Edit tour

Windows Analysis Report
BIGIPEdgeClient 2024.exe

Overview

General Information

Sample name:BIGIPEdgeClient 2024.exe
Analysis ID:1654085
MD5:f5ddc35484fadc74b8b577278c85ba10
SHA1:0db38695a6e070a2b2eb75a89482a9460a1d63c3
SHA256:6552659af321c91350cdb76dbf30219ed16bea081c7fb43e308fb137da1f541f
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Drops executables to the windows directory (C:\Windows) and starts them
Possible COM Object hijacking
Sample is not signed and drops a device driver
Tries to delay execution (extensive OutputDebugStringW loop)
Adds / modifies Windows certificates
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the driver directory
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Msiexec Initiated Connection
Sigma detected: Suspicious Msiexec Execute Arbitrary DLL
Uses 32bit PE files

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • BIGIPEdgeClient 2024.exe (PID: 7048 cmdline: "C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe" MD5: F5DDC35484FADC74B8B577278C85BA10)
  • msiexec.exe (PID: 7140 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6372 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding C523860BCB1391995BF0B65B4D4EA95D C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 6264 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding D9CD81ED82D4D50B258AA6C9CF4CB543 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • F5Win32CheckHelper.exe (PID: 6628 cmdline: "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver MD5: 8C0A7C17B8F454D43BDCDCC2DA1F8F1D)
      • f5vpn.exe (PID: 3940 cmdline: "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer MD5: A8FADC9A889949AA2FEFE3291887A5C3)
      • F5ElHelper.exe (PID: 6700 cmdline: "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer MD5: 3E9C46E3A9020CD0015F6B16F74B46F8)
    • msiexec.exe (PID: 6400 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3C4A67E2EBEF632BC0565714EF7AAAEF E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • F5ElHelper.exe (PID: 2980 cmdline: "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer MD5: 3E9C46E3A9020CD0015F6B16F74B46F8)
      • f5vpn.exe (PID: 5308 cmdline: "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer MD5: A8FADC9A889949AA2FEFE3291887A5C3)
      • F5Win32CheckHelper.exe (PID: 6800 cmdline: "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /regserver MD5: 8C0A7C17B8F454D43BDCDCC2DA1F8F1D)
      • ursetvpn.exe (PID: 6792 cmdline: "C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exe" /q MD5: F9D1E6428A59AC5E7B68862D20B52C72)
        • urset64.exe (PID: 5624 cmdline: urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
        • urset64.exe (PID: 5904 cmdline: urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
        • urset64.exe (PID: 3660 cmdline: urset64.exe InstallAdapter 0xd021e C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
    • msiexec.exe (PID: 4724 cmdline: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll" MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 1432 cmdline: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll" MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 4624 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 2560EBD65F70A9D75D2BE3C254710F6F C MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 3088 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding C64F3CA693020156C3D771AED8AF815D MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • F5Win32CheckHelper.exe (PID: 1504 cmdline: "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver MD5: 8C0A7C17B8F454D43BDCDCC2DA1F8F1D)
      • f5vpn.exe (PID: 1268 cmdline: "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer MD5: A8FADC9A889949AA2FEFE3291887A5C3)
      • F5ElHelper.exe (PID: 1960 cmdline: "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer MD5: 3E9C46E3A9020CD0015F6B16F74B46F8)
    • msiexec.exe (PID: 512 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 1884DAC3AC74B12435AD046DEBD7133D E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • F5ElHelper.exe (PID: 3928 cmdline: "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer MD5: 3E9C46E3A9020CD0015F6B16F74B46F8)
      • f5vpn.exe (PID: 6700 cmdline: "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer MD5: A8FADC9A889949AA2FEFE3291887A5C3)
      • F5Win32CheckHelper.exe (PID: 2984 cmdline: "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /regserver MD5: 8C0A7C17B8F454D43BDCDCC2DA1F8F1D)
      • ursetvpn.exe (PID: 4596 cmdline: "C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exe" /q MD5: F9D1E6428A59AC5E7B68862D20B52C72)
        • urset64.exe (PID: 6836 cmdline: urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
        • urset64.exe (PID: 3752 cmdline: urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
        • urset64.exe (PID: 3208 cmdline: urset64.exe InstallAdapter 0xe0334 C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter MD5: FC36A4D74E5757F633B0B2FB3583700D)
    • msiexec.exe (PID: 1076 cmdline: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll" MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6412 cmdline: "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • svchost.exe (PID: 4672 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6632 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 6588 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6696 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6648 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 4036 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 2128 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
      • conhost.exe (PID: 1880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • BIGIPEdgeClient 2024.exe (PID: 4620 cmdline: "C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe" MD5: F5DDC35484FADC74B8B577278C85BA10)
  • cleanup
No yara matches
Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 23.46.226.182, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Windows\SysWOW64\msiexec.exe, Initiated: true, ProcessId: 6400, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49704
Source: Process startedAuthor: frack113: Data: Command: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll", CommandLine: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll", CommandLine|base64offset|contains: , Image: C:\Windows\System32\msiexec.exe, NewProcessName: C:\Windows\System32\msiexec.exe, OriginalFileName: C:\Windows\System32\msiexec.exe, ParentCommandLine: C:\Windows\system32\msiexec.exe /V, ParentImage: C:\Windows\System32\msiexec.exe, ParentProcessId: 7140, ParentProcessName: msiexec.exe, ProcessCommandLine: "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll", ProcessId: 4724, ProcessName: msiexec.exe
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 660, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4672, ProcessName: svchost.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION f5fpclientW.exe
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION f5fpclientW.exe
Source: BIGIPEdgeClient 2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\readme.txt
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\readme.txt
Source: BIGIPEdgeClient 2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: z:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: x:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: v:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: t:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: r:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: p:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: n:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: l:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: j:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: h:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: f:
Source: C:\Windows\System32\svchost.exeFile opened: d:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: b:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: y:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: w:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: u:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: s:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: q:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: o:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: m:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: k:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: i:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: g:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: e:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: c:
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile opened: a:
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: ocsp.entrust.net
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: ocsp.entrust.net
Source: global trafficHTTP traffic detected: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEGW4HADKtspZvoBq8nstnNM%3D HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: ocsp.entrust.net
Source: global trafficHTTP traffic detected: GET /evcs2.crl HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: crl.entrust.net
Source: global trafficDNS traffic detected: DNS query: ocsp.entrust.net
Source: global trafficDNS traffic detected: DNS query: crl.entrust.net
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltDrv.sys
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeFile created: C:\Windows\system32\drivers\urfltv64.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\50f97e.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB52.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFCAB.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFE81.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5netprov64.dll
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5CredMgrSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5FltSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5InspectorService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5InstallerService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineCertService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelInfo.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5TrafficSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4CB.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA4B.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSID79.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1644.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI175E.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1905.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\50f980.msi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6F44.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipi
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI70CC.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7273.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5netprov64.dll
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5CredMgrSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5FltSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5InspectorService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5InstallerService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineCertService.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelInfo.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelService.exe
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A37B8BA80004D3266CB4D93B2052DC10_EBDB5A7037F08CDFB408DBFC0D44B43D
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\026A86A161D256DBB33076EDF20C0E5E_86AB612B21DEDF3B8CD155ED2E4114FF
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AF360AACB1570042DEFBC833317997D0_1C71A55BE4D771E763612A0A7E2744CE
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AF360AACB1570042DEFBC833317997D0_1C71A55BE4D771E763612A0A7E2744CE
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper64.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhostres.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F599B66E34645915D6CE3B9990A2673F
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F599B66E34645915D6CE3B9990A2673F
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.inf
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5vpn.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5LogViewer.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urSuperHost.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxshost.inf
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\scew_uls.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialerres.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialer.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxvpn.inf
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeFile created: C:\Windows\system32\drivers\urfltv64.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5TrafficSrv.exe
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI78CD.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7989.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI7CA7.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI80DE.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8A65.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8BBD.tmp
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8D55.tmp
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper64.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhostres.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhost.inf
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5vpn.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\f5LogViewer.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urSuperHost.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxshost.inf
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\scew_uls.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialerres.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialer.dll
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxvpn.inf
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIFB52.tmp
Source: BIGIPEdgeClient 2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal60.evad.winEXE@72/115@2/15
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\F5 VPN
Source: C:\Windows\SysWOW64\msiexec.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1880:120:WilError_03
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeMutant created: \Sessions\1\BaseNamedObjects\F5_Networks_Log_File_Mutex_12288
Source: C:\Windows\SysWOW64\msiexec.exeMutant created: \Sessions\1\BaseNamedObjects\F5_Networks_Log_File_Mutex_16384
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeMutant created: \Sessions\1\BaseNamedObjects\Global\F5_VPN__MSISETUP_{9F05164C-C169-4BFA-B1AC-79CD53651349}
Source: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exeMutant created: \Sessions\1\BaseNamedObjects\08fbfb56-5137-47e6-8dc4-f9dd19d0577c
Source: C:\Windows\Downloaded Program Files\F5ElHelper.exeMutant created: \Sessions\1\BaseNamedObjects\e3e66f19-f7a5-44f5-b826-37c04e3700f3
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8
Source: BIGIPEdgeClient 2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\CustomDialer.ini
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile read: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
Source: unknownProcess created: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe "C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C523860BCB1391995BF0B65B4D4EA95D C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D9CD81ED82D4D50B258AA6C9CF4CB543
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3C4A67E2EBEF632BC0565714EF7AAAEF E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /regserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exe "C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exe" /q
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urset64.exe urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urset64.exe urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urset64.exe urset64.exe InstallAdapter 0xd021e C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C523860BCB1391995BF0B65B4D4EA95D C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding D9CD81ED82D4D50B258AA6C9CF4CB543
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3C4A67E2EBEF632BC0565714EF7AAAEF E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: unknownProcess created: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe "C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2560EBD65F70A9D75D2BE3C254710F6F C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C64F3CA693020156C3D771AED8AF815D
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1884DAC3AC74B12435AD046DEBD7133D E Global\MSI0000
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /regserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exe "C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exe" /q
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urset64.exe urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urset64.exe urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urset64.exe urset64.exe InstallAdapter 0xe0334 C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 2560EBD65F70A9D75D2BE3C254710F6F C
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding C64F3CA693020156C3D771AED8AF815D
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 1884DAC3AC74B12435AD046DEBD7133D E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /regserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exe "C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exe" /q
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urset64.exe urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urset64.exe urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urset64.exe urset64.exe InstallAdapter 0xd021e C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /unregserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /UnRegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /UnregServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5ElHelper.exe "C:\Windows\Downloaded Program Files\F5ElHelper.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\f5vpn.exe "C:\Windows\Downloaded Program Files\f5vpn.exe" /RegServer
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe "C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe" /regserver
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exe "C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exe" /q
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urset64.exe urset64.exe UnInstallAdapter F5%20Networks%20VPN%20Adapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urset64.exe urset64.exe UnInstallAdapter f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exeProcess created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urset64.exe urset64.exe InstallAdapter 0xe0334 C%3A%5CUsers%5Cuser%5CAppData%5CLocal%5CTemp%5CF5%5FTMP%7E1%5C2017%5Ccovpn10%2Einf f5%5Fnetworks%5Fvpn%5Fadapter
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msisip.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cryptnet.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: webio.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: cabinet.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: srpapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: tsappcmp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: netapi32.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: wkscli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: msihnd.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: pcacli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: mpr.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: oleacc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: jscript.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mswsock.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winnsi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ncrypt.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: ntasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: samcli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: logoncli.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: scew_uls.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dll
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dll
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dll
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dll
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dll
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dll
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: occache.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: traffic.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: winhttp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wmiclnt.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: occache.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: occache.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{317D06E8-5F24-433D-BDF7-79CE68D8ABC2}\InProcServer32
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile written: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\CustomDialer.ini
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: BIGIPEdgeClient 2024.exeStatic file information: File size 32294824 > 1048576
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: BIGIPEdgeClient 2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: BIGIPEdgeClient 2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: BIGIPEdgeClient 2024.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: BIGIPEdgeClient 2024.exeStatic PE information: section name: .didat

Persistence and Installation Behavior

barindex
Source: C:\Windows\SysWOW64\msiexec.exeExecutable created and started: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeExecutable created and started: C:\Windows\Downloaded Program Files\F5ElHelper.exe
Source: C:\Windows\SysWOW64\msiexec.exeExecutable created and started: C:\Windows\Downloaded Program Files\f5vpn.exe
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: c:\windows\downloaded program files\f5elhelper64.dllCOM Object registered for dropped file: hkey_local_machine\software\classes\clsid\{5dab6006-cf31-4b6e-929a-b8e3fb20bfed}\inprocserver32
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltDrv.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5FltDrv.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltDrv.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sys
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpndrv.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnx64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnw2k.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urfltwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urfltv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urfltarm64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnarm64.sys
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeFile created: C:\Windows\system32\drivers\urfltv64.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN\F5FltDrv.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN\amd64\F5FltDrv.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN\arm64\F5FltDrv.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\covpndrv.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\covpnx64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\covpnw2k.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\covpnwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\covpnv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urfltwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urfltv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\urfltarm64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\2017\covpnwlh.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\2017\covpnv64.sys
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\2017\covpnarm64.sys
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialerARM64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5TrafficSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urset64.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpndrv.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\F5 VPN\F5CustomDialer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4CB.tmpJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltSrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI175E.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\setupdrvdll.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_7521112906096127103\f5vpn.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5TrafficSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialer64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_62181222188171883516\F5ElHelper64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProvARM64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltDrv.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\setup2000.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\F5 VPN\f5fpc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelService.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineCertService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredMgrSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5InstallerService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\F5 VPN\F5LogonUI.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5netprov64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urxdialer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\F5 VPN\f5fpclientW.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urfltarm64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialerres.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5DialSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnw2k.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\scew_uls.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprov.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5InspectorService.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_7521112906096127103\urSuperHost.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeFile created: C:\Windows\System32\drivers\urfltv64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnwlh.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelInfo.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urfltwlh.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltDrv.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnx64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\scew_uls.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_7521112906096127103\f5LogViewer.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\F5Win32CheckHelper.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetarm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5fpapi.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnarm64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhostres.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnwlh.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile created: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprovARM64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelInfo.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineTunnelService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\F5MachineCertService.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxdialerres.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI4CB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI175E.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5Win32CheckHelper.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\F5ElHelper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5InspectorService.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Downloaded Program Files\urxhostres.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\f5netprov64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SysWOW64\drivers\F5FltDrv.sysJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeFile created: C:\Windows\System32\drivers\urfltv64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\readme.txt
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\readme.txt
Source: C:\Windows\System32\msiexec.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\F5MachineTunnelService
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run F5_SAM_Client
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run F5_SAM_Client
