQ..Q.15....SO6..7l}..........;....n...vS..rC..10.....|R.?....F/.N"...#....z.r.b...=.bu...6p.f.6._...@..w.UE&.3)A(...|...y._....gf....K../.......&n.X.t#....4...'-.c...L4h.BZ.4..25..V........ F....(..o.....8..|.M.u...Wny.@4V..'..A.%...9D.,.G............c.!TW....{I~%+e.{`}co....:....n.k..{...k.au.."*..u<.4..t..$.Y..l-[.....L...}g|Ub..F...g.;h.g@.....}.(."j3Ud.d..}.dcs............s8..^.[G|Z.H..G..zq<..f>'...q.....dC...(.B!.v.....r..`4..\.&...`@.g...w}.tQ..v.b.i.~
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):1580
                  Entropy (8bit):7.455115918048376
                  Encrypted:false
                  SSDEEP:
                  MD5:3A057920801914639A4D82A09DDD0C0B
                  SHA1:0EA8566469E776B4302657F05AEB2A51A3A808BD
                  SHA-256:0F5F18A1D438F6DE421BCAF40A6D51926B9627B056C5EC95DBD9D532E8452B22
                  SHA-512:7BAE4D7AF20C858E61A212714E10712C05ECDA689B100DBF9605B16F781A7F9D00C0E2147864046921C9E0733B8EC2D123604A1FA0255EBCD0EA98E84A566057
                  Malicious:false
                  Reputation:unknown
                  Preview:0..(......!0.....+.....0......0...0..H0F1.0...U....US1.0...U....Entrust1%0#..U....Entrust Validation Authority..20250401115200Z0s0q0I0...+.........\...a......A[B'...jr&z...}.;iQ.l....f...N@.7T......Q......20250401110000Z....20250408105959Z0...*.H...............W.G..C..5w...|.._\.!.pL.VQ.c.y..T.......M(..'!Q..B.5.zD0G.3...cn..>.....V.....AZ.....dB.......B?.6.........AR;..'...K>.q.P..`,U6...~T...^<....8...!%.o.........s.wj2.j.F.b;<.....v...]...~...s6.'ad-....[._...3.....Ie.`(.MN.*."..[{.%vU...R..0....0...0...0...........;.h....,..N..0...*.H........0..1.0...U....US1.0...U....Entrust, Inc.1(0&..U....See www.entrust.net/legal-terms1907..U...0(c) 2009 Entrust, Inc. - for authorized use only1200..U...)Entrust Root Certification Authority - G20...240626145745Z..250626145744Z0F1.0...U....US1.0...U....Entrust1%0#..U....Entrust Validation Authority0.."0...*.H.............0..............3x.F.'.B..$..-..P@.M....]e..4.B.K..6..p.dk#m'.I.0}X.|...'...8.h..=.....;......<-...n....
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):806
                  Entropy (8bit):7.5269320662861885
                  Encrypted:false
                  SSDEEP:
                  MD5:ECDB54B631BB82D99EAEF4CD7E7BB0ED
                  SHA1:3FEE425F41AC01ED8B091F72677DB83AFA2AAC4A
                  SHA-256:F8AC7C2ACEBFFBF57DA7DD6D35C8388585709969396A982F4013C9C9F3C9DED4
                  SHA-512:EE6972E5A116A2645BB987AC70AC95007CA92C0ACF6267DA4B176D188B5FC1E13357AED5E1B69E364638DB532FEB908DE0C7B064D752CD8C93D08D60B7D15AFA
                  Malicious:false
                  Reputation:unknown
                  Preview:0..".......0.....+.....0......0...0..e0c1.0...U....US1.0...U....Entrust, Inc.1<0:..U...3Entrust Extended Validation Code Signing CA - EVCS2..20250401090900Z0s0q0I0...+........i.d.)...r ..'d{....*...O.Q....b.1#a.a...x..e.....Y..j.{-.....20250401090000Z....20250408085959Z0...*.H.............<.%.....TH5W4..L.....6....`...%)6]4.n..uIK..m...\3.2.xl.F.$.....3.H.vxXJ..q.M...V...d..b4{..wh..xC..=.F.m...........-...j.......%!|F<....e..g&.p..L..a..@...-Y.&.m.;..'e.).....P).U...q.......mC...E..>m.UGr..j?I..]T+.L$g{b....9....lM.3..JE.c........sbX.`.b..W@2...#wRHF.....).&...wYy8.g..a...s..9..V9.(...;P.G.5.~+.j'}.q...._4....(.U....[....p.Sz.g1 .. .(..#J[..I..>...x?..P....V..K-Y.dzBm{..."..#.@.>GD...P0.D.E.2EL).38.....F.zA......i.[.........1.....1..].....!:..x..N..x.Ap.....M.#....1.