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run F5_SAM_Client
Source: C:\Windows\System32\msiexec.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run F5_SAM_Client
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_612032262191525953141\ursetvpn.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeSection loaded: OutputDebugStringW count: 186
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialerARM64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5TrafficSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpndrv.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\F5 VPN\F5CustomDialer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI4CB.tmpJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltSrv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI175E.tmpJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5TrafficSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialer64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_62181222188171883516\F5ElHelper64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProvARM64.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\drivers\F5FltDrv.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltDrv.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\setup2000.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\F5 VPN\f5fpc.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\F5MachineTunnelService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\F5MachineCertService.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredMgrSrv.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5InstallerService.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\F5 VPN\F5LogonUI.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\f5netprov64.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urxdialer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\F5 VPN\f5fpclientW.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urfltarm64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5DialSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnw2k.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnv64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprov.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Downloaded Program Files\F5ElHelper.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\f5InspectorService.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_7521112906096127103\urSuperHost.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exeDropped PE file which has not been started: C:\Windows\System32\drivers\urfltv64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnwlh.sysJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\SysWOW64\F5MachineTunnelInfo.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\urfltwlh.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltDrv.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnx64.sysJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_7521112906096127103\f5LogViewer.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\F5Win32CheckHelper.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetarm64.exeJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5fpapi.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\2017\covpnarm64.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltSrv.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\covpnwlh.sysJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprovARM64.dllJump to dropped file
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe TID: 7120Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 6236Thread sleep time: -30000s >= -30000s
Source: C:\Windows\SysWOW64\msiexec.exe TID: 3980Thread sleep time: -90000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformation
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\MsiExec.exe" /Y "C:\Windows\SysWOW64\f5netprov64.dll"
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\F5 VPN\f5fpapi.dll"
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN\F5_TMP VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN\amd64 VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\Users\user\AppData\Local\Temp\F5_MSI_TMPd4b269cd4c564a40\F5 VPN VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cval
Source: C:\Users\user\Desktop\BIGIPEdgeClient 2024.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4 Blob
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting
1
Replication Through Removable Media
1
Windows Management Instrumentation
1
Component Object Model Hijacking
1
Component Object Model Hijacking
131
Masquerading
OS Credential Dumping1
Query Registry
Remote ServicesData from Local System1
Ingress Tool Transfer
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job2
Windows Service
2
Windows Service
13
Virtualization/Sandbox Evasion
LSASS Memory3
Security Software Discovery
Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Scripting
11
Process Injection
11
Disable or Modify Tools
Security Account Manager13
Virtualization/Sandbox Evasion
SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Registry Run Keys / Startup Folder
1
Registry Run Keys / Startup Folder
1
Modify Registry
NTDS1
Process Discovery
Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
DLL Side-Loading
1
DLL Side-Loading
11
Process Injection
LSA Secrets11
Peripheral Device Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading
Cached Domain Credentials2
File and Directory Discovery
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion
DCSync23
System Information Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
BIGIPEdgeClient 2024.exe0%VirustotalBrowse
SourceDetectionScannerLabelLink
C:\Program Files (x86)\F5 VPN\F5CustomDialer.dll0%ReversingLabs
C:\Program Files (x86)\F5 VPN\F5CustomDialer.dll0%VirustotalBrowse
C:\Program Files (x86)\F5 VPN\F5LogonUI.exe0%ReversingLabs
C:\Program Files (x86)\F5 VPN\F5LogonUI.exe0%VirustotalBrowse
C:\Program Files (x86)\F5 VPN\f5fpc.exe0%ReversingLabs
C:\Program Files (x86)\F5 VPN\f5fpc.exe0%VirustotalBrowse
C:\Program Files (x86)\F5 VPN\f5fpclientW.exe0%ReversingLabs
C:\Program Files (x86)\F5 VPN\f5fpclientW.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredMgrSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredMgrSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProv64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProvARM64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CredProvARM64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialer64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialer64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialerARM64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5CustomDialerARM64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5DialSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5DialSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltDrv.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltDrv.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5FltSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5InstallerService.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5InstallerService.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5TrafficSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\F5TrafficSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5FltSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5FltSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5TrafficSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\amd64\F5TrafficSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltDrv.sys0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltDrv.sys0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltSrv.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\arm64\F5FltSrv.exe0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5fpapi.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5fpapi.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprov.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprov.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprovARM64.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\f5netprovARM64.dll0%VirustotalBrowse
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\scew_uls.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\F5_MSI_TMPb8575537a6344cc8\F5 VPN\scew_uls.dll0%VirustotalBrowse
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
http://crl.entrust.net/evcs2.crl0%Avira URL Cloudsafe
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3D0%Avira URL Cloudsafe
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEGW4HADKtspZvoBq8nstnNM%3D0%Avira URL Cloudsafe
http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3D0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.214.172
truefalse
    high
    a1516.d.akamai.net
    23.44.136.79
    truefalse
      unknown
      e6913.dscx.akamaiedge.net
      23.46.226.182
      truefalse
        unknown
        ocsp.entrust.net
        unknown
        unknownfalse
          high
          crl.entrust.net
          unknown
          unknownfalse
            unknown
            NameMaliciousAntivirus DetectionReputation
            http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR1GyNn5ASZqsCEE5A5DdU7eaMAAAAAFHTlH8%3Dfalse
            • Avira URL Cloud: safe
            unknown
            http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRp%2BmQDKauE4nIg%2FgknZHuBlLkfKgQUzolPglGqFaKEYsoxI2HSYfv4%2FngCEGW4HADKtspZvoBq8nstnNM%3Dfalse
            • Avira URL Cloud: safe
            unknown
            http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3r%2F2ztWk1V88CEDWvt3udNB9q%2FI%2BERqsxNSs%3Dfalse
            • Avira URL Cloud: safe
            unknown
            http://crl.entrust.net/evcs2.crlfalse
            • Avira URL Cloud: safe
            unknown
            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs
            IPDomainCountryFlagASNASN NameMalicious
            23.44.136.79
            a1516.d.akamai.netUnited States
            20940AKAMAI-ASN1EUfalse
            184.31.69.3
            unknownUnited States
            20940AKAMAI-ASN1EUfalse
            199.232.214.172
            bg.microsoft.map.fastly.netUnited States
            54113FASTLYUSfalse
            23.46.226.182
            e6913.dscx.akamaiedge.netUnited States
            16625AKAMAI-ASUSfalse
            IP
            127.0.0.1
            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1654085
            Start date and time:2025-04-01 22:46:08 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsinteractivecookbook.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:44
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:1
            Technologies:
            • EGA enabled
            Analysis Mode:stream
            Analysis stop reason:Timeout
            Sample name:BIGIPEdgeClient 2024.exe
            Detection:MAL
            Classification:mal60.evad.winEXE@72/115@2/15
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 199.232.214.172, 20.109.210.53, 184.31.69.3
            • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
            • Timeout during stream target processing, analysis might miss dynamic analysis data
            • VT rate limit hit for: a1516.d.akamai.net
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:modified
            Size (bytes):663022
            Entropy (8bit):6.624187880312609
            Encrypted:false
            SSDEEP:
            MD5:6450778F2035D610728AFB46CEB1A6CD
            SHA1:6B5EFEF48E3F89A38100D7EC24F80F2E67572D32
            SHA-256:24433AF1CE0F3D2DBDCC200F663631AEB38F88A73078DC00176B644E6DC5A26F
            SHA-512:7ECA43A9DDE4674EB3755B5EF6DB4970F393D80EB7374FA88F9F75D0E9E8C35F73D6BD5C24E54AAFD9F1822A089B9BBB5966882B5A4B4DE9165E24A64F6A9BE8
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@..Z.@.....@.....@.....@.....@.....@......&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..BIG-IP Edge Client..f5fpclients.msi.@.....@...H.@.....@......icon.ico..&.{F2489D24-E7C7-4BD8-9D9B-933153C62330}.....@.....@.....@.....@.......@.....@.....@.......@......BIG-IP Edge Client......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{C8364D8B-2E12-443E-A5B9-57B31D020598}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{E3878270-33D5-4DC7-B7F4-84CC2D6AB810}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{8C1382BF-B240-4F12-9E9F-B694205CD979}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{73483232-DFAA-4530-8DB2-CF46F76D4052}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{8A28F97F-917B-4B91-9F36-72E6537DE5DD}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{319124F7-54E1-427D-A4A2-0BEBB9475BBA}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{540ADBDD-7947-407B-AD66-FDB8BEDA9B
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):663022
            Entropy (8bit):6.62418838803763
            Encrypted:false
            SSDEEP:
            MD5:BEDF1DD75159D6AC4647D6FC3C8F3504
            SHA1:975E0599F9163AA836278E15C22D0D08EDCED4E8
            SHA-256:EF944A346099314FFE5F9ACD656382867CD7ABF12C416F9C8D0BAC8D1A6B0C94
            SHA-512:7DDD58FC38DFE48187A62B70AEB79C02929296E8EAF45B94487B0EAFC94E74E910732FCB7A849B08B536CBFB181D301B58E35D353982A6A4E9C3225E530407A9
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.Z.@.....@.....@.....@.....@.....@......&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..BIG-IP Edge Client..f5fpclients.msi.@.....@...H.@.....@......icon.ico..&.{F2489D24-E7C7-4BD8-9D9B-933153C62330}.....@.....@.....@.....@.......@.....@.....@.......@......BIG-IP Edge Client......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{C8364D8B-2E12-443E-A5B9-57B31D020598}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{E3878270-33D5-4DC7-B7F4-84CC2D6AB810}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{8C1382BF-B240-4F12-9E9F-B694205CD979}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{73483232-DFAA-4530-8DB2-CF46F76D4052}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{8A28F97F-917B-4B91-9F36-72E6537DE5DD}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{319124F7-54E1-427D-A4A2-0BEBB9475BBA}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}.@......&.{540ADBDD-7947-407B-AD66-FDB8BEDA9B
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):308624
            Entropy (8bit):6.395067495963149
            Encrypted:false
            SSDEEP:
            MD5:ADB04D900DB585AAD045EC50526B6890
            SHA1:76FBD34E08A55D76381FF47F5D350C432BE0C2ED
            SHA-256:40E71854D5435C7999A83D8FDD188FF9B2D481C0B280FCC53B507BC49EE2C34F
            SHA-512:56D133C630EAC08229A898D858492522FBB56E771BC973BF347E6499E9AFC4619E3327EB6765BBC38E0BEA1C0DD349643E6B60FF304C68F8937B2924A57CA3E2
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.%...v...v...v.l.w...v.l.wH..v.s.w...v.s.w...v.s.w...v.l.w...v.l.w...v...v'..v.s.w...v.s.w...v.s*v...v.s.w...vRich...v................PE..L....^.d...........!.................^..............................................Kk....@A.........................z.......{..........x................-.......#...i..p...................@j......pi..@............................................text............................... ..`.rdata..,...........................@..@.data...............................@....rsrc...x...........................@..@.reloc...#.......$...d..............@..B................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):207248
            Entropy (8bit):6.623266892379698
            Encrypted:false
            SSDEEP:
            MD5:51EAF40E43EC9489EE0C16151F24D264
            SHA1:F4311CAA445B2502778946F9E90543BEB754C85A
            SHA-256:66E18EBBBBDB19D48239F51C5B49A6C3F8E0A71BCC6CD92790B22AED824646F8
            SHA-512:25CAEB99AD1385882D7C97B5B8496451B29ACAB6343D2138EA4FB0AB2C9B155E2188337F43738C79D20ABBC8855A72A33ADE53FCDC305F9D8B2B239BBA4FB718
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...`...`...`...a...`...a4..`...a...`...a...`...a...`...a...`...a...`...a...`...`\..`1..a...`4..`...`1..a...`Rich...`................PE..L....^.d.....................................0....@..........................P............@.................................d...........x................-... ..|#..`...p...................,..........@............0.. ............................text............................... ..`.rdata.......0......................@..@.data...............................@....tls................................@....rsrc...x...........................@..@.reloc..|#... ...$..................@..B........................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:Microsoft Cabinet archive data, many, 242637 bytes, 3 files, at 0x44 +A "cachecleaner.dll" +A "cachecleaner.exe", flags 0x4, number 1, extra bytes 20 in head, 19 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):254325
            Entropy (8bit):7.998080655532996
            Encrypted:true
            SSDEEP:
            MD5:77D51E8993B991E4E52325E7B3C3C246
            SHA1:C96AD0A322A8B708140119CB6E4BB947D6807BA5
            SHA-256:646AAB0AEF66786ADD6DB17F34F3F8F0DFA8038DBDABAFFEFA0BE87AAE56BC93
            SHA-512:D0502F0DF0B96AE9FE3F47F8767C7A35D8DBBDF568E4EBA91984C512B0E44126F0B9CDE5E508A6A3246487580A750551D95565DCD70BFA6A5B59FE183BF6AE69
            Malicious:false
            Reputation:unknown
            Preview:MSCF...........D...............................-.............................V.. .cachecleaner.dll..M.........V.. .cachecleaner.exe.2... A.....V.. .cachecleaner.inf.....6..[...D.0..."R`4..o...n..9W6++.-J....t..Y{.v@j..(.]S#...;.........x......h.M..\....v.+..3".*.......~...4X9'.#.}....n7.v7..<.I....IR....CR-R..vF.$.~h.;..U$.Z.r.z...K...ZU..%.j.*.r...P......h............n.w7o.~&_.]..2w9.s.r.TeQ.m.n.n.HR.v$$...u.....$..E...u..E\..@.........<waa@..W.GD.v.N.."..o.....s.....!.).}S...C....T..Mn.t...........U=t+....<...+.O{%......~>Y.......l..<;B.d#..a$?-.".*.V.Y%......._..[."..p?..kP..D.O.oW6d.[j........w~...;......-..........:0.z.4..3...}+.;.....?..z.....l8......<.jC.[q..<C.3.........D...Ts....ur....D.3.vX.hR=.l..d.J.;...x...$.&7:6+m..a.7.}..:.'t8.d..}...S.U..Ce..;.b5\S......1k...M.M.S.(}Bx..X. ".%.=.v.M6qw..:...L+...J.&..W...9...D..v..i:....W.-g}.)..Q.JE.Cl...O...\.R]..f..r.....6....D...vY.....D9.V....$..PF....x{..P":....f!o7m.*.C..[o:....8..
            Process:C:\Windows\System32\msiexec.exe
            File Type:Microsoft Cabinet archive data, many, 1189171 bytes, 5 files, at 0x44 +A "f5InspectionHost.dll" +A "f5PolicyServer.exe", flags 0x4, number 1, extra bytes 20 in head, 107 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):1200859
            Entropy (8bit):7.999619501905294
            Encrypted:true
            SSDEEP:
            MD5:0429ED781F6EA4E523DE8DDC7BD6C9C2
            SHA1:0F764EA06AC9E19CD96061F6D5E5706AA389ECC4
            SHA-256:B5799C5D0640F5F1EFFEC9ECEB9E592C2C9A8478C7AF857685E5F71D05C3C7CD
            SHA-512:0A626E7A97D10B04B10C02FA82E65E84E5206C95C13C0D65D1EA84A021A4DA1D926099CDDE42FEAD1FC1E67BB55AAF4109EA9F4BDC508E0BC242FFD40FE28E7B
            Malicious:false
            Reputation:unknown
            Preview:MSCF....3%......D...........................3%...-..............k....W.........V.. .f5InspectionHost.dll......W.....V.. .f5PolicyServer.exe..... o.....V.. .f5epi.exe......X2....V.. .ietrust.exe.....@05....V.. .f5InspectionHost.inf..F.*.&..[...O....."B`5..o...........i..\.V.K#..K.e.OG....#.S6X....... ....8..]..6.eM......0.."..EdDV5".x.....z.(...>|{....]..vU....k..."..|.H.......*H.k..".3...C..]L..K.LS"n..%..H.*..=..Q..S_e.W.......".."..?4...{..{.|...yw.....77......W.S....U #.R2..*.0 .0.@.D........'@?...?...gp..P.Af.....8..`:L._...U._.../s..=....{)..;...i........z.d.M7........Rs.L.~.Y6.L/Q..T.....D........_.`..P....p..^..{Q..l...K\?5......KW...:.b.%wh.r.....+v.....bG..v.7.T.U_...b>.3.................T<..5...|("...r..Z..P....8..=}.v*......[..2?)P...../.h......K9l.....NS....Qt.[.v.4P.V.@..ET...+.*..r...},<........h...H..........jbo..?...Y...wkD_...Ot.....[..kp...``.yG..N..&.._..n.f.....z6k...ue9.R...o......jeS..H.....Zt,l[Q.k..P...0g...+..W!.X..`7...|
            Process:C:\Windows\System32\msiexec.exe
            File Type:Microsoft Cabinet archive data, many, 474152 bytes, 4 files, at 0x44 +A "f5certchk.dll" +A "f5certchk.inf", flags 0x4, number 1, extra bytes 20 in head, 36 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):485840
            Entropy (8bit):7.9992978661870575
            Encrypted:true
            SSDEEP:
            MD5:3439E2057FF50AA92F21E6531CCBACB2
            SHA1:4FD8B4F4870AE164E3B4EC7E1A3092C3E778B4D5
            SHA-256:DA359EADE996F4FFC085D23214E01CD5A05CBCB55F98A33FCEA1AC2BF7E3B3DD
            SHA-512:94D89303FEEB7AA60C937CEA229E8D327CE1AD587E2DE26451625FA6A011B01B4F92374F167942D30D0E05D88074BBE48AD544DF129479291A1439AFB22AB890
            Malicious:false
            Reputation:unknown
            Preview:MSCF....(<......D...........................(<...-..............$..............V`. .f5certchk.dll.s..........V[. .f5certchk.inf............VM. .F5CertHelper.exe............V[. .F5CertHelper.dll..?..`1..[...B.0..."B`5..o.....z..l9V.MV...B].Z5.....8..K@...F.F..>_...N#N.....#E.P.K.%...w..E.M+E6TW#2.h..........6.w3{|..w....?t.s*...C.......n5.....5..IY.X...[..BT..kHF.*..I...\r...@...r.....T\.6....D..U..U......}........y....{.......%..*#YT.TM...R...`.......88. .9..c8....X.............U....0...e.s.V.g9..E...x..+$U.j.G...GTzGo..7.....cT#.Kod....5...}...m|.o.M.WC.a...~.....[...yK.=c..,...n.)...K..r"..L.m..l.g.A{..vkW.0.i6....s.n...D.c.....He....CP.........\.3..f..t3...+.....D....w........ykKf..e.b.>..k..}.1.m.&9.L..\........|.....}..r..x+U.~5.....FY.xURn......ZiK8H....p{k.m.......C_|.}..W.h..{...o["K....t..o.q.8.g.o./6,w.'...5j.*..Z&w..D..A)M...[.l..^[.5.........I..<.$J4..S./V3....Ux.i..xJH.,3.^+..h..@5(.h.L.A..C7.V7.p.............wX%C[-....\RX]..A B.oE..:.U..
            Process:C:\Windows\System32\msiexec.exe
            File Type:Microsoft Cabinet archive data, many, 375784 bytes, 4 files, at 0x44 +A "Win32SystemCheck.dll" +A "F5Win32CheckHelper.exe", flags 0x4, number 1, extra bytes 20 in head, 30 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):387472
            Entropy (8bit):7.998776425635658
            Encrypted:true
            SSDEEP:
            MD5:C7952F1E989E638CD2332A9333AC5651
            SHA1:29EF4553525964CBE3FF3D0ADF61D318A2AC8104
            SHA-256:1F00B38530CBCF570B7E1F25058006C475C18756EBF2ED96D8F856C737B1A748
            SHA-512:1BAEDFCBC34866A3CE8C1E2DC4306D326BC242E2A800932FAF1095F933E97C10DEA6F1CB0D60F26F521EF98DA649FF32580EE5BC0990B4497F309BD0E41116B8
            Malicious:false
            Reputation:unknown
            Preview:MSCF...........D...............................-...................+.........V.. .Win32SystemCheck.dll..5...+.....V.. .F5Win32CheckHelper.exe..... a.....V . .F5Win32CheckHelper.dll.r..........V.. .f5syschk.inf....&..[...M.P..."R`4..o...n...W..+.....t.]j...mH....e.kj.u.u....._...@|.G...).m..6.+`..r.N2`Z..ia..P.............1'=.......so.93...{..z.7.Ye.&....4.aHBB[.F. %V..jy...ZR..A.@..h.....,ZT.....P@.. .....*................y/o.-...v7.v..l..m...$....$....0Z...I...Y.l.2f!...j <.......i..<._!*........D..EC;....4..h.f..G.s...U.Y..ta[>..5.z.C}z.....H....W..m...S....=W....W..f..]...t.d...a..R.|..9.j...m...: ...-7O...:.;?.\....8L...@....^.J.+.J.#..-..P.k.^qD7.......#&.>,.V.L.v..".j."..._..a]I..."..y).>.z..X.r[&.L..S......../.......n....,..x[...6..*%......woH..$....-D..[t.*..^....kO..6.q...]}... ..f...Rz.~...._}......).79.Y.N.Te..@F,...}.]m[.G.R.iF...?.........X...$M.k.}.}c...a............IT....&.....+............S@.k...-....m|zP......5?.V9.h...B...
            Process:C:\Windows\System32\msiexec.exe
            File Type:Microsoft Cabinet archive data, many, 1719502 bytes, 3 files, at 0x44 +A "TunnelServerX.dll" +A "TunnelServer.exe", flags 0x4, number 1, extra bytes 20 in head, 139 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):1731190
            Entropy (8bit):7.999803470561026
            Encrypted:true
            SSDEEP:
            MD5:19CE3267ADC4B3247DB30373DC69BC28
            SHA1:4B0F554309F864CE0939D0B7D15822B89FA79D60
            SHA-256:4E0381DBA01EFB0684EDD05F01D9D7B9B0FFDCE49533161961AFCB1B3566AE1C
            SHA-512:35B5464C03D4D0CDB35372E84DDCE1DB4428254FAED663DCBACC6087E58F136571F1B41CA335991EF79B646A52142951BDB2E8740EACD6519696C444D485B142
            Malicious:false
            Reputation:unknown
            Preview:MSCF.....<......D............................<...-.............................V5. .TunnelServerX.dll...<........V8. .TunnelServer.exe..... .E....V2. .f5tunsrv.inf.h5...,..[...M....."R`4..n....].f..r.\..]&N+..V{i.Y..L ......]....$......7W.++...m.\....!v.+......D..l....{..o..C....Gn...7.77.Svs....uJ.}....'.....d...j.G.HBF.K....2.Z.r.#...T\.#\.....D\...0>@"j..f.........o.~w..wo+w..f.]].U.t.T..I.1U#..n....EMh%.#..p...@.xB..B......G.. @@../.9.$.l..1(....\..@Bt.S...b.....+\.Q.[?HLR...K.^.#.z._...D.W.$..R..[.g.J[Gz....[.J.3..._d.}..u..9..\.S.'.U=V'71r....\.1n.ob..>.[......).......N.[DC....s,..^;....r..,.@..!..0&1>..o*.F..Y.R..V.....J...d.=t#y..k....z..[0Y...S..'..=W....!.c......1...@g;..bq..*5."W..a.0.1.#.].$p....a...........>.......n;K.z.....p..B..J7'\0...."I....z.5....J...i.b.u...F......R..&X...eN4.X.L.n.}...M...U...j.E..T.s.k..z..j..*u...R.....V65s....m.iMSD..Y.[.......m.].......7.a..... ......d........Q"|..I.V.{{.Y..Vg.c7..j./...N..-
            Process:C:\Windows\System32\msiexec.exe
            File Type:Microsoft Cabinet archive data, many, 1228409 bytes, 8 files, at 0x44 +A "f5Sandbox64.exe" +A "f5_mini_browser.exe", flags 0x4, number 1, extra bytes 20 in head, 98 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):1240097
            Entropy (8bit):7.9996747865933635
            Encrypted:true
            SSDEEP:
            MD5:C502A03D71C81D099AB4C253AF692F5A
            SHA1:1B89216FA7A0184B6EBED160D1260362D095BC0D
            SHA-256:C6592EE0FC3B3D626D84F1A56FCF49785E27945937479EFCFBC24E14C88330E0
            SHA-512:02BE7E7CEF378231565FAAC74DD3B8A6B6B1FD5A91BC584DFC8FEE67B69965910857573F35711C1DC986C2607CBF1DDCB050D52FADE212018F1CDACBBAA79E15
            Malicious:false
            Reputation:unknown
            Preview:MSCF....y.......D...........................y....-..........A...b....}.........V.. .f5Sandbox64.exe......}.....V.. .f5_mini_browser.exe..g.. ......V.. .f5_sandbox_desktop.exe..?.........V.. .detoured.dll..M..@0.....V.. .f5Hook64.dll..{...}.....V.. .HookDll.dll.....`.!....V.. .vdeskctrl.dll......0....V.. .vdeskctrl.inf...u..D..[.......`."C`3.._..vky...ZV.F.(....fu...Q$...b!.@..(...5.h..3!@.$:.;I.....P.........c....BrQ2.......@..v...@......}...t...R.}[[W. .l.5...].2.d..H.\~.[.c..q..,).........r.......6n...[t/..........h......Wy.%c..C..+......=.. .....f..$l.>b19...cN.v(.y!..2cDa.T.n...uk..W..6FT..{..d...n.wdD.J.G.n.v...(..&S..\wm..:.....p;.....X...o}.........l.aL.....b.0Y.?.w.....Fw...@....r{.w.J.s....D.DQ.'8..~..}.S..@.:?..b.....N..VW........J.......O%..E...7.irU.Y. i._Sr..U.|.,.%.#...A5.]..L...99..$.o.u_..6......:...p@$]..........7.R.....fM.......q....~r..-$=....R...oG.../.K.#.p..S'o,V..W8..5n.P9...E..+Xf.C..I.).^...+...X1.TL.......u(ndsK{.XE....(LNMl
            Process:C:\Windows\System32\msiexec.exe
            File Type:XML 1.0 document, ASCII text
            Category:dropped
            Size (bytes):638
            Entropy (8bit):4.715424147257329
            Encrypted:false
            SSDEEP:
            MD5:254FABC463EBE978CA9BA89E30A1CA87
            SHA1:BDE920D4EDE24498FAD546E962EC7C949F77E5B0
            SHA-256:679E94B9330543985F2BF5E1834FF7AAC39343E38ABD04DBE34CD5C8525AF2B5
            SHA-512:215A912E55EB3479846EA17F042A252D2FE9DAE0894842B0CB0F9D590E7657241DB959C7E11AB33E594BEBDBF44745C9BC023B530117A1F7C4AEDE4D364A2B2F
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="UTF-8"?>.<PROFILE VERSION="2.0">.<SERVERS TRUSTED="YES">.</SERVERS>.<SESSION LIMITED="YES">. <STAYCONNECTED>YES</STAYCONNECTED>. <RECONNECTIONS>5</RECONNECTIONS>. <SAVEONEXIT>YES</SAVEONEXIT>. <SAVEPASSWORDS>NO</SAVEPASSWORDS>. <REUSEWINLOGONCREDS>NO</REUSEWINLOGONCREDS>. <REUSEWINLOGONSESSION>NO</REUSEWINLOGONSESSION>. <PASSWORD_POLICY>. <MODE>DISK</MODE>. <TIMEOUT>240</TIMEOUT>. </PASSWORD_POLICY>. <UPDATE>. <MODE>YES</MODE>. </UPDATE>.</SESSION>.<LOCATIONS>. <CORPORATE>. </CORPORATE>.</LOCATIONS>.<UI>. <CUSTOMIZE>. <LANGUAGE>. </LANGUAGE>. </CUSTOMIZE>.</UI>.</PROFILE>.
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):459664
            Entropy (8bit):6.6511856034726495
            Encrypted:false
            SSDEEP:
            MD5:35F44F005B65B89DE6F0D247EE116688
            SHA1:0217C835827A32CA62AA5868B25E5B63BB22BBC5
            SHA-256:9CAB95BA2B65F507371751B9473F9AEE1B2F62CC846E562EE48668BA3406276C
            SHA-512:4831EB32FA9A98D0B6B164A3B14367B5BFAE026B4D9E7E41992A4140852297EC229C4640F870D6AC6D455D789DFA9C0CBDFC2BFEE03BE9B0063D21CD7C357106
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i5...[D..[D..[D.hXE..[D.h^E..[D.VXE..[D.V^E..[D.V_E..[D.h_E..[D.hZE..[D,VZE..[D..ZDB.[D,V_E..[D,V^E..[D)V.D..[D,VYE..[DRich..[D........PE..L....Z.d..................................... ....@.......................... ......?.....@.................................|n..d.......(................-......<G......T...........................(...@............ ..p............................text............................... ..`.rdata...[... ...\..................@..@.data...H(...........h..............@....tls................................@....rsrc...(...........................@..@.reloc..<G.......H..................@..B........................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):5020560
            Entropy (8bit):6.602013450050986
            Encrypted:false
            SSDEEP:
            MD5:04F92E6A46911B98B1CBF97B478A1F19
            SHA1:B9663D1F65C9E5368D117B2EF2654FC54135CCC6
            SHA-256:F903DB2DD82ED76508213527285F1876A915F4AC4C45366AE2665DEBD4E16162
            SHA-512:E0F275B73BEE57F7D87E191B7480DD7C3B637360E44356AE288B4C5C7702CD85D39E7ED5F0E51B1B947AA60C9955DA3A367A86AA3C6493C75795D045CE8C1738
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........'..^F..^F..^F..|&..GF..|&..KF......XF......\F..|&...F..|&..OF......\F..|&..CF..^F..@B..e...FF..e...JF..e...'G......9F....S._F..^F;._F......_F..Rich^F..........................PE..L....Z.d.................4*...".....`.$......P*...@..........................0M......L...@...................................4.@....P6.hp...........nL..-....I.`[....1.p.....................1......T..@............P*.......4......................text....2*......4*................. ..`.rdata.......P*......8*.............@..@.data.........5.......4.............@....didat.......06.......5.............@....tls.........@6.......5.............@....rsrc...hp...P6..r....5.............@..@.reloc..`[....I..\....I.............@..B........................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
            Category:dropped
            Size (bytes):73305
            Entropy (8bit):7.996028107841645
            Encrypted:true
            SSDEEP:
            MD5:83142242E97B8953C386F988AA694E4A
            SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
            SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
            SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
            Malicious:false
            Reputation:unknown
            Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:data
            Category:dropped
            Size (bytes):330
            Entropy (8bit):3.277302618519546
            Encrypted:false
            SSDEEP:
            MD5:403A9AC4A11EF5795AF8D613B554795F
            SHA1:027BF65BDA1652F92A21FC02BC9E50BDA8EF2577
            SHA-256:2F9320BECF583E7484FF082CB93798E27BBBA931F5FBD790EC43BC92ED2C81A0
            SHA-512:7685C106207D2330BED21E07085BD5B556BB28C181ED6357124176EAE5E29851058FE85EC1F15BC5ADB64A4D4D7DE20CCDEF27BBE6B21EB44AB9804CAC4CAF7B
            Malicious:false
            Reputation:unknown
            Preview:p...... ............G...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Generic INItialization configuration [SRCEI VPN]
            Category:dropped
            Size (bytes):1563
            Entropy (8bit):5.195509425022107
            Encrypted:false
            SSDEEP:
            MD5:041A111B8E7DFA0BE0F59F4FDF86765A
            SHA1:5E1EFE994E0CFFA3C252C51F6D07E07990B97FFD
            SHA-256:4C5660389EA617541191C2FEBEC22738894E77E802C3057A3F4FA509FE4095C4
            SHA-512:C095B21CB7F2FD31DEE2A4C6D58E40635C07E0E38DA6F7EF7DC734EB352A234EE06AC4CF90AEBBFDBDF1C17743EC09AF92226492EFB43331ADA26959E336ECAC
            Malicious:false
            Reputation:unknown
            Preview:[__Entry__]..Name=SRCEI VPN....[SRCEI VPN]..Encoding=1..Type=1..AutoLogon=0..UseRasCredentials=1..DialParamsUID=..Guid=179A8CD5AAC779E81D0BD9A281D98D1D..BaseProtocol=1..VpnStrategy=0..ExcludedProtocols=3..LcpExtensions=1..DataEncryption=8..SwCompression=1..NegotiateMultilinkAlways=0..SkipNwcWarning=1..SkipDownLevelDialog=1..SkipDoubleDialDialog=1..DialMode=1..DialPercent=75..DialSeconds=120..HangUpPercent=10..HangUpSeconds=120..OverridePref=15..RedialAttempts=3..RedialSeconds=60..IdleDisconnectSeconds=0..RedialOnLinkFailure=0..CallbackMode=0..CustomDialDll=..CustomDialFunc=..CustomRasDialDll=..AuthenticateServer=0..ShareMsFilePrint=1..BindMsNetClient=1..SharedPhoneNumbers=1..GlobalDeviceSettings=0..PrerequisiteEntry=..PrerequisitePbk=..PreferredPort=..PreferredDevice=..PreferredBps=0..PreferredHwFlow=0..PreferredProtocol=0..PreferredCompression=0..PreferredSpeaker=0..PreferredMdmProtocol=0..PreviewUserPw=1..PreviewDomain=1..PreviewPhoneNumber=1..ShowDialingProgress=1..ShowMonitorIconIn
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):326032
            Entropy (8bit):6.4063988115370485
            Encrypted:false
            SSDEEP:
            MD5:F9A07C0A471BB2630FC5D2C7A30E58AF
            SHA1:B680A4D6AD4A3D4E3A234FA7B29ACCC8DBE650FE
            SHA-256:9FE88F23F76F3E6B3A1C2F6D179383AB674E142342769A93E318ABC0B92ADD07
            SHA-512:23CD5B10DD34EF1978D40CFBE2C7CB04A23C7CAC6DCA3829DE20AD3C71682547E99B85E04FBBA0D3DC71653399F5BFD4EAE2EC9376B5201184CCB23482C2A75F
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t...0.0.0.$...:.$.....$...".\...#.\...".\.....$...!.0.0...8..H.1.0. .1...1.Rich0.................PE..L....Z.d.................:...................P....@..................................K....@.................................`}..x........................-......p<...:..p...................@;.......:..@............P..T............................text....9.......:.................. ..`.rdata..B;...P...<...>..............@..@.data...|............z..............@....rsrc...............................@..@.reloc..p<.......>..................@..B................................................................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):278928
            Entropy (8bit):6.6332271790116595
            Encrypted:false
            SSDEEP:
            MD5:E8D6595097142F5827B37AD1A929DB73
            SHA1:6A6C10C38915A6FE2581FF4CFC55B359D4261A95
            SHA-256:644AE70347BF92C38BD17AFF652E9DD78FF2E0137023F274F7178B2704C84FBA
            SHA-512:313962989AF2A56FE9436BDA72DE70C235BAA5B874530CBE874C0464E880C2896DC8BA09D58F5F7EFAD98209949893DBCD0038752F7D3F49D94E9101D6106398
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&..tb.'b.'b.'v..&n.'v..&..'...&r.'...&q.'...&D.'v..&v.'v..&{.'b.'..'...&o.'...&c.'..E'c.'b.-'c.'...&c.'Richb.'........PE..L....^.d...........!.................Z.......................................P.......L....@A............................p... ............ ...............-... ...,.....p...........................8...@...............,............................text...z........................... ..`.rdata..B...........................@..@.data...d...........................@....rsrc.... ......."..................@..@.reloc...,... ......................@..B................................................................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):339344
            Entropy (8bit):6.398259775788912
            Encrypted:false
            SSDEEP:
            MD5:008A6E4D7544EC515D4C21B80389C8B8
            SHA1:F178998E2C1155A026C189C301E799C18752B251
            SHA-256:AC68375229F02CF50350397B0FA5755F3FCD3D338AA1B68F028137FBB2B8FC0D
            SHA-512:CDDD1F37402209B132B083AFBE63E30DD3726A938C38B8667461ED8A090C2D6AB16667B851130AECB50244699F6477C9DCC1C84EA49C12755465333B3DBD7814
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L..Y............................d.......d.......d.../..........................................e....................Rich............PE..d....^.d.........." .....~...........y.......................................`............`A........................................P...p............ ... ......d#.......-...P.......H..p....................J..(...0I..8...............p............................text...<}.......~.................. ..`.rdata..n...........................@..@.data.... ..........................@....pdata..d#.......$..................@..@_RDATA..............................@..@.rsrc.... ... ..."..................@..@.reloc.......P......................@..B................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):350608
            Entropy (8bit):6.310052847827286
            Encrypted:false
            SSDEEP:
            MD5:B38D17EBB14F307E38FF2D4CBB39391C
            SHA1:B41539C9D5B6D8A9A4D0D3CC483E4BB133C4FFE2
            SHA-256:837CD81F20964F52FCB7EF760DD9636F70067304021FF84CCD6A7CAC3A6679B0
            SHA-512:6714D6BDBB402419F22D73C986267E33D2372A28D05CAA055D6965C792AE03C5492962654050E89F5BC84E121FAC3B930BDF60A73EFAE7AD30FDE87FA924548A
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.0V..cV..cV..cBy.bT..cBy.b...c:f.bF..c:f.b_..c:f.bs..cBy.bY..cBy.bO..cV..c...c.f.b[..c.f.bW..c.fCcW..cV.+cW..c.f.bW..cRichV..c........PE..d....^.d.........." .........................................................p............`A........................................P...t............0... ...........,...-...`..h....l..T....................n..(...pl..8...............`............................text...|........................... ..`.rdata...(.......*..................@..@.data...............................@....pdata..............................@..@.rsrc.... ...0..."..................@..@.reloc..h....`.......$..............@..B........................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):338320
            Entropy (8bit):6.16514275858668
            Encrypted:false
            SSDEEP:
            MD5:B4B3A46D9291A062C8643722CD194C34
            SHA1:DED2D051CE50A85E21C740474DFBF0179FC4742E
            SHA-256:02FCF673804D8186C54304C8EA7C87817A6858358C2CD01764D6BA071EDFB2DE
            SHA-512:F6E6D697470C205776140447ABFEB0FF0B9D961169F6CECFF305590E0796A308C009E8A5E7F334C203565A04331C8BA1B2020DE40CE6E834408B5AB25D894D12
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q;...U...U...U..{V...U..{P.I.U..dP...U..dQ...U..dV...U..{Q...U..{T...U...T.(.U..d\...U..dU...U..d....U..dW...U.Rich..U.........................PE..d....^.d.........." .................@.......................................p.......a....`A............................................................(....@..<!.......-...`......`...p.......................(......8...............h............................text............................... ..`.rdata..............................@..@.data.... ..........................@....pdata..<!...@..."..................@..@_RDATA.......p....... ..............@..@.rsrc...(............"..............@..@.reloc.......`......................@..B........................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):327568
            Entropy (8bit):6.099110509324885
            Encrypted:false
            SSDEEP:
            MD5:3EF678DF80099E78B9859780FFB76F78
            SHA1:54E21933FCEF303CAF280AA7D3ED71FB239F8676
            SHA-256:509B01AD13B0B21181FEB7221C8006C3CB04D6BFB5B2BDE15DDB059B32B7D3CF
            SHA-512:71868BD99956827E796442DA362A8ADFE52E0418FFFE1F123A3B4A80DFB7D522F2E94351DD91F709E7FC9CF9A8CC4A4A03DFDA8D1236311A3E94E51D1F306FC3
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Ap../#../#../#..,"../#..*"../#..*"../#..+"../#..,"../#..+"../#..."../#...#o./#J.&"../#J./"../#J..#../#J.-"../#Rich../#................PE..d....^.d.........." ................`P....................................... .......p....`A........................................P.......\........0..(................-..............T.......................(...p...8............ ..h............................text............................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...(....0......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):3141008
            Entropy (8bit):6.853037239086006
            Encrypted:false
            SSDEEP:
            MD5:BC969F1D821935BCCD6EBF509705B8E9
            SHA1:36C9AC7869B9948E05FBCDCED1A2D78B9E9C52BF
            SHA-256:EC741E5B8BAAB91FB30D1AAE855079C8BAE6BF3FD40CF15F1057B0AE5D600FB5
            SHA-512:BC00B31907655B741DAF8565C4A0CD0317F32222E4C281FB8CB4797CC898C3353DC1B4464F90F68D3103042B8B3208C30EF9C82848DC1FEBE28B9FD77F3162B8
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........,.X.Mk..Mk..Mk..-h..Mk..-n..Mk..-o..Mk..Mk..Mk.,.o..Ok...h..Mk...n..Mk...o..Mk.^.n..Mk..-m..Mk.,.j..Mk..-j..Mk..Mj..Lk.,.b..Mk.)....Mk.,.i..Mk.Rich.Mk.........................PE..L....^.d.................."..0......P........."...@..........................@0......_0...@.................................`.,.h.....-..R............/..-...P........+.p...................|.+..... .+.@.............".H............................text....."......."................. ..`.rdata..t1...."..2....".............@..@.data....... -..z....-.............@....tls..........-......~-.............@....rsrc....R....-..T....-.............@..@.reloc.......P........-.............@..B................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (native) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):46432
            Entropy (8bit):6.84055318092562
            Encrypted:false
            SSDEEP:
            MD5:C5C798582BCE0CEDE113102A0FFE098E
            SHA1:BB5C782050F96E3FF25F433D405E6B2AE36D5EB4
            SHA-256:ACC6408C5D90B4C208507FC0291557189D937FC5BD63EEDF3DD8498F546CDC0C
            SHA-512:A8B9DEDBCAB1F0CCE2B246F4FBA5E831F8BD9B18EA91D482AB977C34930E01C70756A3F3ACDCBC54C2C16AF49D9E7EA273627AA3CCFD4B67DEF20C87B9131B45
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.@.6l..6l..6l....(.1l..6l/.zl..../.1l....-.2l....+.2l....*.9l...2*.>l...2..7l...2,.7l..Rich6l..................PE..L....`.Z.................^..................P....@.................................YY....@.....................................P....................v..`?...........T..8............................U..@............P..<............................text....:.......<.................. ..h.rdata.......P.......@..............@..H.data...T....`.......H..............@...PAGE.........p.......J.............. ..`INIT.................b.............. ..b.rsrc................l..............@..B.reloc...............r..............@..B........................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):661392
            Entropy (8bit):6.403800444384193
            Encrypted:false
            SSDEEP:
            MD5:6C43416F64E447471792896E5117AA97
            SHA1:E4038B30CD6CA3877A5AF49E110E0DDC0BCD9627
            SHA-256:33D7E1E40B8BE3779E10CE6B417C605BA5004AF649116E80944089D8C16F997A
            SHA-512:103B3EFA44C16DE3F0445110ABCBC080750B12C7B7D53F58AC5EE6849A27912B696F2C853477D63E4681AE15E750CD8FBA7E8D811C088A92CF18F2B2C0DAEBDF
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.................................................................................Rich............................PE..L....a.d............................`_............@......................................@.................................._.......P...................-...`...o......T...........................H...@............................................text............................... ..`.rdata..............................@..@.data........p.......^..............@....tls.........@.......n..............@....rsrc........P.......p..............@..@.reloc...o...`...p...z..............@..B........................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):594320
            Entropy (8bit):6.588263490398597
            Encrypted:false
            SSDEEP:
            MD5:D7E961A9B532F5C1046EF3E63224E448
            SHA1:DB352FEAF613DE516C7649C178B8734950D355DF
            SHA-256:C83A6FE8226B24A658E5604C06D4DC031B074196D1334F438DBE595D51EBADB4
            SHA-512:62A3B2106906EF1FE60AF30C9EB98AB11BA3D403E0C7C1087A5AD07F4CF622ED5E1A8850161BD746CBBB3FF96253A8F8A9E6B918AD5FA9ECAB885D4DFE495C92
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.J.Y.J.Y.J.Y.h.Z.G.Y.h.\...Y.q.Z.^.Y.q.].X.Y.q.\.a.Y.h._.H.Y.h.].Y.Y.h.X.].Y.J.X.f.Y..\.I.Y....K.Y..[.K.Y.RichJ.Y.........................PE..L...TT.d.................T...................p....@..........................0............@..................................!..........8................-......P.......T...................4..........@............p...............................text....S.......T.................. ..`.rdata..F....p.......X..............@..@.data....5...@...*..."..............@....tls.................L..............@....rsrc...8............N..............@..@.reloc..P............X..............@..B................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):259472
            Entropy (8bit):6.592021102815433
            Encrypted:false
            SSDEEP:
            MD5:4994AC0DB31AFE77C07EC580A3D1574B
            SHA1:5BD9484FABD2DD3C91D3200B0A18DABE3C34B656
            SHA-256:24B1A3E731221C5F3A8EACD7C62599C8E7678261BB576F4E9A09A6ECAC0B59CA
            SHA-512:F56BCC9018572D11DBB3E3C3E90B6B42F5033A64BAC9A1A6CE3D0E798772868884C459557A885BD28E1F2B7FDD1CFA7C5A5D0A2CFE069504128EB37744BE9C98
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............^...^...^.._...^.._...^..._...^..._...^..._...^.._...^.._...^...^c..^..._...^..i^...^...^...^..._...^Rich...^........................PE..L...^a.d.............................n............@.......................... .......j....@.................................$...........x................-......x1...S..T...................TT.......S..@............................................text...:........................... ..`.rdata..............................@..@.data...$............~..............@....tls................................@....rsrc...x...........................@..@.reloc..x1.......2..................@..B................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Microsoft Cabinet archive data, many, 2099915 bytes, 7 files, at 0x44 +A "InstallerControl.dll" +A "f5instd.exe", flags 0x4, number 1, extra bytes 20 in head, 172 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):2111603
            Entropy (8bit):7.99982528246657
            Encrypted:true
            SSDEEP:
            MD5:85DC799A2312183C854145CFC6B02446
            SHA1:20AFF101BB53732040C40E2A64F1D0A7A07EDCE9
            SHA-256:E525E1963D6CD20F2E0BE2A23A836772AA980DD583460D26DA9F45606F59F32C
            SHA-512:F72F829CC397C209D161A06C9DA30A2225C9C6A7B8EA955E2443AC2204F5FCD8C70D6D1C72AB2889FB9F58166E70F51C101F52EFD1DC04091E1CB477818B55B7
            Malicious:false
            Reputation:unknown
            Preview:MSCF...... .....D............................. ..-.............................V.. .InstallerControl.dll............V.. .f5instd.exe..{.. ......VV. .F5InstH.exe..q.........V]. .F5InstP.dll.....@......V.. .uregsvr.exe..!9..s.....V.. .f5unistall.exe.....`.U....V.. .InstallerControl.inf...$.2..[...T.@..."R`4..o...nt.\.W.++).J....ti.Z{.v......s7.J........x=.c..0....\...6pa......l.V.%+E6.e#2.W............O....w.>.s...9.V....ewn...Z......-.b.6....>...$D.*.....$.Z...P...nG.Z....{.B......H....`....={...w..ww.y.9..23Yd.r.LfS........]..6j......!."|.`B........?..C...4.?._....../.E.<P\A.......'..v.f...%....[b?...~"..M.=..7.o...%?.}./.(=.^.W..>.:g...R.'z..-+W.........>]f..G.x..../N.~.Z....|..^.j.....J_oo.Ks.?[..v{...<....S.-.7...\..^*.j..;.....).s.hw..n...Y.PT.X.....x....*..DD....2..[...\t......eH'.m......_m...VM..3....as.?tY_..hai......B..}..>D_.`N>..z>.[.)i.....WFJ.......%.I.w.W.)..1........%.?..i.Ko..x.E.J.O../....S..7.e ......vD...e.m8.."..z.;gLz..zU.......