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):17435
                  Entropy (8bit):6.588533995448455
                  Encrypted:false
                  SSDEEP:
                  MD5:D800264049EC18CA25E519CAC77CDF95
                  SHA1:5F4137494184B429163D520D9E13B91775DAD8B0
                  SHA-256:EF151282882EEE5FD374D8860731A19FDA6FC7ACB9FEECF8EBAC5FA060761FF4
                  SHA-512:84EFA80BB91ED7C24D953E35EE790CEE10DFF78798D52150BC0679529C13F6B777E043140D64C4D7D10972541E7A6587C851A2AB2505E8FF9B5410DACDBB8DFA
                  Malicious:false
                  Reputation:unknown
                  Preview:0.D.0.A....0...*.H........0c1.0...U....US1.0...U....Entrust, Inc.1<0:..U...3Entrust Extended Validation Code Signing CA - EVCS2..250401145350Z..250408145349Z0.A.0!..Q}..j..Xj....F...240424164614Z0!..K.TUI.N5......M...221219162954Z0!..nY(.......+v..6<..240916143133Z0I..5n=.^.C[..........220823121242Z0&0...U.......0...U......20220823114521Z0/...W..\.a...<..61...210602094606Z0.0...U.......0/..H..[...}.#.E..1...240509105607Z0.0...U.......0!......L....$.K...H..240124103938Z0!..*L./'{...s.......230628194025Z0/..x.g..........m..210722030447Z0.0...U.......0!..tXb2``2..=.-<h%..240515114754Z0!...JU..{.Uf\.I..}...221205101700Z0/..Y..L.Zn-L}..0.Zp..210722070621Z0.0...U.......0/..RJ.D.....P.......211202192911Z0.0...U.......0/..p....umO....o.[..210809172110Z0.0...U.......0!..VH.I......LT....221209194927Z0/........4..<.......210702171851Z0.0...U.......0/....E.+..^?.(.AK....210928110305Z0.0...U.......0/..S......_0..R....210624121150Z0.0...U.......0/.....ll.D..SnS.....211028124014Z0.0...U.
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):540
                  Entropy (8bit):3.9552620671832126
                  Encrypted:false
                  SSDEEP:
                  MD5:E6562CF9A05D12BF46650D556B88FFF6
                  SHA1:F7C8DBE4D9749A16F417D6A0D13F606DD9469261
                  SHA-256:5E6399717EEE59550CC1DD88CFE1796021EF5DAF63243DDAAE459EF32C25F96F
                  SHA-512:FE94ED2AF695D92CDA102DCB7F6CCD269F65AD4D37D861DB0529AD00997CBE6EF42B65432332BC51C70DAAD9889557DC05A473A76B433D7BE4B83C46EDD446C9
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ...."....l.;...(.................$..l....Re......................Re.... .........$..l..8...............,...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.R.r.2.b.w.A.R.T.x.M.t.E.y.9.a.s.p.R.A.Z.g.5.Q.F.h.a.g.Q.Q.U.g.r.r.W.P.Z.f.O.n.8.9.x.6.J.I.3.r.%.2.F.2.z.t.W.k.1.V.8.8.C.E.D.W.v.t.3.u.d.N.B.9.q.%.2.F.I.%.2.B.E.R.q.s.x.N.S.s.%.3.D...".4.F.9.1.D.3.C.A.4.C.C.D.A.6.A.2.5.C.0.3.7.7.F.7.B.1.A.B.8.8.2.C.4.C.C.F.2.1.F.1.8.8.3.1.5.1.1.C.E.B.E.A.9.3.C.1.7.B.3.5.0.4.9.9."...
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):528
                  Entropy (8bit):3.945204390945211
                  Encrypted:false
                  SSDEEP:
                  MD5:E196DD04825622D4F0DBFD6F0DAA7C47
                  SHA1:52053ACC216E5ABED86ABD9844E0F02E91BA1C66
                  SHA-256:87749760EABBD8182C4BEC07A6B7D91CBF67007A89C705EE7FF95490CCAFC4B9
                  SHA-512:40FA9A47BEBB7FAAC2EF56CD47A460A766249F6056E45767882D4114D619B01C9415C45AE138FACD12E0CE46C5F71B1526CFB5090595171FF47D94DD352783B4
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ...........;...(................8X6......^u.....................^u... ........8X6....................,...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.L.X.N.C.z.D.v.B.h.H.e.c.W.j.g.7.0.i.J.h.B.W.0.I.n.y.w.Q.U.a.n.I.m.e.t.A.e.7.3.3.n.O.2.l.R.1.G.y.N.n.5.A.S.Z.q.s.C.E.E.5.A.5.D.d.U.7.e.a.M.A.A.A.A.A.F.H.T.l.H.8.%.3.D...".0.F.5.F.1.8.A.1.D.4.3.8.F.6.D.E.4.2.1.B.C.A.F.4.0.A.6.D.5.1.9.2.6.B.9.6.2.7.B.0.5.6.C.5.E.C.9.5.D.B.D.9.D.5.3.2.E.8.4.5.2.B.2.2."...
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):540
                  Entropy (8bit):3.966688933013547
                  Encrypted:false
                  SSDEEP:
                  MD5:51644830F430893926AE453052A92833
                  SHA1:AB86C4A5E66564517DD365D6523BAD8665229163
                  SHA-256:3815B58F69227C99AB3AE33A8C322E551DCF677539D933322BEE47593260943C
                  SHA-512:7DEBC15271D7633E2D097145699D757B1FDFF2A7D74046E8C90296B76102F2F0A3DC315E78AB4452F865594AF01A95B8A8058F98C0B5905BD0EE2C53317EB2E2
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ....".....T.;...(................h.r.......d.......................d... ........h.r...................&...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.R.p.%.2.B.m.Q.D.K.a.u.E.4.n.I.g.%.2.F.g.k.n.Z.H.u.B.l.L.k.f.K.g.Q.U.z.o.l.P.g.l.G.q.F.a.K.E.Y.s.o.x.I.2.H.S.Y.f.v.4.%.2.F.n.g.C.E.G.W.4.H.A.D.K.t.s.p.Z.v.o.B.q.8.n.s.t.n.N.M.%.3.D...".F.8.A.C.7.C.2.A.C.E.B.F.F.B.F.5.7.D.A.7.D.D.6.D.3.5.C.8.3.8.8.5.8.5.7.0.9.9.6.9.3.9.6.A.9.8.2.F.4.0.1.3.C.9.C.9.F.3.C.9.D.E.D.4."...
                  Process:C:\Windows\SysWOW64\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):288
                  Entropy (8bit):3.035220339322275
                  Encrypted:false
                  SSDEEP:
                  MD5:BF9F7071DBEBE28F7242B9AF5AC79ADC
                  SHA1:828DD9A68FF3362BA58EF1E17953B6D74DDBFC35
                  SHA-256:1F0DD4CB5F6433BC000D08EE37669178C83F3241A1A446FBDD4BBE00AEB0F38C
                  SHA-512:71E896B713C7F9F6800EFA5FE6EE76002C4B911DC51351A1F9E49BBD686302728C410C3E4A7449D28395234056C96AD887D950C8AB3E17C466982F28F62F3027
                  Malicious:false
                  Reputation:unknown
                  Preview:p...... ....B...2.v.;...(....................................................... ........!..........j............D..h.t.t.p.:././.c.r.l...e.n.t.r.u.s.t...n.e.t./.e.v.c.s.2...c.r.l...".d.8.0.0.2.6.4.0.4.9.e.c.1.8.c.a.2.5.e.5.1.9.c.a.c.7.7.c.d.f.9.5.:.1.7.4.3.5.1.9.2.7.9...0.7.4.9.3.3."...