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Microsoft Cabinet archive data, many, 8373253 bytes, 10 files, at 0x44 +A "f5OesisInspectorCom.dll" +A "f5OesisInspectorCom4.dll", flags 0x4, number 1, extra bytes 20 in head, 470 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):8384941
            Entropy (8bit):7.999958387169331
            Encrypted:true
            SSDEEP:
            MD5:3C3FCDD44F469395975BE592482A28B9
            SHA1:5ED00297D258E095A507EC582F0DDA14DDC06738
            SHA-256:2D73F4FF8CCC728FD7A51C05734BFC89229399C79036BA33723707DF0F00CF2E
            SHA-512:495FA6639A345E17B15BE105DED98C374DFB68F771F24F892AF488088B0D1266D5F133CEC17078DD6E4580CDD8087791D3BD04809EBB14FE126CABC653BE822C
            Malicious:false
            Reputation:unknown
            Preview:MSCF............D................................-.............................V.# .f5OesisInspectorCom.dll..Q.........V.$ .f5OesisInspectorCom4.dll..... ......V.$ .OesisInspector.inf.p..........V.+ .libwaapi.dll.p>..D.%....V.+ .libwaheap.dll.p\....&....V.+ .libwalocal.dll.p.9.$"?....VX9 .libwaresource.dll.p.%.."x....V.+ .libwautils.dll.p."........V.+ .wa_3rd_party_host_32.exe.p.*.t).....V.+ .wa_3rd_party_host_64.exe..{..Z3..[...A...."3P4..]....m..+W..1`.F...@..O........M..P{5(.S.78z>..6..T...F...T..3..l ....4..ys...\..d..F......U.V..H.w....o.w.3s>p..R..s'..>..*.......Tm...HF...v...ZR.*G].A.T.r;..P.T.. ..`-m9....V=.K8H%Z).`.F..h..........y.o..o..zW..{U..Wu..r...JS.#....T.H)G.F(0.M!..........$x.0...`..#(.:F.0...-.1......5....,..w...-.......Q)..W.U.j._.......?...gh.O.z.O.I....Ru.I..z...1c..c}..a.Fk.\/...Z.....)[.I.....k..t`\......jn.:....~kc-n....{kS..o.z.....Y..`.>|....R3.+...k......0g/.....o.D...z...}........_.+e....y."{..Wk...:.n...y.J...z........+M.i..}\i..$
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Microsoft Cabinet archive data, many, 947494 bytes, 6 files, at 0x44 +A "urxhost.dll" +A "urxhostres.dll", flags 0x4, number 1, extra bytes 20 in head, 80 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):959182
            Entropy (8bit):7.999608417711804
            Encrypted:true
            SSDEEP:
            MD5:A7C8202CE8B188EB6D06514B975BFB4E
            SHA1:6099D40F2FFF661ED207B1DBE3F5DA9C86CB07EA
            SHA-256:0725503A0EE1286B2F61440E6223FA9708C990792D667818A7C7E054FE090591
            SHA-512:82AEC144745A3D1B48906782AD4B1B61FB4C1BC0CF9106F6DC388CF152745403124CC009671D6B7DB9006FEA617A454AA43126F6E134B279D642DC6325ED2111
            Malicious:false
            Reputation:unknown
            Preview:MSCF....&u......D...........................&u...-..............P....;.........V.. .urxhost.dll......;.....V.. .urxhostres.dll.!... A.....V.. .urxhost.inf.....AD.....V.. .F5ElHelper.exe..U...[ ....V.. .F5ElHelper.dll.....a.#....V.. .F5ElHelper64.dll.....*..[...L.P6.."BP5....o{.m.W.z[.+....J..Z7.V.....3.+.4...K...G....1Gwst....GV.M-..d.......d.r!..*+.1;........~........{..t...{..{...fHR.U...I..X-.F.{.TIjj....da.Ye...P.*.\raK....\.{B...U\..q.....B..".....{8..w....{.w...{.....T...n....JT.%...."E.q.H. M.... .HBBx..0.Xh.... .)...,...[.h..a...}...j.-...d.k.T.e.Q.......C....C..z.>.z.^../z.QI=?D.G.}E.B..3.......n.r.eX..z...t......'...D.S......z..[{Bs..;lYkm....I..Du.;.{.q...........J.E..........\.."..`.O..M.......F.....=.>.Z.u......7.L.ZX9ydg.s9H:........0.w[.`..........T9...2.zc...K..rV.k......f..*.U.C\j."H.X.....U..m...R.r)...._..d..6.l7...A.......U..%..G....Ys.h........\.O5..(....Y..W....^.<.e)s..e.....K..]w..\.U.[g...M...p^Z)..D.."....(.l.=>c..'.s
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Microsoft Cabinet archive data, many, 1630937 bytes, 4 files, at 0x44 +A "urSuperHost.dll" +A "urxshost.inf", flags 0x4, number 1, extra bytes 20 in head, 138 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):1642625
            Entropy (8bit):7.999781026765009
            Encrypted:true
            SSDEEP:
            MD5:4F88E64FE6A4F1B95E72019BB09B84B4
            SHA1:0F73A9C03758E04DD538E3096C56A76BADEE2A7C
            SHA-256:9262DBE53DC8D1B6CDC3CA2AD5232AFBE2A88FA5680E4BB682D6F59D2C16BA0A
            SHA-512:B60DC6024C8ECAB0F885A13A7E95F070630015A159CF7BC3E997D5337662A2341AD4634CD5CFFD07ED64C73C517D557AB14D2469449E9AE9107FC7BECE283BC5
            Malicious:false
            Reputation:unknown
            Preview:MSCF............D................................-...................7.........V.. .urSuperHost.dll.F....7.....V.. .urxshost.inf......9.....V.. .f5vpn.exe...!.fU#....V.. .f5LogViewer.exe.xn...5..[...P.@..."R`4..o...n..W6.-..J.e.i..4..A. 5q$...n....K........A<...r%...y[.r..`..0....fe...jD.......w...g.}....=>g..9.ye.oBI9.'... .....5->!.MV...6...6.j9..6.P...r.v..\...j.*7...m..,....tR.......Z.......y.s..7os7lf..2.&.If...[.je.I.nUG._\...7M.b.... ..B..@.4."... ....@?.(/....:z.......V.u..L..wQ.)....X..+.....O...i.........>I..z.W$._..N..i..>..6...UO7.O.Ks..O.m.+.OvSS....4.fN$.r\f.0=.T..B.zZy..^.j......../Zy.&..R.[g.....p^...C\...6S...*..a.\.......b."h.v..E...&)...n/{.."...d4..`a.@./.#.T.|..$.../.4..^[.+..h.O|{r....DC`V..n...KuV?.!....-..C...%14.[k.>..#h5m..y.^..Y.B...R.{.Q'...u'..&{..Bz..W....:7.v........S.B.$.;@.g..e_.J.-....e.........).............>...m.3..LR=}am.......M.a..K.$.yU...k.D.V.c.....5i.'g#...4vJ..sf..+.>.l=..........1&.Y.E....U_U..
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Microsoft Cabinet archive data, many, 1600376 bytes, 31 files, at 0x44 +A "urxvpn.inf" +A "ursetvpn.exe", flags 0x4, number 1, extra bytes 20 in head, 133 datablocks, 0x1003 compression
            Category:dropped
            Size (bytes):1612064
            Entropy (8bit):7.9997360974894836
            Encrypted:true
            SSDEEP:
            MD5:CDA7AD6F6D7DF610B59CCA9DE46D943A
            SHA1:6B36081AB3EDA03C669AB7CCC4EFC35D940569DB
            SHA-256:CCE51330EAF404DAAA900318A38377A6E09578B112BE8BB63D42F185D0BE8DB2
            SHA-512:7F9840616C452AE1982E71FF931B8EFA2DF58107DB3CC6802782217904E8736968F38E922594F9640DF188CB6E280D225158904AEDCBE6D636BB455A2C67A036
            Malicious:false
            Reputation:unknown
            Preview:MSCF....xk......D...........................xk...-.............................V.. .urxvpn.inf..y.........V.. .ursetvpn.exe.....,~.....V.. .urxvpnad.tag..G..A~.....V.. .setup2000.dll............V.. .setupdrvdll.dll.....a......V.. .readme.txt.....k......V . .urset64.exe............V#. .ursetarm64.exe..$.........V.. .covpndrv.cat.. .........V.. .covpn2000.inf.P...3......V.. .covpndrv.sys.....r.....V.. .covpnx64.sys.P...S......V.. .covpnw2k.sys.P..........V.. .covpnwlh.sys.....K.....V.. .covpnv64.sys............V.. .covpn10.inf.G$.........V.. .covpn10.cat......9.....V.. .urfltwlh.sys............V.. .urfltv64.sys.....B......V.. .urfltarm64.sys......c.....V.. .urxdialer.dll..!..jm4....V.. .urxdialerres.dll..5....5....V.. .F5Win32CheckHelper.exe.......9....V.. .F5Win32CheckHelper.dll......H;....V.. .scew_uls.dll.......?....V.. .2017\covpnwlh.sys.....r.?....V.. .2017\covpnv64.sys.....R.@....V.. .2017\covpnarm64.sys.....:.A....V.. .2017\covpn10.inf..2....A....V.. .2017\covpn10.cat.......B...
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):717200
            Entropy (8bit):6.115733360810361
            Encrypted:false
            SSDEEP:
            MD5:7F043412A160F2E5447F9F86F8F89719
            SHA1:0BBC4F97BA55EE8ED813F89EEA3D4F034C02CB7D
            SHA-256:1B31833A4F15AA67788238D5D9C5C72A97CA8EFCB9DCBE3AC59366F80E407A51
            SHA-512:2EFD172B0E1232AFBA3B7DC58BA5E8DBBC4A7A0724ADB8821E619005E1A6C92FB445595B61A45EEDE4DA7090EFE4DD9AB4041F87064C8844C7D60DA7FF6EB0EF
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........'Q..tQ..tQ..ts..u..tj..uV..tj..uz..tj..uG..ts..uB..tQ..tY..ts..uV..ts..uZ..t...uY..t...tP..t...uP..tRichQ..t........................PE..d....a.d.........."......F...>......`..........@.............................. ......Z....`..................................................W........ ......P ..E.......-.... .L.......T...................x...(....................`...............................text....D.......F.................. ..`.rdata.......`.......J..............@..@.data........p.......V..............@....pdata...E...P ..F...h..............@..@.tls.......... .....................@....rsrc......... .....................@..@.reloc..L..... .....................@..B................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (console) x86-64, for MS Windows
            Category:dropped
            Size (bytes):315792
            Entropy (8bit):6.236533061471821
            Encrypted:false
            SSDEEP:
            MD5:F1EF203FA6415FE3458B79B5BB947DB8
            SHA1:820789ED2EA773A5DA315FED1212F424554377EE
            SHA-256:3308208A573BAC7AC713F3865D5CBDA415D6AFFB0149CA8A0A347BA483F847EE
            SHA-512:D4422E9FCDDB40466DC58B22EAD88DCE4F3DF5AAD87586763EFC2634678A90E28E2DDDC1EB3B4DFF1B2051EFA2EB8F5098DAAA124E1425989A92BB0FC683C035
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=+Z.\E..\E..\E..<@.M\E...F..\E...A..\E...@..\E..<F..\E..<A..\E..<D..\E..\D.#\E.J.@..\E.O....\E..\...\E.J.G..\E.Rich.\E.................PE..d...ha.d..........".................`..........@....................................4.....`..................................................e..........x.......P%.......-......P.......T.......................(...@................ ...............................text............................... ..`.rdata...R... ...T..................@..@.data....!...........\..............@....pdata..P%.......&...l..............@..@.tls................................@....rsrc...x...........................@..@.reloc..P...........................@..B................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (native) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):54704
            Entropy (8bit):6.67984472350497
            Encrypted:false
            SSDEEP:
            MD5:BD34349A2090189EF3C0DC84A3A075E7
            SHA1:4E7AC66CC22141FCD6040C0FB6BAD61153FC1501
            SHA-256:6A6B4E4ED6E3BA2C2AF8191E3F8181D675B70B8CD2FBCC98DCBF5A762198B4BD
            SHA-512:A8C4BDAE37CD5F74A7995114480C89D25C1DB8E2790382F05178C594040D93243C6893E2D7999AB7444EA2D2E75CA8B89EAAA6F25BC50240BBC9DE051A28F967
            Malicious:true
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..h..u;..u;..u;..s:..u;..t;G.u;..t:..u;..q:..u;..v:..u;.}:..u;..;..u;.w:..u;Rich..u;........................PE..d...-..b.........."......d.....................@....................................$.....`A......... ......................................h...P............p..`........Q......l...xT..8............................T...............P..@............................text...d7.......8.................. ..h.rdata.......P.......<..............@..H.data...`....`.......H..............@....pdata..`....p.......L..............@..HPAGE...., ......."...P.............. ..`INIT.................r.............. ..b.rsrc................|..............@..B.reloc..l...........................@..B................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (console) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):837008
            Entropy (8bit):6.243684227308001
            Encrypted:false
            SSDEEP:
            MD5:0E4EF17985C0671EEEC2FB803DAA332F
            SHA1:5992F0AAA6FDB99097CB0F6F803E27A552B78F9C
            SHA-256:B0E78AB2710C34AF8F0EC039FF4427903E239BF4F962845BBE6D0D276978E6C4
            SHA-512:3FBAA86620645F84620FB1241F994EF5851F0D482A497A2883DEC5D755075116685AE591E63271E3F94E9D5B889521469D956627D28E6DEE1F0489C46391D749
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.A.?./I?./I?./I..*H../IS.+H-./IS.,H6./IS.*H../I...H,./I?..I0./I..+H4./I.*H7./I..I>./I.-H>./IRich?./I................PE..d...-a.d.........."............................@.............................."...........`.................................................<&.......p"...... "..I.......-...."......a..T....................c..(....a..8............................................text............................... ..`.rdata...i.......j..................@..@.data...t....@.......&..............@....pdata...I... "..J...:..............@..@.rsrc........p".....................@..@.reloc........".....................@..B........................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):2513808
            Entropy (8bit):6.690226114375449
            Encrypted:false
            SSDEEP:
            MD5:A136634EF01C80960DA33D680A0A1382
            SHA1:03FB96C0BB5D420981A395E0D8D01EB7F648A4A8
            SHA-256:B974C57655CDA12F76295C63566E5EB536CEC8F95F15AC4124F2DA3E41A5EC0D
            SHA-512:7DA57221E0E8FCF1579CC73AAC2C70C4D3D5E15CA25E662F58106A9D888C289D8E8BD6BC45E90E80D1F09FE383804BECC047FD37062088EBB77D9689EE2C1B46
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........*.q.K.".K.".K.".+.#.K.".+.#`K.".+.#.K."6..#.K."M.l".K."...#.K."...#.K."...#.K.".+.#.K."D..#.K."D..#.K.".+.#.K.".K.".I."D..#.K."D..#.K."A.T".K."D..#.K."Rich.K."........................PE..L....Y.d...........!.....P...<......pc.......`................................&......H'...@A........................./".....t0".......#.@.............&..-....$..@...+..p...................0,..........@............`.......)"......................text.../O.......P.................. ..`.rdata..v....`.......T..............@..@.data....#...`"......N".............@....didat........#.......#.............@....tls..........#.......#.............@....rsrc...@.....#.......#.............@..@.reloc...@....$..B....#.............@..B................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):275344
            Entropy (8bit):6.496919331751083
            Encrypted:false
            SSDEEP:
            MD5:A896071F38DC1C67FAE4ED9B64DA6070
            SHA1:0C9B32DB338F0056AB2FA696A4912EC608164E89
            SHA-256:39ACD91AA26AE8E636B3FC8E24EF55870B277FECF7BF5D9618C05840E9681135
            SHA-512:9A903442ED407B2B94BD615175F5EDD9A4C6AC3589B6754E12600E55D6399568D278C9C880B710620336AB977E55B3F030CC9DDD1091F17C529913984A372023
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#...p...p...p...q...p...qv..p...q...p...q...p...q...p...q...p...q...p...p...p3..q...p3..q...p3.*p...p..Bp...p3..q...pRich...p........................PE..L....Z.d...........!.........D.......u.......................................P.......b....@A............................................P................-......83.....p...........................8...@...............T............................text...:........................... ..`.rdata..n...........................@..@.data...............................@....rsrc...P...........................@..@.reloc..83.......4..................@..B................................................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):363408
            Entropy (8bit):6.208026730975063
            Encrypted:false
            SSDEEP:
            MD5:E6386B5A8798FBE3CDA2082F7AFD3773
            SHA1:73104DCFB455F7AD9C2D41EE9A763C5B134BE8D8
            SHA-256:D7C24959C540CC350203C73A51CB72D1B79B80C21D93856C1F619434150EF83E
            SHA-512:384E649B85EAFC1A6A9E899A00E28A0AEE4D7D6CCE358BC191E818DDEC2FCE7A303A1391882B31DE1197CEF53E87F1E29619546D8E10BE616B69EB0C8635D178
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c.,.'.B.'.B.'.B.3.A.%.B.3.G...B.3.F.,.B.K.F.7.B.K.A...B.K.G...B.3.C.2.B.'.C.#.B...K. .B...B.&.B.....&.B.'..&.B...@.&.B.Rich'.B.........................PE..d....Z.d.........." .................j....................................................`A........................................0...................P....P.. ...^...-......T...(...T.......................(.......8............................................text...<........................... ..`.rdata..<i.......j..................@..@.data...T....0......................@....pdata.. ...P..."...,..............@..@.rsrc...P............N..............@..@.reloc..T............V..............@..B........................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):249232
            Entropy (8bit):6.635985952808732
            Encrypted:false
            SSDEEP:
            MD5:BDEECAFA6794195CE89DE95EDC5183D1
            SHA1:3EB39C1569E219859EB2D574ED9F931BB5B03FB2
            SHA-256:715694717D07D5A354C413EFFB2983844CB79343D8E45BE990E9D9392D3DC265
            SHA-512:0B6124E31C0DEA329B0EE950FD2D4CF869BF6A4EA73A64317A23E1B3214347667AC13A85E5D7487031709363CDCA83DA0103627D7EC875A76BED66F9290A2A8A
            Malicious:false
            Antivirus:
            • Antivirus: ReversingLabs, Detection: 0%
            • Antivirus: Virustotal, Detection: 0%, Browse
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`f.Y...Y...Y...{a..S...{a......b_..H...b_..O...b_..W...{a..J...{a..Z...Y........_..V...._..X...._..X...._..X...RichY...........PE..L....Y.d...........!................0.....................................................@A.........................^......Lo..(........................-......4&..pU..T............................U..@............................................text...;........................... ..`.rdata..^...........................@..@.data................f..............@....rsrc................r..............@..@.reloc..4&.......(...x..............@..B........................................................................................................................................................................................................................................................................................................