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                  Malicious:false
                  Reputation:unknown
                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):73728
                  Entropy (8bit):0.2611805707431549
                  Encrypted:false
                  SSDEEP:
                  MD5:FD8A5FC01DCBC9B27AEAADB1C98F7A37
                  SHA1:543727E21DA24BAA866E7D739157EA48EA7383A4
                  SHA-256:E43CAAB7E0755C021E2126FF96422BE2FDBB8C4E875A5FCD0EB5A4559A95BCE4
                  SHA-512:CCBC0F74815CB04B538452328BB6905FEAE176D74DB3D9804EF781FBFDB1835E6C1B871BD7221ADEB9FEF89E05353FF3F2C5CCF849081750B0F99591BF06A995
                  Malicious:false
                  Reputation:unknown
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.1497706625642787
                  Encrypted:false
                  SSDEEP:
                  MD5:CBE0AE6220387667347616B69165A63D
                  SHA1:3E146723E9507C0BC5D7E8EC27730A21655617D3
                  SHA-256:B762AEE18CAE0A39C56959867202753923746F9A9F8B158E396E6138E8265981
                  SHA-512:9EDC7B38558A07CC0ED6649A4EC8D21F786577DD1A50956FFFC018EE74DD4460DDFA9ABCA781F420A564C4901018115BA110184ED8F009AEC5390ADF0E7E0502
                  Malicious:false
                  Reputation:unknown
                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Windows\System32\msiexec.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):32768
                  Entropy (8bit):1.4921410225994758
                  Encrypted:false
                  SSDEEP:
                  MD5:57B8F57AAE5BB0948A22E9FEC6C132D4
                  SHA1:50A9FEDBA6DEF37A1AE35CA5C87CF3330D51D8EB
                  SHA-256:3B4252776424B812005983649977BEA67F113F3E6F5B1441E7CAE107F4A1EF3A
                  SHA-512:D9BF98AAAE372AFCD22734D4FAD3E8945A471DFEA42E6304F2E8E4EFA5DAB27FA2EC84EEA6EC8D6F8D44D0C7FB383391C0AD933FE379129544CE632DCA8CAFBA
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Entropy (8bit):7.998311586042876
                  TrID:
                  • Win32 Executable (generic) a (10002005/4) 99.96%
                  • Generic Win/DOS Executable (2004/3) 0.02%
                  • DOS Executable Generic (2002/1) 0.02%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:BIGIPEdgeClient 2024.exe
                  File size:32'294'824 bytes
                  MD5:f5ddc35484fadc74b8b577278c85ba10
                  SHA1:0db38695a6e070a2b2eb75a89482a9460a1d63c3
                  SHA256:6552659af321c91350cdb76dbf30219ed16bea081c7fb43e308fb137da1f541f
                  SHA512:1c435b2e998198355d82dd089b68e4ab0e49878fe0638c09975ef793085a537289e63e09f0c4cb656ae03d0f3ed2322b53e41341ab62e1f82b658e0afe25ac62
                  SSDEEP:786432:5dD9ly1GbCZh/spH9keZmqmPTwacooKg7Jou:fGwCv/sx9kewqIkacoG7Ku
                  TLSH:066733107A96E921F2728A361FB49379A99DB4128B2582EFD3CC0FB92D406D1C737717
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................`...Df......................?...............M...............................M.......H.%.....M......
                  Icon Hash:2d2e3797b32b2b99
                  Entrypoint:0x424b20
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                  Time Stamp:0x64B65A7F [Tue Jul 18 09:25:19 2023 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:6
                  OS Version Minor:0
                  File Version Major:6
                  File Version Minor:0
                  Subsystem Version Major:6
                  Subsystem Version Minor:0
                  Import Hash:77e82d910b00f5dda4227cfbcd1516ff
                  Instruction
                  call 00007FAE6884A809h
                  jmp 00007FAE6884A09Dh
                  int3
                  int3
                  int3
                  int3
                  int3
                  int3
                  push ebx
                  push esi
                  mov eax, dword ptr [esp+18h]
                  or eax, eax
                  jne 00007FAE6884A22Ah
                  mov ecx, dword ptr [esp+14h]
                  mov eax, dword ptr [esp+10h]
                  xor edx, edx
                  div ecx
                  mov ebx, eax
                  mov eax, dword ptr [esp+0Ch]
                  div ecx
                  mov edx, ebx
                  jmp 00007FAE6884A253h
                  mov ecx, eax
                  mov ebx, dword ptr [esp+14h]
                  mov edx, dword ptr [esp+10h]
                  mov eax, dword ptr [esp+0Ch]
                  shr ecx, 1
                  rcr ebx, 1
                  shr edx, 1
                  rcr eax, 1
                  or ecx, ecx
                  jne 00007FAE6884A206h
                  div ebx
                  mov esi, eax
                  mul dword ptr [esp+18h]
                  mov ecx, eax
                  mov eax, dword ptr [esp+14h]
                  mul esi
                  add edx, ecx
                  jc 00007FAE6884A220h
                  cmp edx, dword ptr [esp+10h]
                  jnbe 00007FAE6884A21Ah
                  jc 00007FAE6884A219h
                  cmp eax, dword ptr [esp+0Ch]
                  jbe 00007FAE6884A213h
                  dec esi
                  xor edx, edx
                  mov eax, esi
                  pop esi
                  pop ebx
                  retn 0010h
                  jmp dword ptr [0044735Ch]
                  mov ecx, dword ptr [ebp-0Ch]
                  mov dword ptr fs:[00000000h], ecx
                  pop ecx
                  pop edi
                  pop edi
                  pop esi
                  pop ebx
                  mov esp, ebp
                  pop ebp
                  push ecx
                  ret
                  push eax
                  push dword ptr fs:[00000000h]
                  lea eax, dword ptr [esp+0Ch]
                  sub esp, dword ptr [esp+0Ch]
                  push ebx
                  push esi
                  push edi
                  mov dword ptr [eax], ebp
                  mov ebp, eax
                  mov eax, dword ptr [0045E264h]
                  xor eax, ebp
                  push eax
                  push dword ptr [ebp-04h]
                  mov dword ptr [ebp-04h], FFFFFFFFh
                  lea eax, dword ptr [ebp-0Ch]
                  mov dword ptr fs:[00000000h], eax
                  ret
                  Programming Language:
                  • [ C ] VS2015 UPD3.1 build 24215
                  • [C++] VS2015 UPD3.1 build 24215
                  • [RES] VS2015 UPD3 build 24213
                  • [LNK] VS2015 UPD3.1 build 24215
                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5c18c0x8c.rdata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x9998.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x6d0000x41bc.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x57dd00x54.rdata
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x57e240x18.rdata
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4ec980x40.rdata
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x470000x35c.rdata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x5bec40xc0.rdata