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:XML 1.0 document, ASCII text
            Category:dropped
            Size (bytes):1150
            Entropy (8bit):5.047269531953663
            Encrypted:false
            SSDEEP:
            MD5:F4F8D65E998E539690929A54575B36FC
            SHA1:8A9C8FAB53956534D41A65A1D9417B506B913217
            SHA-256:784C8D42F8BE686ADEE81C63BC87EC9DD9C435A5404C26EB7622CB3DA3D93CBF
            SHA-512:523A6565F639BCD90A596842A1F4186609FA6530E67862D605B76063EC14088497B63F95D0E2FB4D32F37B698AD04C73BFCECAC57D87A8F7FE1ADC8467A43CEB
            Malicious:false
            Reputation:unknown
            Preview:<?xml version="1.0" encoding="UTF-8"?>.<CLIENT_CONFIGURATOR>. <SETUP_CONFIGURATION>. <PRODUCTNAME>BIG-IP Edge Client (TM) package</PRODUCTNAME>. <DATABASE>f5fpclients.msi</DATABASE>. <MINIMUM_MSI>150</MINIMUM_MSI>. <PROPERTIES>STARTAPPWITHWINDOWS=1 MACHINETUNNELDNSSUFFIX=""</PROPERTIES>. <OPERATION>INSTALLUPD</OPERATION>. </SETUP_CONFIGURATION>. <FEATURES>. <FEATURE>TRAFFICSERVICE</FEATURE>. <FEATURE>InstallerService</FEATURE>. <FEATURE>MachineTunnelService</FEATURE>. <FEATURE>CERTCHECK</FEATURE>. <FEATURE>CLEANER</FEATURE>. <FEATURE>PortRedirector</FEATURE>. <FEATURE>BASE</FEATURE>. <FEATURE>InspectorService</FEATURE>. <FEATURE>CredMgrSrv</FEATURE>. <FEATURE>InspectionHost</FEATURE>. <FEATURE>VPN</FEATURE>. <FEATURE>StandaloneConfiguration</FEATURE>. <FEATURE>CUSTOMDIALER</FEATURE>. <FEATURE>MachineTunnelServiceConfiguration</FEATURE>. <FEATURE>OesisInspector</FEATURE>. <FEATURE>Standalone</FEATURE>. <FEATURE>API</FEATURE>. <FEATURE>SANDBOX</FEATURE>. <FEATURE>
            Process:C:\Users\user\Desktop\BIGIPEdgeClient 2024.exe
            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: Installation Database, Subject: F5 Networks BIG-IP Edge Client, Author: F5 Networks, Inc., Keywords: Installer,MSI,Database,BIG-IP,Edge, Comments: Installs the BIG-IP Edge Client, Template: Intel;1033, Revision Number: {F2489D24-E7C7-4BD8-9D9B-933153C62330}, Create Time/Date: Tue Jul 18 10:25:06 2023, Last Saved Time/Date: Tue Jul 18 10:25:06 2023, Number of Pages: 200, Number of Words: 0, Name of Creating Application: Windows Installer XML Toolset (3.9.1006.0), Security: 2
            Category:dropped
            Size (bytes):1118208
            Entropy (8bit):6.154052447444041
            Encrypted:false
            SSDEEP:
            MD5:C54D0AD0D1716463BC3048A630B91666
            SHA1:7D50F23FC7327EBBF0ED211842F140FCA068F1CE
            SHA-256:9136D2B20D39BA5EB9FECD863A51FC46A6DF984E660EC38181E3B19D74B377A5
            SHA-512:3D8DFC1C1518BE220C36E2A8CFA44E26C7B488A26258104C604017895D834253F31A237F2B978277C1D6C126B3093D2EE0055E5229F4840C1FC5D12C1AA6D307
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):13018
            Entropy (8bit):7.23198178362531
            Encrypted:false
            SSDEEP:
            MD5:C13AEA7CC1080BFFE2C771C9D288A6C1
            SHA1:B47185969470C0E5A3C6220A75117BBB95B2637D
            SHA-256:4EDF7CF5AC056D50DF4D9EF94F9AD76859C76EEDC87C10695B141152396145F3
            SHA-512:870D4D74C93C19B866A82F97B76A9FCA924004C19A4FD94115374569763F5524A1C507012325B00D34C9DD958EA25477AFAC3D26B0AA595A9913B848007C6DA8
            Malicious:false
            Reputation:unknown
            Preview:0.2...*.H........2.0.2....1.0...`.H.e......0..7..+.....7.....(0..$0...+.....7......1m.k. A....!d....220512170521Z0...+.....7.....0...0....#2.s.....e...]..9!.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........c.o.v.p.n.1.0...i.n.f...0....f.N.G...)~m.A...Qn.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.v.6.4...s.y.s...0.... j.0..i&k...FCF..o..Y...v.S.....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.v.6.4...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... j.0..i&k...FCF..o..Y...v.S.....0.... ..V?.... 7..3v.`.Y.<.mqq....,1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.w.l.h...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..V?.... 7..3v.`.Y.<.mqq....,0....
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:Windows setup INFormation
            Category:dropped
            Size (bytes):6557
            Entropy (8bit):4.995630592430446
            Encrypted:false
            SSDEEP:
            MD5:5802B997AA23F9A7AF5771D0F61D95F0
            SHA1:2332FC73AB11D687D81E658995D05D84CF3921EB
            SHA-256:FE97EB18742905E1E023B9E643D76C1F064D16EACE160D97CC002AE7E30472FB
            SHA-512:C2E8E9DA862D58F5F93FF823817CBD1F9445DE6235EFF10C4226FD1B2562BC39DF8B6BBE1462B63360B247D77B2D68FC1D8D4B62392F9C25F455E16A66543A32
            Malicious:false
            Reputation:unknown
            Preview:;***********************************************************************..; Copyright . 2000-2021 F5 Networks, Inc...;..; VPN adapter NDIS WAN/TAPI device installer script...;***********************************************************************....[version]..Signature = "$Windows NT$"..Class = Net..ClassGUID = "{4D36E972-E325-11CE-BFC1-08002BE10318}"..Provider = %VER_PROVIDER_NAME_STR%..DriverVer = 05/12/2022,7221.2022.512.934..PnpLockDown = 1..CatalogFile = covpn10.cat....[Manufacturer]..%VER_VENDOR_NAME_STR% = Models,NTx86.6.0,NTamd64.6.0,NTarm64....;Vista and newer on x86 CPU only..[Models.NTx86.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.wlh,"F5_Networks_VPN_Adapter"....;Vista and newer on AMD/Intel 64 CPU only..[Models.NTamd64.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.wlh64,"F5_Networks_VPN_Adapter"....;ARM 64 CPU only..[Models.NTarm64]..%DEVICE_NAME_STR% = COWAN.Ndi.arm64,"F5_Networks_VPN_Adapter"........;********************************************
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (native) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):60392
            Entropy (8bit):6.78869825693542
            Encrypted:false
            SSDEEP:
            MD5:4EB1174E3A1B8EA7E69D5161DE658CAA
            SHA1:CF6CD7F463C23F84676610AF3E5671D72133821D
            SHA-256:49C8FD94E176E09F380B05F052DDD0C2A2B9FAA39F259A8F7823803368674EA9
            SHA-512:B16BF21262ABEFA9680E8246A9071C42E97BC4F3DB0C577BC10596D863AE3F860E4640E2D86FD113D9C4001BAFD6D8054C2C25E098FFC6F576DEDF9F6ABD44CC
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`.e.$...$...$...$...u...0...#...0...#...0...!.......6......%.......%...Rich$...........................PE..d.....|b.........."......v.....................@..........................................`A......... ......................................h...P........................U...... .......8............................................................................text....i.......j.................. ..h.rdata..H............n..............@..H.data................|..............@....pdata...............~..............@..HINIT................................ ..b.rsrc...............................@..B.reloc.. ...........................@..B................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (native) x86-64, for MS Windows
            Category:dropped
            Size (bytes):61920
            Entropy (8bit):6.734919619188896
            Encrypted:false
            SSDEEP:
            MD5:104F8BDADCD7E83A1EFE4FEEF035EEA9
            SHA1:D4DF90126248F1D2A3A9A0E45EBC02088B802DB7
            SHA-256:AEB9F3D29FDD1BCFE6671440590442A6289C70998F70269E959E137DAB1CE4C9
            SHA-512:C7BAA5FC7057585CC3C67753728A43E8C70DBBDEDE059197CF0419B89219A13E91527CEBB811AED59C29D55E9ED43E2CA05B899DAE57A29E22B4F15114945AEF
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........!...r...r...r..s...r...r...r..s...r..s...r...s...r..+r...r...s...rRich...r........PE..d.....|b.........."......v...".................@..........................................`A................................................\...P...............4........U...... .......8............................................................................text...=h.......j.................. ..h.rdata..4............n..............@..H.data................~..............@....pdata..4...........................@..HINIT................................ ..b.rsrc...............................@..B.reloc.. ...........................@..B................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (native) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):53192
            Entropy (8bit):7.015918205433078
            Encrypted:false
            SSDEEP:
            MD5:E3DB66D3DEFA9E59F1B345F6EFFBAFA8
            SHA1:3F6AF37F4CC7D458276EA65F1EE1A0374FE90663
            SHA-256:3CBA184253B97962B5C020C82E645E26FCE1D8761CAD03D4ED851094F211A17F
            SHA-512:85D134C0F65DD878ED1357DF29E129148D65D0E45C719D60C47668F4566FA75C39E0E66886E37AD5D34CCE8B9BEAE23117D891A38C433B4EF1FC4117D79F482E
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............n...n...n.......n.......n...n..n.......n.......n.......n.......n..Rich.n..................PE..L.....|b.................`...................p....@......................................@A................................0...d....................z...U...........r..8............................r...............p..T............................text....T.......V.................. ..h.rdata..|....p.......Z..............@..H.data...0............b..............@...INIT.................f.............. ..b.rsrc................p..............@..B.reloc...............v..............@..B................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):19
            Entropy (8bit):3.0761031709967233
            Encrypted:false
            SSDEEP:
            MD5:40DAA9CAB1A38486FF88A9C7D8F008FF
            SHA1:2B19739A012F7FD6B9D90D4AE42025600F487327
            SHA-256:634F4A138C787AF5937944F42A9010FC64D9D0E5CEA2A98FA2BE72A513CF5B36
            SHA-512:C36D028EAE8FDDBAD294D2E1F71286FEB0591552FFCEB676419D4C49147599624BDF5D842144C0100B21E1487799C7A5DE4FA8CC5E76EC4AAD5B7957AC8940CB
            Malicious:false
            Reputation:unknown
            Preview:7221,2022,512,934..
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):99216
            Entropy (8bit):6.554032746085711
            Encrypted:false
            SSDEEP:
            MD5:501379EB48675C8F7B232BD371944B53
            SHA1:38BE1D7D976E68065F19C0DD8721BF9BDE2565DC
            SHA-256:03434B378BB8FEFDEEC047AF5FC64B8AACA18057191DD9FD64FB8A6DAAD2C67F
            SHA-512:05E54E24CA4AB7B1EE1DB55C0424CE854A10B7BE75605E89CD9F80B4624142E50E364E9208690DD1313E1DF2128C04C2DB152A5EFC7A6891BBC8D802556C6C4C
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.1D..bD..bD..bfm.cM..bfm.c?..bfm.cV..b.S.cU..b.S.cQ..b.S.cK..bfm.cC..bD..b...b.S.cF..b.S.cE..b.SxbE..bD..bE..b.S.cE..bRichD..b........................PE..L....^.d...........!................................................................V.....@A.........................7......|8..P....p..8............V...-.........../..T...........................80..@...............l............................text............................... ..`.orpc............................... ..`.rdata...a.......b..................@..@.data........P.......&..............@....rsrc...8....p......................@..@.reloc...............F..............@..B........................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):9287
            Entropy (8bit):7.223692993404583
            Encrypted:false
            SSDEEP:
            MD5:99E1D9EF3F11FFAA112065E7E6AE0EDD
            SHA1:9B55D690735548AB3B4ABDC56DDCF0C28D50404C
            SHA-256:1820E0EAAF0DC9312FAB5CE99F0B9DD74E8FEF0868311A0D8D135AF741769D1E
            SHA-512:971A88B3754E96DE1BE8C3090D0FB2B21F754B49E61132705B824D5AAE0A83994E82722D5B1D57DE7F693D23D6A3AFEFADFA4E541E25B782EC81CA15648AA7AA
            Malicious:false
            Reputation:unknown
            Preview:0.$C..*.H........$40.$0...1.0...+......0.....+.....7......0...0...+.....7.....5.qjy1mE.Tx#......150701192322Z0...+.....7.....0...0....RB.3.7.0.3.B.9.F.F.5.D.A.4.6.A.1.F.C.2.E.E.A.A.1.D.1.7.2.B.4.8.0.6.6.9.F.1.C.C.F...1..A02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.w.l.h...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........p;...F.....r..f...0....RB.7.0.C.A.4.C.C.B.7.E.A.0.3.D.1.B.E.E.B.0.E.5.9.C.7.2.5.B.D.B.6.A.C.3.4.3.A.3.F...1..A02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...1...0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.v.6.4...s.y.s...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.................Y.%...4:?0....RC.9.F.D.4.D.A.5.7.E.0.D.1.A.3.7.2.4.6.5
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:Windows setup INFormation
            Category:dropped
            Size (bytes):5640
            Entropy (8bit):4.815154939706102
            Encrypted:false
            SSDEEP:
            MD5:F13167B49E40C5CA6671B85E5B36EDED
            SHA1:C9FD4DA57E0D1A372465567012D79BE2A37B8691
            SHA-256:3822346A9E749FF52F415D4F0B766B45212196053AACA5EDBCCB1BFF1C2D4FC2
            SHA-512:EC0D5E259D355CA148157A14DEEB03EC8E297424817A41A17B879E14C0F610E389B43AAD9C62CFE0E2F01E4867900F7D5FF5CFD7E5ACA389FC133455A9DFDB8A
            Malicious:false
            Reputation:unknown
            Preview:;***********************************************************************..; Copyright . 2000-2011 F5 Networks, Inc...;..; VPN adapter NDIS WAN/TAPI device installer script...;***********************************************************************....[version]..Signature = "$Windows NT$"..Compatible = 1..Class = Net..ClassGUID = "{4D36E972-E325-11CE-BFC1-08002BE10318}"..Provider = %VER_PROVIDER_NAME_STR%..DriverVer.= 03/22/2012,7061.2012.0305.1700..CatalogFile.NT = covpn10.cat....[Manufacturer]..%VER_VENDOR_NAME_STR% = Models,NTx86.6.0,ntamd64.6.0....;Vista and newer on x86 CPU only..[Models.NTx86.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.WLH,"F5_Networks_VPN_Adapter".. ..;Vista and newer on AMD/Intel 64 CPU only..[Models.ntamd64.6.0]..%DEVICE_NAME_STR% = COWAN.Ndi.WLH64,"F5_Networks_VPN_Adapter"......;****************************************************************************..; COWAN Main Install Section..;*************************************************
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:Windows setup INFormation
            Category:dropped
            Size (bytes):8338
            Entropy (8bit):5.143429115767423
            Encrypted:false
            SSDEEP:
            MD5:09AB2B87A64EAB403984550AE9F51E9D
            SHA1:22D90E6ABE306CF4A03A30327B70EE6722FA458D
            SHA-256:AAB03BF2132A4C106A8CC6A77AC441338A976B044DB2163751C2DE514F43D245
            SHA-512:032ED546D52E49FB0B9175F99E949C944CFB2E7440E67CEF04F5FB248462B771F6A791C71514C57F5F1C6C228C0B090245D26425F219EBA223170C8D61501BFB
            Malicious:false
            Reputation:unknown
            Preview:;***********************************************************************..; Copyright . 2000-2011 F5 Networks, Inc...;..; VPN adapter NDIS WAN/TAPI device installer script...;***********************************************************************....[version]..Signature = "$Windows NT$"..Compatible = 1..Class = Net..ClassGUID = "{4D36E972-E325-11CE-BFC1-08002BE10318}"..Provider = %VER_PROVIDER_NAME_STR%..DriverVer..= 03/22/2012,7061.2012.0305.1700..CatalogFile.NT = covpndrv.cat....[Manufacturer]..%VER_VENDOR_NAME_STR% = Models,NTx86.5.1,NTx86.6.0,ntamd64,ntamd64.6.0....;For WinXP later..[Models.NTx86.5.1]..%VER_DEVICE_STR%" Adapter" = COWAN.Ndi.XP,"F5 Networks VPN Adapter"....;Vista and newer on x86 CPU only..[Models.NTx86.6.0]..%VER_DEVICE_STR%" Adapter" = COWAN.Ndi.WLH,"F5 Networks VPN Adapter".. ..[Models.ntamd64]..%VER_DEVICE_STR%" Adapter" = COWAN.Ndi.XP64,"F5 Networks VPN Adapter"....;Vista and newer on AMD/Intel 64 CPU only..[Models.ntamd64.6.0
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):9238
            Entropy (8bit):6.917432343840214
            Encrypted:false
            SSDEEP:
            MD5:8B798E797B7F295FD3E72AA2C792D519
            SHA1:AAAB239C8640102F93080884658E50A8A02BC819
            SHA-256:99F7C9191231E3435A9ACCF600653893965D66B0B27730ADF2F2DAD0D36275ED
            SHA-512:DB604CAA74494AC74CAA9D4530BEA2981427C706D9644968967A7D38C2EFFA2AA7C66CB05A4E1ACAB2F454E44ED37DBB8DF28E5C9F88874EBD6A80E4E74904B7
            Malicious:false
            Reputation:unknown
            Preview:0.$...*.H........$.0.#....1.0...+......0.....+.....7......0...0...+.....7......1.3..C....2..6..120403142005Z0...+.....7.....0...0....R0.6.4.0.1.1.8.F.D.E.1.3.B.5.D.4.7.2.8.C.A.A.9.5.6.8.2.5.A.4.1.8.4.2.7.B.7.0.C.1...1..M0<..+.....7...1.0,...F.i.l.e........c.o.v.p.n.d.r.v...s.y.s...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........@......r...h%..B{p.0....R2.2.D.9.0.E.6.A.B.E.3.0.6.C.F.4.A.0.3.A.3.0.3.2.7.B.7.0.E.E.6.7.2.2.F.A.4.5.8.D...1..G0>..+.....7...100....F.i.l.e........c.o.v.p.n.2.0.0.0...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........"..j.0l..:02{p.g".E.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R6.2.D.0.E.A.E.8.B.6.2
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (native) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):37456
            Entropy (8bit):6.503576533464098
            Encrypted:false
            SSDEEP:
            MD5:733267F0E5B393EFEB42E471A5C05E5B
            SHA1:B0EFC8E7F997D62F8EB267DB007E624C65DD25D3
            SHA-256:B3771E5842B1D853B1F42E57C7C8BFC9CE89CFD0A6563A94F38F73F80CAEC449
            SHA-512:37071F90DA730A39D8F6652FCEBE70F4DEA2D7308AB41843E5888DD90FFA86D8071EAA902E94A3305F5EDD6CD3278768712212833221E6670B414E1DA6EEC934
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................@....G...G...G.]SG...G../G...G?.sG...G?.qG...G.]CG..G.]RG...G.]VG...GRich...G........................PE..L.....kO.................^...........b.......Z...............................x......~.......................................Hb..P....l...............x..P....r..L....[...............................\..@............Z..T............................text....S.......T.................. ..h.rdata.......Z.......Z..............@..H.data...p....^.......^..............@...INIT....`....b..