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000x4573a0x458004fa05c91df9837909c9308897697abc4False0.5174973302607914data6.558181840536306IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rdata0x470000x165360x166006f21db976db84e111b8a9175051837a7False0.4528194832402235data5.608259046281309IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .data0x5e0000x293c0x14009ac5d096966c059a4acf874c972f3c4aFalse0.2205078125data3.7592872495006473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .didat0x610000x780x2001558441f6618d0302f5395cfbe981051False0.1640625data1.06602633892955IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .tls0x620000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rsrc0x630000x99980x9a002c712341edc3c88bb4747deb137316d5False0.29248681006493504data4.841559579895467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x6d0000x41bc0x420073add3098de9965a7fe25ca39965b738False0.7330137310606061data6.690116030932867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_ICON0x63c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5675675675675675
                  RT_ICON0x63d300x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                  RT_ICON0x642980x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                  RT_ICON0x645800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                  RT_DIALOG0x659a00xdedata0.6891891891891891
                  RT_DIALOG0x657e00xdedata0.6891891891891891
                  RT_DIALOG0x658c00xdedata0.6891891891891891
                  RT_DIALOG0x655400xdedataChineseTaiwan0.6891891891891891
                  RT_DIALOG0x652a00xdedataEnglishUnited States0.6891891891891891
                  RT_DIALOG0x653800xdedataJapaneseJapan0.6891891891891891
                  RT_DIALOG0x656200xdedataKoreanNorth Korea0.6891891891891891
                  RT_DIALOG0x656200xdedataKoreanSouth Korea0.6891891891891891
                  RT_DIALOG0x657000xdedataRussianRussia0.6891891891891891
                  RT_DIALOG0x654600xdedataChineseChina0.6891891891891891
                  RT_STRING0x6b8480x158data0.5872093023255814
                  RT_STRING0x695180x16edata0.5409836065573771
                  RT_STRING0x6a6000x18cdata0.547979797979798
                  RT_STRING0x678480x9cdataChineseTaiwan0.8782051282051282
                  RT_STRING0x65a800x13adataEnglishUnited States0.5955414012738853
                  RT_STRING0x668e00xd6dataJapaneseJapan0.8785046728971962
                  RT_STRING0x67dc80xe6dataKoreanNorth Korea0.8130434782608695
                  RT_STRING0x67dc80xe6dataKoreanSouth Korea0.8130434782608695
                  RT_STRING0x686c80x13cdataRussianRussia0.6265822784810127
                  RT_STRING0x672100xa2dataChineseChina0.845679012345679
                  RT_STRING0x6b9a00x86edata0.3341056533827618
                  RT_STRING0x696880x852data0.3032863849765258
                  RT_STRING0x6a7900x918data0.30369415807560135
                  RT_STRING0x678e80x242dataChineseTaiwan0.7283737024221453
                  RT_STRING0x65bc00x6e4dataEnglishUnited States0.3287981859410431
                  RT_STRING0x669b80x46edataJapaneseJapan0.5194003527336861
                  RT_STRING0x67eb00x41adataKoreanNorth Korea0.540952380952381
                  RT_STRING0x67eb00x41adataKoreanSouth Korea0.540952380952381
                  RT_STRING0x688080x6f8dataRussianRussia0.367152466367713
                  RT_STRING0x672b80x2dcdataChineseChina0.6229508196721312
                  RT_STRING0x6c2100x788data0.33713692946058094
                  RT_STRING0x69ee00x720data0.3514254385964912
                  RT_STRING0x6b0a80x79edata0.3292307692307692
                  RT_STRING0x67b300x298dataChineseTaiwan0.713855421686747
                  RT_STRING0x662a80x634dataEnglishUnited States0.3425692695214106
                  RT_STRING0x66e280x3e6dataJapaneseJapan0.5521042084168337
                  RT_STRING0x682d00x3f8dataKoreanNorth Korea0.5698818897637795
                  RT_STRING0x682d00x3f8dataKoreanSouth Korea0.5698818897637795
                  RT_STRING0x68f000x618dataRussianRussia0.39807692307692305
                  RT_STRING0x675980x2acdataChineseChina0.6564327485380117
                  RT_GROUP_ICON0x64e280x3edataEnglishUnited States0.8387096774193549
                  RT_VERSION0x64e680x438data0.43148148148148147
                  RT_MANIFEST0x635b00x651XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4155844155844156
                  DLLImport
                  COMCTL32.dllInitCommonControlsEx