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (native) x86-64, for MS Windows
            Category:dropped
            Size (bytes):45776
            Entropy (8bit):6.392476280136505
            Encrypted:false
            SSDEEP:
            MD5:C3912689DF0AE9FFD353112BE6EF5BCF
            SHA1:90CB5AF58B8ADDCA27227AEB3F4311E4AA100C9C
            SHA-256:5F3B94A2CCC7444B1A639E5630B9B8CF1A3932BFF5563311AF4DE9FA61A5556E
            SHA-512:B23D9657B57F4030678361FD76EA4B9C637590E56BF0B803B35687A3F2342ED11055B9A93AB458EDD4740B8DFA69AC7F85D7CD15484F2AF4DC415BFCCE30489B
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}4...g...g...g.".g...g...g...g."hg...g."ng...g."~g...g."bg...g."og...g."kg...gRich...g........................PE..d.....kO.........."......|...........................................................X......................................................d...P.......................P............v...............................................s...............................text....o.......p.................. ..h.rdata..d....s.......s..............@..H.data........}.......}..............@....pdata..............................@..HINIT................................ ....rsrc...............................@..B.reloc..<...........................@..B........................................................................................................................L..I.[.I.k VWATAUAVH..0H.a..H.A.H..I.C.CARD.....L...l..I.K.D....D$ }....)............H.D$`...
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (native) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):37456
            Entropy (8bit):6.502049362639514
            Encrypted:false
            SSDEEP:
            MD5:9F8831EF79E5FD7D39A470AC42741123
            SHA1:DC4D106A429C4A3FEE49F9A7CD76781B9C68EC56
            SHA-256:F603F890612E2FC4476066C8BD3CD2C1A77F1139CC4230752F40F3C176AE8788
            SHA-512:92564924FE3CA16348960E4F8B38F92A48A240FFD4270F5BB7F95BE6167C032CB3C6D5E7F809372076B3B6997BDCF9A5EF72D307DD733E0D94EC91B699EF0010
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................T..b:..b:..b:..G..b:..b;..b:..A)..b:..W..b:..F..b:..B..b:.Rich.b:.................PE..L.....kO.................^...........b.......Z...............................x..............................................Hb..P....l...............x..P....r..L....[...............................\..@............Z..T............................text....S.......T.................. ..h.rdata.......Z.......Z..............@..H.data...p....^.......^..............@...INIT....`....b.......b..........
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (native) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):40528
            Entropy (8bit):6.410884784964346
            Encrypted:false
            SSDEEP:
            MD5:3DEEE767FE848697E0CD7E7374F12EA8
            SHA1:1FECBBF938D323F1198A591B198C7E7A9BAA904A
            SHA-256:810919754D1902FAC10A4041EEA4A47505406BA97F51A38E42E8D3374FF56587
            SHA-512:2D186614D2B940CE13600F151A04C9464ACA95668FCD5CB6E5E2CD8A6F136A2CF50609A3351B74440F212275DCD6F93FC30EB154CEEAB25E32A6A9CFF0C8363F
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.........................................................................................................................................................................................................................................................................................................................................................................................................M.u#..u#..u#..u"..u#...X..u#...^..u#...N..u#..._..u#...[..u#.Rich.u#.................PE..L.....kO.................h...........l.......b......................................b.......................................Hl..d....x..................P....~.......c...............................d..@............b...............................text....Z.......\.................. ..h.rdata.......b.......b..............@..H.data........h.......h..............@...INIT.........l.......l..........
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (native) x86-64, for MS Windows
            Category:dropped
            Size (bytes):43216
            Entropy (8bit):6.412989601611674
            Encrypted:false
            SSDEEP:
            MD5:871B8E307879F499C4CB73733BF675DB
            SHA1:F6AE84E649A4CE48309B90D5ED14498BA8F520D2
            SHA-256:E1B1FA77B3A948BDB4F2DD06C9FC0F3D58834E33229AE58FC9BF51149B903684
            SHA-512:F39E3DDF2DBA5D89AD909BC2C10F7305A9102180A43069F1D96F679B73E4765E1BFBEC52688EF24E7FCAE98FA089DB537203E07F7F9BB78E732E79BAC3383654
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V...8...8...8..0....8...9...8..kC...8..kE...8..0U...8..0E...8..kU...8..0I...8..0D...8..0@...8.Rich..8.........................PE..d.....kO.........."......s...........~.......................................................................................................~..<............z..,.......P............n...............................................l..x............................text....h.......h.................. ..h.rdata.......l.......l..............@..H.data........u.......u..............@....pdata..,....z.......z..............@..HINIT....H....~.......~.............. ....rsrc...............................@..B.reloc..<...........................@..B........................................................................................................L..I.[.I.k VWATAUAVH..0H.a..H.A.H..I.C.CARD.....L...d..I.K.D....D$ }....(............H.D$`...
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):1802
            Entropy (8bit):4.893860816310472
            Encrypted:false
            SSDEEP:
            MD5:A513C57BB84B33C0DCA67369B4BCE8CE
            SHA1:F74D6111DAAEA15F8CDF82F3D56968D5E1E8B4F3
            SHA-256:91F9C8CB0DCC8EB659616B6EA19D3A3B37C7895CEA3156F64C2D8A459062D98E
            SHA-512:1A85EAACEE3C47324B01961D04D79D03B4194D0117C84B01EE9B0D1DA18694B7C8FB6E45AC7FEAC4ADDD5A5E75DA983F2E7A9DFE01F73EDEB9140E9208CDD92F
            Malicious:false
            Reputation:unknown
            Preview:To manually install F5 Networks VPN Adapter driver follow this steps....1) For Windows Vista, Windows XP, Windows ME and Windows 2000....Go to Control Panel folder and launch Add/Remove Hardware Wizard....Select Add new device and click Next...Choose I want select the hardware from list option...Select Network Adapters ...Click Have Disk button and browse for destination folder ....where you save the files...Select F5 Networks VPN Adapter from list of available adapters ....and click Next...After Wizard finished click Finish....2) For Windows 95/98 and WinNT 4.. Go to Control Panel folder and launch Network applet... Click Add button and select Add new adapter.. Click Have Disk button and browse for destination folder....where you save the files.. Select F5 Networks VPN Adapter from list of available adapters....and click Next.. ....You need Remote Access Service installed on your system.....Also it is highly recommend to upgrade MS Dialup networking to version 1.4 ..on your
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):249232
            Entropy (8bit):6.636203333111193
            Encrypted:false
            SSDEEP:
            MD5:9FF9D60AADEE1FEFD8E010FF0F3DFB00
            SHA1:5177FF21FE7C4014868DF077CECDFAFAB6D4EB71
            SHA-256:E57A26C32ECBC3F242BA2A828C26819A75D90C81C26A3B87EAC3A02384F5B6AF
            SHA-512:FA998405809EBFC16C6CA6E3A20FAA65E55E40A000835AD030AA622D0E082D5C3E9A08FFF54684C2E2534C6FAE5DA103DF7E6B7422A47A8D05E2C405328B1332
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`f.Y...Y...Y...{a..S...{a......b_..H...b_..O...b_..W...{a..J...{a..Z...Y........_..V...._..X...._..X...._..X...RichY...........PE..L....Y.d...........!................0.....................................................@A.........................^......Lo..(........................-......4&..pU..T............................U..@............................................text...;........................... ..`.rdata..^...........................@..@.data................f..............@....rsrc................r..............@..@.reloc..4&.......(...x..............@..B........................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):214928
            Entropy (8bit):6.652686016080596
            Encrypted:false
            SSDEEP:
            MD5:84277E73D8BD6E317C1E3CE453D41AF1
            SHA1:D5891F12A66E817FF4F9E04236CE4A08155A669D
            SHA-256:8C252EA30B0F89554E665D93FB3F190C4AF7117B70635389810EE9D7AD1C8B45
            SHA-512:6E8733AB0039BEF25CF6956B0E2D225037191C1FAE5D883DA9B8ABBB869BBD107A3878C40D3FF85BCD11F855CE0A2A379D981080BD2ED32A0251E67C0E2CAB83
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.....t...t...t./.w...t./.q...t.6.w...t.6.p...t.6.q...t./.p...t./.u...t.T.g...t...u...t...q...t...t...t.......t...v...t.Rich..t.........PE..L...._.d...........!.....0...................@...............................`.......X....@A................................l........ ...................-...0...%.....T...........................8...@............@..(............................text............0.................. ..`.rdata......@.......4..............@..@.data...............................@....tls................................@....rsrc........ ......................@..@.reloc...%...0...&..................@..B........................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):257936
            Entropy (8bit):6.669257582308144
            Encrypted:false
            SSDEEP:
            MD5:8D13BC845620E832415B43948E750AF8
            SHA1:565CFAA54FD94BF6A19F4C0338BB0D71D14A90B5
            SHA-256:C4B5AC17C7B43F360C991596D5CB8C33BCD95E36AD9AEA3A2CD565B56C2AD7BB
            SHA-512:B24E10ACBD35ECDFDFFC4E682F382A0001137F5BC9BEE1604034F082305470BF21B55FDFB9D4A9D2262A4E742E30DEDFCA3712081F34C693137D696B70E8DB57
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......M4...U|..U|..U|.+5...U|.+5y..U|...y..U|.2....U|.2.x..U|.2.y.*U|.+5x..U|.+5}..U|..U}..U|...y..U|...|..U|......U|..U...U|...~..U|.Rich.U|.................PE..L...._.d...........!.................+....................................................@A........................ ...l.......d.......X................-......p,...R..T....................S......HS..@............................................text...j........................... ..`.rdata..............................@..@.data................|..............@....tls................................@....rsrc...X...........................@..@.reloc..p,..........................@..B........................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (native) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):50072
            Entropy (8bit):6.769836329115215
            Encrypted:false
            SSDEEP:
            MD5:DB54C33A39B3E82633BAC99D3A158705
            SHA1:CB2AEA85D530EC089C15DED641DF0733D5D4A0BF
            SHA-256:6542CA28AFEFE14F9E5C789590A3390A397C16224E4FD97F82AB5535833C22A5
            SHA-512:9F03BF647EAECD14D8C10798377352BA4ADD066337668AEC86C7E5EE090D1A99BC0A35DE6693D451949946BC90295DEAB203CD06FC68C563B0D6BE55E5118551
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......VLK..-%..-%..-%..F#..-%..-$.&-%..F$..-%..F!..-%..F&..-%..Y-..-%..Y...-%..Y'..-%.Rich.-%.................PE..d......b.........."......X.....................@..................................... ....`A......... ......................................h...P............`.......r...Q......4...8C..8...........................pC...............@...............................text....-.......................... ..h.rdata.......@.......2..............@..H.data........P.......:..............@....pdata.......`.......>..............@..HPAGE...., ...p..."...@.............. ..`INIT....\............b.............. ..b.rsrc................j..............@..B.reloc..4............p..............@..B........................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (native) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):42392
            Entropy (8bit):6.9680531885205
            Encrypted:false
            SSDEEP:
            MD5:7350F9E24DFB5B5762BFDE488F63EB14
            SHA1:E797E313F207D99D63BEF90B5C6AA07A87FFCB64
            SHA-256:E5869C79DAA6B3D3856BB20C5347810F95A4E6FFA15E26587A5055E4530891EF
            SHA-512:8E1C844A9D5A7BFAD99448169168004E2C0C25D1A9DE44EDDFB16B71B42981A2165CFB3CF61235E63F7B08C390DF6EF385C13D849C32565775D15184369EE8D5
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.L..."..."..."...$..."...#..."...#.4."...&..."..&...".....".. ...".Rich..".........PE..L......b.................>...........p.......0....@.......................................@E................................Hp..d....................T...Q......X...X2..8............................2..@............0...............................text............................... ..h.rdata.......0......."..............@..H.data........@.......(..............@...PAGE.........P.......*.............. ..`INIT.........p.......B.............. ..b.rsrc................J..............@..B.reloc..X............P..............@..B................................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):317328
            Entropy (8bit):6.4007319515592656
            Encrypted:false
            SSDEEP:
            MD5:FC36A4D74E5757F633B0B2FB3583700D
            SHA1:B9AC02B9F24C6CDE78331F24E89BA753D3F2E634
            SHA-256:72E48541351A989352669E295573C4D7281791D00DCF45E169F7C592F1852283
            SHA-512:87801AE1BA213E4783890E602D1876DFF50FCF3EFD30D54C1EEC4B06EFEA2D34E7725EE74175078F93D1B30EE7ABE5C27A536AB86FB9C201D862F6765A4C0AA7
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~.[]...]...]...It..P...It..Z...It......1k..O...1k..T...1k..r...It..L...]........k.._....k6.\....k..\...Rich]...........................PE..d...._.d.........."......P...j......Pd.........@....................................Q.....`..................................................a..........8................-......p...0...p.......................(.......8............`..x............................text...,O.......P.................. ..`.rdata.......`.......T..............@..@.data.... ...........f..............@....pdata........... ...t..............@..@_RDATA..............................@..@.rsrc...8...........................@..@.reloc..p...........................@..B................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (GUI) Aarch64, for MS Windows
            Category:dropped
            Size (bytes):329616
            Entropy (8bit):6.303665513894844
            Encrypted:false
            SSDEEP:
            MD5:0694E6D1E75867442A6E25E8D38128DF
            SHA1:E5C95701CAE93128B3FEE3363BE42DF5A4ED77CD
            SHA-256:CCD139951E35E38DED3EC60C693F980F387186FF5F5059426072C9DD178E7E89
            SHA-512:FC3D49EF56C0E3D113D15A9AD71809738548FFDD0729C9845EB517CC6309934CAEDBD233F192755E6BEF14792DC26003C9CF0C4B34E0C727BF924ACBE5165CE5
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........%..XD.LXD.LXD.LL/.MZD.LL/.M.D.LL/.MVD.L40.MJD.L40.MQD.L40.MuD.LL/.MID.LXD.L.D.L.0.MZD.L.0eLYD.L.0.MYD.LRichXD.L................PE..d...._.d.........."......b.....................@............................. .......f....`.................................................D...........8........!.......-......X....#..T....................%..(...0$..8...............p............................text...<a.......b.................. ..`.rdata..D,...........f..............@..@.data...............................@....pdata...!......."..................@..@.rsrc...8...........................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):227728
            Entropy (8bit):6.59952375867537
            Encrypted:false
            SSDEEP:
            MD5:F9D1E6428A59AC5E7B68862D20B52C72
            SHA1:64451EBAB7F71C51B3EDC06CF8247931DAE1EA6F
            SHA-256:26B1595CB1E2BCCA2E7F28D9BB32F39C7D9F113193A4F3C306CDDB3E5CA4E30F
            SHA-512:4A9E5AFAD44F2B3F3C7B915E1DB48026607C7E020C5581FF0E523AF606522ED56C8BE20CB4C9FC05A77A0E9A64E671AD5D7C46554DBB6DB744F3636DE1FB7DA2
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........^........................................................................m.............Q.............Rich............PE..L...._.d.....................N............... ....@.................................2o....@..............................................h...........L...-...p..."......T...........................8...@............ ..X............................text............................... ..`.rdata....... ......................@..@.data...,...........................@....tls................................@....rsrc....h.......j..................@..@.reloc..."...p...$...(..............@..B........................................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):1706384
            Entropy (8bit):6.555697428446486
            Encrypted:false
            SSDEEP:
            MD5:4DB8A429C1ACE3790CEAF7B9940A89AC
            SHA1:CA66798EE145E53480A07C5A15775F506C51C985
            SHA-256:1D67D036E2B2FA1F5A98DE5D953A569572ED5A2F07CFC3F6C02F3B0370D3EAA6
            SHA-512:0A2F7140DFF466FC29D0C50769BB65560B5CCC69AACC7F4E9817E0FC3837C504B5486742E56D701E5A06491C5063250F009ED6438014FDECAA1FFAE3405FEFEE
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._9...X`..X`..X`.98c..X`.98e.X`. .c..X`. .d..X`...e..X`.98f..X`.98d..X`.98a.8X`..Xa..Y`. .e.)X`..i.1X`..`..X`.....X`..b..X`.Rich.X`.........PE..L...._.d...........!.....J...........p.......`............................... ......V.....@A.........................D..,....E..T....`..H................-...`...... ...p...........................x...@............`..T....B..`....................text....H.......J.................. ..`.rdata.......`.......N..............@..@.data...h....p.......X..............@....didat..\....@......................@....tls.........P......................@....rsrc...H....`......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:Windows setup INFormation
            Category:dropped
            Size (bytes):1180
            Entropy (8bit):5.2983927205824415
            Encrypted:false
            SSDEEP:
            MD5:0F79B3ABFDEF4951DCAAFA03B3F73610
            SHA1:7D29E82964EE35D01216187DDB82D158BE4475C9
            SHA-256:0C24D58147428FDDEECFD5ED676D1284C84AAF4C012F95F66FE232F188BC5723
            SHA-512:D0CC86DDA6AF82A387AEB51798C0E138943DE457F7728E730DFA0AC38577BF3D4329E93DA4D1D286524330759C05A2188296E32D2E521871BA7D05BDE6324A59
            Malicious:false
            Reputation:unknown
            Preview:[version].. signature="$CHICAGO$".. AdvancedINF=2.0..[Add.Code].. .adapter=adapter.. .urxdialer.dll=urxdialer.dll.. .urxdialerres.dll=urxdialerres.dll .. .urxvpnad.tag=urxvpnad.tag...ursetvpn.exe=ursetvpn.exe...setupdrvdll.dll=setupdrvdll.dll ... F5Win32CheckHelper.exe=F5Win32CheckHelper.exe.. F5Win32CheckHelper.dll=F5Win32CheckHelper.dll...scew_uls.dll=scew_uls.dll....[urxvpnad.tag].. .file=ignore..[ursetvpn.exe].. .file=ignore..[setupdrvdll.dll]...file=ignore....[urxdialerres.dll]...file-win32-x86=thiscab ...FileVersion=7243,2023,718,858...RegisterServer=no....[urxdialer.dll].. file-win32-x86=thiscab.. clsid={2BCDB465-81F9-41CB-832C-8037A4064446}.. FileVersion=7243,2023,718,858.. RegisterServer=yes....[adapter].. .hook=setupadapter.. .....[setupadapter].. file-win32-x86=thiscab.. run="%EXTRACT_DIR%\ursetvpn.exe" /q ....[F5Win32CheckHelper.exe]...file-win32-x86=thiscab ...FileVersion=7243,2023,718,858...RegisterServer=no....[F5Win32CheckHelp
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):21
            Entropy (8bit):3.0104340890333376
            Encrypted:false
            SSDEEP:
            MD5:F523EAF68A478C6D24EA689E75E8C996
            SHA1:E31339399A5E9EB4270A09598339F0FBA759187E
            SHA-256:73FA0546693D81B34C17E677DA1A4C7470675035CBF7687E26185FAED5D5EDFB
            SHA-512:EEC863FF888E08E53C426E3783A3D68D4657F56522C5FFD868ED934526D15B8243686B04313F0A0CFB74EF00CDB2639184A6BF88D5246461F8C30699112B6FCB
            Malicious:false
            Reputation:unknown
            Preview:7061,2012,0305,1700..