                  KERNEL32.dllGetCurrentProcess, GetCurrentProcessId, GetExitCodeProcess, GetCurrentThreadId, CreateProcessA, GetSystemInfo, GetSystemTime, GetSystemDirectoryA, GetWindowsDirectoryA, GetVersionExA, FreeLibrary, GetModuleFileNameA, GetModuleHandleA, GetModuleHandleExA, GetProcAddress, LoadLibraryA, LocalAlloc, LocalFree, FormatMessageA, lstrcmpA, lstrlenA, CopyFileA, VerifyVersionInfoW, MultiByteToWideChar, WideCharToMultiByte, GetLocaleInfoA, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetFullPathNameA, SetDefaultDllDirectories, lstrcpynA, lstrcpyA, lstrcatA, CompareStringA, GlobalAlloc, GlobalFree, VirtualProtect, VirtualQuery, GetModuleHandleW, LoadLibraryExA, GlobalUnlock, GlobalLock, FileTimeToLocalFileTime, GetFileTime, LocalFileTimeToFileTime, SetEndOfFile, SetFilePointer, SetFileTime, GetVolumeInformationA, GetLocalTime, GetVersion, DosDateTimeToFileTime, SetVolumeLabelA, FileTimeToSystemTime, SystemTimeToFileTime, lstrcmpiA, CreateDirectoryW, GetFileAttributesExW, SetEnvironmentVariableW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, IsValidCodePage, FindFirstFileExA, GetFullPathNameW, GetCurrentDirectoryW, HeapSize, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetTimeZoneInformation, ReadConsoleW, ReadFile, SetFilePointerEx, GetConsoleMode, GetConsoleCP, GetACP, WriteFile, GetStdHandle, GetModuleHandleExW, ExitProcess, HeapReAlloc, SetStdHandle, WriteConsoleW, SystemTimeToTzSpecificLocalTime, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeW, GetCommandLineW, GetCommandLineA, GetFileType, CreateEventA, CreateMutexA, WaitForSingleObject, ReleaseMutex, ResetEvent, SetEvent, DeleteCriticalSection, InitializeCriticalSectionEx, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, GetProcessHeap, HeapFree, HeapAlloc, QueryPerformanceCounter, GetLastError, RaiseException, CloseHandle, DecodePointer, OutputDebugStringA, GetTempPathA, SetFileAttributesW, SetFileAttributesA, RemoveDirectoryA, GetLongPathNameA, GetFileAttributesA, FlushFileBuffers, FindNextFileA, FindFirstFileA, FindClose, DeleteFileW, DeleteFileA, CreateFileW, CreateFileA, CreateDirectoryA, VerSetConditionMask, GetDriveTypeA, LoadLibraryExW, RtlUnwind, InitializeSListHead, GetStartupInfoW, WaitForSingleObjectEx, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCPInfo, GetStringTypeW, GetLocaleInfoW, LCMapStringW, CompareStringW, GetSystemTimeAsFileTime, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, CreateEventW, InitializeCriticalSectionAndSpinCount, SetLastError, EncodePointer, OutputDebugStringW, IsDebuggerPresent
                  USER32.dllDispatchMessageA, PeekMessageA, DefWindowProcA, DestroyWindow, ShowWindow, TranslateMessage, SetWindowTextA, GetWindowRect, GetWindowLongA, SetWindowLongA, ExitWindowsEx, CharPrevA, LoadStringA, CreateDialogParamA, LoadIconA, OemToCharA, CharNextA, wsprintfA, MsgWaitForMultipleObjects, SystemParametersInfoA, IsDialogMessageA, SetForegroundWindow, GetSystemMetrics, SetFocus, SetDlgItemTextA, GetDlgItem, MoveWindow, WaitMessage, PostMessageA, SendMessageA, MessageBoxA
                  ADVAPI32.dllLookupPrivilegeValueA, SetKernelObjectSecurity, IsValidSecurityDescriptor, GetSecurityDescriptorControl, GetKernelObjectSecurity, AdjustTokenPrivileges, ConvertStringSecurityDescriptorToSecurityDescriptorA, RegQueryValueExA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegCloseKey, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, FreeSid, AllocateAndInitializeSid, OpenProcessToken
                  SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA
                  ole32.dllCoTaskMemFree, CoCreateGuid, StringFromGUID2
                  DescriptionData
                  CompanyNameF5 Networks, Inc.
                  FileDescriptionF5 Networks BIG-IP Edge Client Installer
                  FileVersion7243, 2023, 0718, 0858
                  InternalNamesetup.exe
                  LegalCopyright 2023 F5 Networks, Inc. All rights reserved.
                  LegalTrademarksBIG-IP is a registered trademark of F5 Networks, Inc.
                  OriginalFilenamesetup.exe
                  ProductNameBIG-IP Edge Client
                  ProductVersion7243, 2023, 0718, 0858
                  Build3555.0
                  Translation0x0000 0x04b0
                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States
                  ChineseTaiwan
                  JapaneseJapan
                  KoreanNorth Korea
                  KoreanSouth Korea
                  RussianRussia
                  ChineseChina