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):250768
            Entropy (8bit):6.275178276127356
            Encrypted:false
            SSDEEP:
            MD5:84408139AF50719F6DDC2639D2677815
            SHA1:89E0482B9B0C2C590C7F3E199678B4C519258620
            SHA-256:6E1843E4C3E8A6E46FCBF012077BD52AE1F302068F3628C0702E86A93E709994
            SHA-512:954557C26C8B8225406384792349277200F691C0349F4080B29DB9807A4228D7066240FE001A22A7FF28A776F79BB9CC964142F346020FBDA1B1C499E69B3BD0
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........El..+?..+?..+?../>..+?..(>..+?...>..+?..(>..+?../>..+?...>..+?u..>..+?..*>..+?..*?..+?..">..+?..+>..+?...?..+?..?..+?..)>..+?Rich..+?........................PE..d....U.d.........." ................................................................P.....`A........................................@3.......4..x.......0>......,........-..........@...p...................H...(....................0..x............................text............................... ..`.orpc........ ...................... ..`.rdata..L....0......................@..@.data...."...P.......*..............@....pdata..,........ ...:..............@..@.tls.................Z..............@....rsrc...0>.......@...\..............@..@.reloc..............................@..B................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:Windows setup INFormation
            Category:modified
            Size (bytes):801
            Entropy (8bit):5.256625677768919
            Encrypted:false
            SSDEEP:
            MD5:09C5ED186785B63A8E202CC4FB41FD96
            SHA1:C50493C62C5733BBDECC86DFE9EFD72CE4956E6E
            SHA-256:C1061730889320D7848ED98945EEB89F4D4E10214AF01DB7796BBB6C01424438
            SHA-512:72FDCC39C33E8A8F90C70A9ED2F6586E4F2805C41234BEAB212BC8AE5567708644984AC3D4B086ECB46CBBEA270D798217DFEFEDC2A444BAF596BC707EE06D5E
            Malicious:false
            Reputation:unknown
            Preview:[version]..signature="$CHICAGO$"..AdvancedINF=2.0....[Add.Code]..urxhost.dll=urxhost.dll..urxhostres.dll=urxhostres.dll..F5ElHelper.exe=F5ElHelper.exe..F5ElHelper.dll=F5ElHelper.dll..F5ElHelper64.dll=F5ElHelper64.dll....[Deployment]..InstallScope=user|machine....[urXHost.dll]..file-win32-x86=thiscab..clsid={E0FF21FA-B857-45C5-8621-F120A0C17FF2}..RegisterServer=yes..FileVersion=7243,2023,718,858..UserEntryPoints=yes....[urxhostres.dll]..file-win32-x86=thiscab..FileVersion=7243,2023,718,858..RegisterServer=no....[F5ElHelper.dll]..file-win32-x86=thiscab ..FileVersion=7243,2023,718,858..RegisterServer=no....[F5ElHelper64.dll]..file-win32-x86=thiscab ..FileVersion=7243,2023,718,858..RegisterServer=no....[F5ElHelper.exe]..file-win32-x86=thiscab ..FileVersion=7243,2023,718,858..RegisterServer=no..
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):2197392
            Entropy (8bit):6.552948387916146
            Encrypted:false
            SSDEEP:
            MD5:278781E9719A59C3CF38452A928005D9
            SHA1:8E3428550844B5A7871BAEFD1CCE9D7DD56C5258
            SHA-256:5D7D5A6AE3F540FFBAEB5026C6FC0C1742F8C9FF53CCB4A90B9714CF23D02370
            SHA-512:029D3A4F0B334DECB1656CEBAEC654A2A75BD08AED1D91D9ABFD123D3A74541E1EBCBE83BB3F16D6C85A51D3F6CCDC8939EF34DA52283E86AA57AF9CF28E796D
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..U-.}.-.}.-.}...~.4.}...y.8.}...x./.}...x...}...{.#.}...~.5.}...y.9.}...x.O.}...|...}.-.|...}...x.*.}....,.}.....,.}.Rich-.}.........PE..L....Y.d............................P.............@...........................!......>"...@..................................5..T........]...........Z!..-......4...P...T...............................@............................................text............................... ..`.rdata...z.......|..................@..@.data........p.......Z..............@....tls.........p......................@....rsrc....].......^..................@..@.reloc..4............R..............@..B........................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):1317776
            Entropy (8bit):6.29985654206837
            Encrypted:false
            SSDEEP:
            MD5:A8FADC9A889949AA2FEFE3291887A5C3
            SHA1:9605F39CF664FE80EEC77601A52AD7DADEE90BF1
            SHA-256:DE78647EF74D188986F65839972BE6247D63B2B028ED65CDE2D8AAC5091E6B3C
            SHA-512:FA6656814C97F71453E06FBFE622E5BF772C62F087EA49754A04A496727F4AD9966F2061CCEC915B12D25C3F2F48D40EACDA0771CF169B363D0861291896E446
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0F..cF..cF..cd..b...cd..bP..c..bB..c}..bP..c}..b...c}..bb..c...bB..cd..bI..cd..b@..cd..b[..cF..c+..c..bN..c.-cG..c..bG..cRichF..c........................PE..L....[.d.................T...................p....@..........................@............@.....................................,.......X................-...`..........p...................\...........@............p...............................text...3S.......T.................. ..`.rdata.......p.......X..............@..@.data....w.......f..................@....tls.................^..............@....rsrc...X............`..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):997264
            Entropy (8bit):6.580675917419389
            Encrypted:false
            SSDEEP:
            MD5:D340A86DA682E365D861BD5975C6FA93
            SHA1:4009D62D5712E25604A0F59A3F6B358CA61F1757
            SHA-256:027824A791DB610B063A791A98D78FBB84ECB768D452DFACA42B301D8978F042
            SHA-512:D861CDEB7290951D03585D21CB4E6CF94058A0B42A9F2B3BD7AD09C4576EFDA3E953B8B87817D354C3DD7BD1F348A34EE915B58A04667A3EDA6672D39EDF5CCF
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......B0IA.Q'..Q'..Q'.$1$..Q'.$1"..Q'......Q'.=.$..Q'.=.#..Q'.=."./Q'..."..Q'.$1#..Q'.$1!..Q'.$1&..Q'..Q&..P'...#..Q'..."..Q'...'..Q'......Q'..Q...Q'...%..Q'.Rich.Q'.........PE..L... [.d...........!.....h...................................................P.......U....@A....................................,....0...................-...P..........T...........................(...@............................................text....g.......h.................. ..`.rdata...............l..............@..@.data...<...........................@....tls......... ......................@....rsrc........0... ..................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................
            Process:C:\Windows\Downloaded Program Files\f5vpn.exe
            File Type:ASCII text, with CRLF line terminators
            Category:modified
            Size (bytes):28588
            Entropy (8bit):5.036773843613283
            Encrypted:false
            SSDEEP:
            MD5:D8CD91ECE273A4CDF79C7FC1108B3B9A
            SHA1:83FA2D9A855584691D17AB70C4610DDD1CAC50FF
            SHA-256:11E66FF5173EED3481AF5A2916E7A2463423DEACA89D4CB954FDC4E3FAC0054A
            SHA-512:710D0F3E4CA705A9245A7EA911D4B199FA5FD8B30AC092EE431B54E088D894C343F0882DF66A393AE3D138C1A4DA11535BB19E602AF71D11C0876F62DD13D34E
            Malicious:false
            Reputation:unknown
            Preview:OS Name: Windows 10 Enterprise..Version: 6.3..Build: 19045..Type: Multiprocessor Free (4 Logical Processor(s))..Primary UI language: 0x9..Short Name: Win1064..WOW64....2025-04-01,20:47:01:517, 5308,3420,, 0,,,, ..2025-04-01,20:47:01:517, 5308,3420,, 0,,,, =====================================..2025-04-01,20:47:01:517, 5308,3420,, 0,,,, Location: C:\Windows\Downloaded Program Files\f5vpn.exe..2025-04-01,20:47:01:517, 5308,3420,, 0,,,, Version: 7243.2023.718.858..2025-04-01,20:47:01:517, 5308,3420,, 0,,,, Locale: en-CH..2025-04-01,20:47:01:517, 5308,3420,, 0,,,, =====================================..2025-04-01,20:47:01:517, 5308,3420,, 0,,,, ..2025-04-01,20:47:01:517, 5308,3420,, 48,,,, current log level = 63..2025-04-01,20:47:01:581, 5308,3420,, 2, \f5/system/Process.h, 154, f5::system::getProcessNameByID, OpenProcess() failed (PID, error), 4, 5 (0x5) Access is denied...2025-04-01,20:47:01:581, 5308,3420,, 2, \f5/system/Process.h, 154, f5::system::getProcessNameByID, OpenProcess
            Process:C:\Windows\System32\msiexec.exe
            File Type:ASCII text, with CRLF line terminators
            Category:modified
            Size (bytes):627
            Entropy (8bit):4.787954188616331
            Encrypted:false
            SSDEEP:
            MD5:B714A819C1BA1162140B89047DF780B2
            SHA1:8A090CA3088CF0810EA61C9E82F426A72C577161
            SHA-256:FFF9CB8F4315F084CD4CACAED65E85C99CD2580905A7D951AE5E6E0606E21A0D
            SHA-512:D0F68AEAAF8556367B11C9A093705F86A215F70028B7190A59D126CA2D8A33DF79A5B4F4C0C8CFF7DC689F4DA155DB1BE0A2B894F7A06C2E96B8B8F50A7DEA81
            Malicious:false
            Reputation:unknown
            Preview:OS Name: Windows 10 Pro..Version: 6.3..Build: 19045..Type: Multiprocessor Free (4 Logical Processor(s))..Primary UI language: 0x9..Short Name: Win8.164....2025-04-01,20:46:59:651, 4724,5040,, 0,,,, ..2025-04-01,20:46:59:651, 4724,5040,, 0,,,, =====================================..2025-04-01,20:46:59:651, 4724,5040,, 0,,,, Location: C:\Windows\System32\MsiExec.exe..2025-04-01,20:46:59:651, 4724,5040,, 0,,,, Locale: en-CH..2025-04-01,20:46:59:651, 4724,5040,, 0,,,, =====================================..2025-04-01,20:46:59:651, 4724,5040,, 0,,,, ..2025-04-01,20:46:59:651, 4724,5040,, 48,,,, current log level = 63..
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:ASCII text, with CRLF, CR line terminators
            Category:modified
            Size (bytes):83503
            Entropy (8bit):5.443383579043714
            Encrypted:false
            SSDEEP:
            MD5:4AB4AFB12C6E0E1166B3952CE5785A86
            SHA1:F7BBDDE5D804FD4906B85A5ABBF70E59D707E313
            SHA-256:46D70D1248B0BFC0FD778557B3EEC03A5A6F1C85B2A6707355726EDDACF4B22F
            SHA-512:6BE011B1977FFE322DC9AEDF456BF37D9B22300F4617138C80FC474B820E16DC942BA67FD0C2900DFAF16068193A9EACE0C17A4F11E0F71EE094CBB94D71E6C6
            Malicious:false
            Reputation:unknown
            Preview:OS Name: Windows 10 Enterprise..Version: 6.3..Build: 19045..Type: Multiprocessor Free (4 Logical Processor(s))..Primary UI language: 0x9..Short Name: WinVI64..WOW64....2025-04-01,20:46:46:477, 6372,6312,SETUP, 0,,,, ..2025-04-01,20:46:46:477, 6372,6312,SETUP, 0,,,, =====================================..2025-04-01,20:46:46:477, 6372,6312,SETUP, 0,,,, Location: C:\Windows\syswow64\MsiExec.exe..2025-04-01,20:46:46:477, 6372,6312,SETUP, 0,,,, Locale: en-CH..2025-04-01,20:46:46:477, 6372,6312,SETUP, 0,,,, =====================================..2025-04-01,20:46:46:477, 6372,6312,SETUP, 0,,,, ..2025-04-01,20:46:46:477, 6372,6312,SETUP, 48,,,, current log level = 63..2025-04-01,20:46:57:209, 6264,4380,SETUP, 0,,,, ..2025-04-01,20:46:57:209, 6264,4380,SETUP, 0,,,, =====================================..2025-04-01,20:46:57:209, 6264,4380,SETUP, 0,,,, Location: C:\Windows\syswow64\MsiExec.exe..2025-04-01,20:46:57:209, 6264,4380,SETUP, 0,,,, Locale: en-CH..2025-04-01,20:46:57:209, 6264,
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):218512
            Entropy (8bit):6.6511007193173715
            Encrypted:false
            SSDEEP:
            MD5:64206BB5164B21C6F0977237BA5EAB71
            SHA1:148DBAB773D523DA5846110D5C217958DA082161
            SHA-256:E8A49FB124A7BAB264A76452F12A6DFE192B7599FC1F1D22415AB7570F0F79F6
            SHA-512:AAC2B8813F94DCF43A633AED9D22A4A3A5F254C3FE95573DDFC80655D2E1A1DE3C06D4EA24214E454A12CD5E9660EEDBDEDEB7EF422CEBCA6248E1DF8DF0CF39
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........J...$...$...$...'...$...!.m.$... ..$...'..$... ..$...!..$...!...$...%..$...%..$.`.-...$.`.$...$.e....$.......$.`.&...$.Rich..$.........................PE..L....U.d...........!......................... ...............................p............@A....................................x.......0>...........(...-...@..P".. ...p..............................@............ ..0............................text............................... ..`.orpc...c........................... ..`.rdata..(.... ......................@..@.data...x...........................@....tls................................@....rsrc...0>.......@..................@..@.reloc..P"...@...$..................@..B........................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):275856
            Entropy (8bit):6.598823958419446
            Encrypted:false
            SSDEEP:
            MD5:8C0A7C17B8F454D43BDCDCC2DA1F8F1D
            SHA1:7C9BB9984553AB927DB96F301EAC0807898470BF
            SHA-256:AC2ED419772D433FAFC8A130F52DD5F83F69917D4ACA9E55D68962CB08F1A7F9
            SHA-512:BF0F388DF664B4AA21F1D9FCD0C91E7D2CAF612030A5E1F31D7BD1076BD103ED6DED3568C838B0810FDD2BB424FDDE33AA535F4697A98A8BA181CA7CE92171D4
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p..;...;...;....q..6....q.......O../....O..)....O.......H..9....q..(....q..:....q..*...;...6....O..>....O).:...;.A.:....O..:...Rich;...........PE..L...._.d.....................8....................@..........................P......R.....@.............................................8................-......h2...v..T....................w......8w..@...............h............................text............................... ..`.rdata..............................@..@.data...h...........................@....tls................................@....rsrc...8...........................@..@.reloc..h2.......4..................@..B................................................................................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):74128
            Entropy (8bit):5.337108882833322
            Encrypted:false
            SSDEEP:
            MD5:44DE2C081DCF94A49913059F713F65BE
            SHA1:EEB682A542FDBB1AEB8D15B01C9CB508C13B1397
            SHA-256:8043D4DE94B5EFF762F489996CF6CC6F05CF4F8ADB4FB9CE5E094E27CC4C01ED
            SHA-512:95B9955AE7E49B4906AD2334FF2863F720135A708EB23D7A9AEB086C2F66FF9859A523176540AAE79FADF9626BB7477D2245B126D9433D59AAA9734B7FA4DD42
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s...s...s.......r...s...r.......r...Richs...........PE..L...._.d...........!................................................................eO....@.......................................... ...................-..............T............................................................................rdata..8...........................@..@.rsrc........ ......................@..@....._.d........|...T...T........_.d........................._.d........T...........RSDS.....Y.D....CJ......G:\cc-builds\apmclients724x-win\1431747\src\rh\vpn\ActiveXDialer\out\Release\f5ActiveXDialerRes.pdb.............................T....rdata..T........rdata$zzzdbg.... ..0....rsrc$01....0-.......rsrc$02....................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):132496
            Entropy (8bit):5.0897854097099815
            Encrypted:false
            SSDEEP:
            MD5:FEAD441558FA715C6FEAE99026E8FAC4
            SHA1:B3D1A71AC2072F9B34F3ED34207DD81E08230929
            SHA-256:1197E76F47F2AF172F72FCEC28F2CA5F82FE930FE05A5BF3486AF482F939E6B6
            SHA-512:F6A56BC506907508DD0CD3475BC7BC0E9EC22FC14A09A26006994E053019F97B8B42E20BEC848937050068C8D9000FCF022F22EDFB1F4DA6505A0AB293EA7BDD
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s...s...s.......r...s...r.......r...Richs...........PE..L....U.d...........!................................................................^................................................ ...................-..............T............................................................................rdata..@...........................@..@.rsrc........ ......................@..@.....U.d............T...T........U.d.........................U.d........T...........RSDSP..Y...D.tXm#1%.....G:\cc-builds\apmclients724x-win\1431747\src\rh\TerminalProxy\ActiveXHost\out\Release\f5ActiveXHostRes.pdb...............................T....rdata..T........rdata$zzzdbg.... ..`....rsrc$01....`9.......rsrc$02............................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:Windows setup INFormation
            Category:dropped
            Size (bytes):582
            Entropy (8bit):5.34908616088762
            Encrypted:false
            SSDEEP:
            MD5:3AF8693AE9E020A35CCC5D62BF17D1FF
            SHA1:9D9B1770FF7CAB5C9EB04B868A04775CC04663F4
            SHA-256:5F4B756AF46F5AD92A15033865FCB9DAFC488F3C5E0124B4B3C2EF8ACD5C5CA9
            SHA-512:BEAAC8D78DE4E46FEF8AC40AB224B200361FB437CAF3F87DB59944053BBB8CC4C8D6FEBC3A8C4F98F84500DEEFD6FEC582104FE166F9517754EBABDB1AA01C18
            Malicious:false
            Reputation:unknown
            Preview:[version]..signature="$CHICAGO$"..AdvancedINF=2.0....[Add.Code]..urSuperHost.dll=urSuperHost.dll..f5LogViewer.exe=f5LogViewer.exe..f5vpn.exe=f5vpn.exe....[Deployment]..InstallScope=user|machine....[urSuperHost.dll]..file-win32-x86=thiscab..clsid={CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7}..FileVersion=7243,2023,718,858..RegisterServer=yes..UserEntryPoints=yes....[f5LogViewer.exe]..file-win32-x86=thiscab..FileVersion=7243,2023,718,858..RegisterServer=no..UserEntryPoints=no....[f5vpn.exe]..file-win32-x86=thiscab..FileVersion=7243,2023,718,858..RegisterServer=no..UserEntryPoints=no..
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):215440
            Entropy (8bit):6.6251185104463275
            Encrypted:false
            SSDEEP:
            MD5:ABD2E801CAE365912285581B1EA53B41
            SHA1:569D5316CB355D89857C4E195326ED8F68EA678B
            SHA-256:36FB8AF6616908B273F3354CD6D7551E7BD3E76C98E6D0D309C37777566AA889
            SHA-512:EEDD29B61C554FB41E39E406FCFB422B6C6AD06CD14BA8B8169A830B8BF6BED84C32224B33A4AECD491D0055FA1C8431BDBCB0ABF1CFCB84F21A280A8C413ECC
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........Re,R3..R3..R3..pS.~_3..pS.~.3..im.~F3..im.~B3..im.~v3...j.~P3..pS.~P3..pS.~A3..pS.~E3..R3..K2...m.~Q3...m.~S3...m..S3...m.~S3..RichR3..........................PE..L...bZ.d...........!......................... ...............................p.......G....@A............................x.......d....0..p................-...@...)..p...T...................$..........@............ ...............................text............................... ..`.rdata....... ......................@..@.data....3.......(..................@....tls......... ......................@....rsrc...p....0......................@..@.reloc...)...@...*..................@..B................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):509840
            Entropy (8bit):6.681687040363451
            Encrypted:false
            SSDEEP:
            MD5:911814550210F47D6EDB9E2A2F07D215
            SHA1:BD21583C0278379B95EA61C374876202D857099C
            SHA-256:7851CEAB411580BC4F02CF62B18F3EEA4D2EFE8AD46F4E14889BC82B9566C343
            SHA-512:52E77AA95DB64B7EE56D12117B0667931DE6929CE3D98766ED1C42806EB3539F627FDE16A465449CC26ED91EA552289F062CA60B9C49C2EFFC4BEC4581E7C478
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.b.b...b...b...@...o...@.......Y...v...Y...r...Y...F.......`...@...`...@...q...@...{...b...........a.......c......c.......c...Richb...................PE..L...bZ.d...........!.....b...@......P...............................................P.....@A.........................................`..p................-...p...r..p...T...................$..........@...............\............................text...j`.......b.................. ..`.rdata...............f..............@..@.data....4.......*..................@....tls.........P......................@....rsrc...p....`....... ..............@..@.reloc...r...p...t...&..............@..B........................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):9068189
            Entropy (8bit):6.691085060824123
            Encrypted:false
            SSDEEP:
            MD5:A2BDBB06345A35866F02583E8A69A489
            SHA1:5AD1F110D85F5A84B1D0B9DF65CCD9ED8F935C5B
            SHA-256:32AA9676F46A44CE230909A3F1459794EB6CA8434AFDFCED203F95BA417C8C5F
            SHA-512:80BCF8B8BB0B87DF2335537743F59772F1B36CD9503B89736579F0215EFBEFB975DBDB416D623CD4B49912F281DDA4FB6DB72FE6DD8ED26C1519B3F2F3B29936
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@.Z.@.....@.....@.....@.....@.....@......&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..BIG-IP Edge Client..f5fpclients.msi.@.....@...H.@.....@......icon.ico..&.{F2489D24-E7C7-4BD8-9D9B-933153C62330}.....@.....@.....@.....@.......@.....@.....@.......@......BIG-IP Edge Client......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{1FDD76FE-AC12-4C83-BE85-9F997D574EDC}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..&.{1FDD76FE-AC12-4C83-BE85-9F997D574EDC}...@.....@.......@#....@.....@.]....&.{C8364D8B-2E12-443E-A5B9-57B31D020598}*.C:\Windows\SysWOW64\F5InstallerService.exe.@.......@.....@.....@......&.{E3878270-33D5-4DC7-B7F4-84CC2D6AB810}$.C:\Windows\SysWOW64\F5CredMgrSrv.exe.@.......@.....@.....@......&.{8C1382BF-B240-4F12-9E9F-B694205CD979}...@.......@.....@.....@......&.{73483232-DFAA-4530-8DB2-CF46F76D4052}#.C:\Windows\SysWOW64\f5netprov64.dll.@....
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):9068189
            Entropy (8bit):6.691085273521104
            Encrypted:false
            SSDEEP:
            MD5:9E2CCED03955BE3B5CB5050103EDCB2B
            SHA1:8E927B95C8D406225CAD0839A9162EE721C78B39
            SHA-256:979252977230D21A424F3F0EFF00722E1FFD7F5ED97798F6FF8085D387EE27D8
            SHA-512:E6699474878BBB6E9BB37D06E09C47B0F68F8E6575D154B6D2D0A072617852808634E8F5E47A93331F24202B49D4F0BF36FE213BEC8CA8B905226C8528B9E2B4
            Malicious:false
            Reputation:unknown
            Preview:...@IXOS.@.....@..Z.@.....@.....@.....@.....@.....@......&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..BIG-IP Edge Client..f5fpclients.msi.@.....@...H.@.....@......icon.ico..&.{F2489D24-E7C7-4BD8-9D9B-933153C62330}.....@.....@.....@.....@.......@.....@.....@.......@......BIG-IP Edge Client......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{1FDD76FE-AC12-4C83-BE85-9F997D574EDC}&.{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}..&.{1FDD76FE-AC12-4C83-BE85-9F997D574EDC}...@.....@.......@#....@.....@.]....&.{C8364D8B-2E12-443E-A5B9-57B31D020598}*.C:\Windows\SysWOW64\F5InstallerService.exe.@.......@.....@.....@......&.{E3878270-33D5-4DC7-B7F4-84CC2D6AB810}$.C:\Windows\SysWOW64\F5CredMgrSrv.exe.@.......@.....@.....@......&.{8C1382BF-B240-4F12-9E9F-B694205CD979}...@.......@.....@.....@......&.{73483232-DFAA-4530-8DB2-CF46F76D4052}#.C:\Windows\SysWOW64\f5netprov64.dll.@....
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):2.633673097293096
            Encrypted:false
            SSDEEP:
            MD5:C4329056EC1D3B8197FD8239407FD77C
            SHA1:A1F3B88BDF1172F50F57200B1C96894325F78BF7
            SHA-256:5B9478BE2F9B7213E32FB808D032945D9A7FBB3B417BA29A97B56F0D7656CEBE
            SHA-512:7E3ED793B06672F99D9A92CE73E7894BFEF25957664B71037E38B3297443A026A555425FD53DB81114C9DE51BD47EB012122DB9E89356625A83990A34BA93974
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.893967575514975
            Encrypted:false
            SSDEEP:
            MD5:5B9CEE918A380786627990CB39936852
            SHA1:5C5D7CE61F3A73AFFB3367B3244490CAD6594227
            SHA-256:FB150005B2F9E3886A2A764FE75C7469ADB41B2A5EBD2897B948DB2860775A80
            SHA-512:B10F9C1778A0E4BAF15CAF7A65CBD8D7D2CC515EB1C8C294FB1BB021A9C9F13C995A0CF72070B0BB331A5A8EF99A3921383763E50AB1028ECA11B23338947CB4
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
            Category:dropped
            Size (bytes):454234
            Entropy (8bit):5.356167597962544
            Encrypted:false
            SSDEEP:
            MD5:D5267ACE9BC0485C71B031AAA37C43A1
            SHA1:BB304CB76E4F5B35EB5726565565DC95584FCB63
            SHA-256:D5B69A8D6267A1B07323F2EF2977218970039C2EC45CC2FAA112C28E3FB87CEF
            SHA-512:0AE4609D14EBF7543C8626DD0A98E59FF9CA80BC4F79E3D3331C8CA5E30072A643E36023D2603E19888BB4D5B69C63968A08EB26611D02A1C50F263A3BCD7F29
            Malicious:false
            Reputation:unknown
            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [
            Process:C:\Program Files\Windows Defender\MpCmdRun.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:modified
            Size (bytes):7388
            Entropy (8bit):3.2441679064338733
            Encrypted:false
            SSDEEP:
            MD5:50F547243996654220CC4050EB49BE42
            SHA1:1911CBB790F7B1377B3F88B7B4015AA9820B0502
            SHA-256:B91894540CC152ED51A71C4FF3314BB0242E722EEE201853B85F2E3C4E32D6BD
            SHA-512:31E6EF260E56A359399D131614644ACFDA4ABA747D6E1B1BE355301FB9C622CF690E1CC3BC4D989D68D26986C11630638DB41D06A64FFC25CF01553331622732
            Malicious:false
            Reputation:unknown
            Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):586640
            Entropy (8bit):6.453373650945441
            Encrypted:false
            SSDEEP:
            MD5:055B72D0282B79299C39DEC924C0057B
            SHA1:5C3FC3B8A38F9B60D44D2994893379C3D41206A6
            SHA-256:E7D5CB0D62398912282D3F485DFFB1FA6627249C7DA67CA5D0DFC1AD9DB1EFCC
            SHA-512:5B1AEF215CE2637DE117D7963BC7A364F9CE3499B5FC79C6694EFC6A96DE051F6066FB21A25C8BCE4C66112D043125EA74745E4E16B5D41A9D08494295FFF3A8
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......<..Tx.d.x.d.x.d.Z.a...d.C.g.m.d.C.`.k.d...a.z.d.Z.g.t.d.Z.`.k.d.Z.b.y.d.C.a.L.d.Z.e.k.d.x.e.J.d..a.h.d...y.d.x...y.d..f.y.d.Richx.d.........................PE..L...;`.d.................2..........p........P....@.......................... ............@..................................4...........................-......Di.....T...........................H...@............P...............................text....1.......2.................. ..`.rdata..f....P.......6..............@..@.data...X1...P..."..................@....tls.................P..............@....rsrc................R..............@..@.reloc..Di.......j...\..............@..B................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (console) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):776592
            Entropy (8bit):6.513833956797653
            Encrypted:false
            SSDEEP:
            MD5:F39C8DF6B4F99368B7246CF56D013605
            SHA1:DE02F001D4652029946982F7253919450DE6BDE4
            SHA-256:BFE2D75E338851BB2521272CBC0CA00B221F8AB057A16916C4BCA2D3EBAB78D3
            SHA-512:BC49C7E8CCF4ABF015716405BF6CBA7AB38A20631DAC133429CE67E710E49E90EC63E5592536FC99FD31BF7305247DC7181677FD0CDC8D33072A0EC21E2969C6
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D.S.%...%...%...E...%...E...%...E...%...{...%..3{...%...{...%...{...%...E...%...%..S%..3{...%..6{E..%..3{...%..Rich.%..................PE..L...df.d.................R...j...............p....@.................................g,....@..........................................`...................-...p..,...`...p...................,...........@............p.. ............................text....P.......R.................. ..`.rdata...q...p...r...V..............@..@.data...PV.......D..................@....tls.........P......................@....rsrc........`......................@..@.reloc..,....p......................@..B........................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:modified
            Size (bytes):5659536
            Entropy (8bit):6.672080831369846
            Encrypted:false
            SSDEEP:
            MD5:350E0F5133C0F8ED3DF49890E0A544E5
            SHA1:FEB3EC2B885B6FA58FA9971ACC105F1B6F45B84F
            SHA-256:A138868A8B52E27345F3A7205597A9ADA6859216D1FE1B74E08E1F41BED18285
            SHA-512:8ECF422E106C98BD40A48D004263F4B2C529B5F705418AB08D7064259EEEDC21B88FDFD0293637C275784EB3AABC0543B22A8C4AB13D94534C1F7D5C5284BC75
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$............~...~...~......I~..a ...~..h.$..~... ...~..O/}..~... ..~... ...~...'...~.......~.......~.......~...~..(~..a ...|.......~...~...|..a ...~..d ...~...~t..~..a ...~..Rich.~..........................PE..L....f.d..................>..$......`97.......>...@...........................D.......V...@.................................T.Q.|.....?...............V..-....@.4.....M.T...................T M.......M.@.............>..............................text.....>.......>................. ..`.rdata...l....>..n....>.............@..@.data........0Q......"Q.............@....tls..........?.......R.............@....rsrc.........?.......R.............@..@.reloc..4.....@.......R.............@..B........................................................................................................................................................................................
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):812
            Entropy (8bit):7.531546623751836
            Encrypted:false
            SSDEEP:
            MD5:113834E9AF5E0EF8CB14306D25BBB5F1
            SHA1:C1359FD5220F3FCE5AC6030244BF1FE8FF4CDAE9
            SHA-256:4F91D3CA4CCDA6A25C0377F7B1AB882C4CCF21F18831511CEBEA93C17B350499
            SHA-512:2522C1880A31C549F810F847BC34D506907C219DBD088F60FD21E1A91DB523A1234728140415B7CA3896E70BEC7055E15E280C85F010366D83C20E28EEBE2618
            Malicious:false
            Reputation:unknown
            Preview:0..(......!0.....+.....0......0...0..k0i1.0...U....US1.0...U....Entrust, Inc.1B0@..U...9Entrust Code Signing Root Certification Authority - CSBR1..20250122144700Z0s0q0I0...+........k..E<L.L.j.Q..9@XZ......=...q.7....i5W...5..{.4.j...F.15+....20250122140000Z....20260122135959Z0...*.H.............G8]..\..q}B._(8..8W...B.aQ..Q.15....SO6..7l}..........;....n...vS..rC..10.....|R.?....F/.N"...#....z.r.b...=.bu...6p.f.6._...@..w.UE&.3)A(...|...y._....gf....K../.......&n.X.t#....4...'-.c...L4h.BZ.4..25..V........ F....(..o.....8..|.M.u...Wny.@4V..'..A.%...9D.,.G............c.!TW....{I~%+e.{`}co....:....n.k..{...k.au.."*..u<.4..t..$.Y..l-[.....L...}g|Ub..F...g.;h.g@.....}.(."j3Ud.d..}.dcs............s8..^.[G|Z.H..G..zq<..f>'...q.....dC...(.B!.v.....r..`4..\.&...`@.g...w}.tQ..v.b.i.~
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):1580
            Entropy (8bit):7.455115918048376
            Encrypted:false
            SSDEEP:
            MD5:3A057920801914639A4D82A09DDD0C0B
            SHA1:0EA8566469E776B4302657F05AEB2A51A3A808BD
            SHA-256:0F5F18A1D438F6DE421BCAF40A6D51926B9627B056C5EC95DBD9D532E8452B22
            SHA-512:7BAE4D7AF20C858E61A212714E10712C05ECDA689B100DBF9605B16F781A7F9D00C0E2147864046921C9E0733B8EC2D123604A1FA0255EBCD0EA98E84A566057
            Malicious:false
            Reputation:unknown
            Preview:0..(......!0.....+.....0......0...0..H0F1.0...U....US1.0...U....Entrust1%0#..U....Entrust Validation Authority..20250401115200Z0s0q0I0...+.........\...a......A[B'...jr&z...}.;iQ.l....f...N@.7T......Q......20250401110000Z....20250408105959Z0...*.H...............W.G..C..5w...|.._\.!.pL.VQ.c.y..T.......M(..'!Q..B.5.zD0G.3...cn..>.....V.....AZ.....dB.......B?.6.........AR;..'...K>.q.P..`,U6...~T...^<....8...!%.o.........s.wj2.j.F.b;<.....v...]...~...s6.'ad-....[._...3.....Ie.`(.MN.*."..[{.%vU...R..0....0...0...0...........;.h....,..N..0...*.H........0..1.0...U....US1.0...U....Entrust, Inc.1(0&..U....See www.entrust.net/legal-terms1907..U...0(c) 2009 Entrust, Inc. - for authorized use only1200..U...)Entrust Root Certification Authority - G20...240626145745Z..250626145744Z0F1.0...U....US1.0...U....Entrust1%0#..U....Entrust Validation Authority0.."0...*.H.............0..............3x.F.'.B..$..-..P@.M....]e..4.B.K..6..p.dk#m'.I.0}X.|...'...8.h..=.....;......<-...n....
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):806
            Entropy (8bit):7.5269320662861885
            Encrypted:false
            SSDEEP:
            MD5:ECDB54B631BB82D99EAEF4CD7E7BB0ED
            SHA1:3FEE425F41AC01ED8B091F72677DB83AFA2AAC4A
            SHA-256:F8AC7C2ACEBFFBF57DA7DD6D35C8388585709969396A982F4013C9C9F3C9DED4
            SHA-512:EE6972E5A116A2645BB987AC70AC95007CA92C0ACF6267DA4B176D188B5FC1E13357AED5E1B69E364638DB532FEB908DE0C7B064D752CD8C93D08D60B7D15AFA
            Malicious:false
            Reputation:unknown
            Preview:0..".......0.....+.....0......0...0..e0c1.0...U....US1.0...U....Entrust, Inc.1<0:..U...3Entrust Extended Validation Code Signing CA - EVCS2..20250401090900Z0s0q0I0...+........i.d.)...r ..'d{....*...O.Q....b.1#a.a...x..e.....Y..j.{-.....20250401090000Z....20250408085959Z0...*.H.............<.%.....TH5W4..L.....6....`...%)6]4.n..uIK..m...\3.2.xl.F.$.....3.H.vxXJ..q.M...V...d..b4{..wh..xC..=.F.m...........-...j.......%!|F<....e..g&.p..L..a..@...-Y.&.m.;..'e.).....P).U...q.......mC...E..>m.UGr..j?I..]T+.L$g{b....9....lM.3..JE.c........sbX.`.b..W@2...#wRHF.....).&...wYy8.g..a...s..9..V9.(...;P.G.5.~+.j'}.q...._4....(.U....[....p.Sz.g1 .. .(..#J[..I..>...x?..P....V..K-Y.dzBm{..."..#.@.>GD...P0.D.E.2EL).38.....F.zA......i.[.........1.....1..].....!:..x..N..x.Ap.....M.#....1.
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):17435
            Entropy (8bit):6.588533995448455
            Encrypted:false
            SSDEEP:
            MD5:D800264049EC18CA25E519CAC77CDF95
            SHA1:5F4137494184B429163D520D9E13B91775DAD8B0
            SHA-256:EF151282882EEE5FD374D8860731A19FDA6FC7ACB9FEECF8EBAC5FA060761FF4
            SHA-512:84EFA80BB91ED7C24D953E35EE790CEE10DFF78798D52150BC0679529C13F6B777E043140D64C4D7D10972541E7A6587C851A2AB2505E8FF9B5410DACDBB8DFA
            Malicious:false
            Reputation:unknown
            Preview:0.D.0.A....0...*.H........0c1.0...U....US1.0...U....Entrust, Inc.1<0:..U...3Entrust Extended Validation Code Signing CA - EVCS2..250401145350Z..250408145349Z0.A.0!..Q}..j..Xj....F...240424164614Z0!..K.TUI.N5......M...221219162954Z0!..nY(.......+v..6<..240916143133Z0I..5n=.^.C[..........220823121242Z0&0...U.......0...U......20220823114521Z0/...W..\.a...<..61...210602094606Z0.0...U.......0/..H..[...}.#.E..1...240509105607Z0.0...U.......0!......L....$.K...H..240124103938Z0!..*L./'{...s.......230628194025Z0/..x.g..........m..210722030447Z0.0...U.......0!..tXb2``2..=.-<h%..240515114754Z0!...JU..{.Uf\.I..}...221205101700Z0/..Y..L.Zn-L}..0.Zp..210722070621Z0.0...U.......0/..RJ.D.....P.......211202192911Z0.0...U.......0/..p....umO....o.[..210809172110Z0.0...U.......0!..VH.I......LT....221209194927Z0/........4..<.......210702171851Z0.0...U.......0/....E.+..^?.(.AK....210928110305Z0.0...U.......0/..S......_0..R....210624121150Z0.0...U.......0/.....ll.D..SnS.....211028124014Z0.0...U.
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):540
            Entropy (8bit):3.9508058228192
            Encrypted:false
            SSDEEP:
            MD5:78723AB27707225A998A072520037DBB
            SHA1:63CAB7FE59701C35711C69924F1DB4B6AE5ECCA6
            SHA-256:F4EE8AA3F661B35158529D5C16C6433B42AC968BA755C7A2E3F317BEA9A11D2A
            SHA-512:673ABFDD57D358E9A34FFDE87700DFB95C163CD5A004846E923830B6F49A83ED6073F99147F32628D3CB88B9A312812D8C8F8C4452FCA81A62369A0B1B41E181
            Malicious:false
            Reputation:unknown
            Preview:p...... ...."...m.$IG...(.................$..l....Re......................Re.... .........$..l..................,...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.R.r.2.b.w.A.R.T.x.M.t.E.y.9.a.s.p.R.A.Z.g.5.Q.F.h.a.g.Q.Q.U.g.r.r.W.P.Z.f.O.n.8.9.x.6.J.I.3.r.%.2.F.2.z.t.W.k.1.V.8.8.C.E.D.W.v.t.3.u.d.N.B.9.q.%.2.F.I.%.2.B.E.R.q.s.x.N.S.s.%.3.D...".4.F.9.1.D.3.C.A.4.C.C.D.A.6.A.2.5.C.0.3.7.7.F.7.B.1.A.B.8.8.2.C.4.C.C.F.2.1.F.1.8.8.3.1.5.1.1.C.E.B.E.A.9.3.C.1.7.B.3.5.0.4.9.9."...
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):528
            Entropy (8bit):3.933150360686498
            Encrypted:false
            SSDEEP:
            MD5:D26B9126C21DB8245C851FBFEBD2267A
            SHA1:D112154A827F88B4267DC0B23946C52F1E7FEB53
            SHA-256:F3FE7950E0631712B2A46EFAE62EB7F6101F0D48D3428828976631B96FFD8A1F
            SHA-512:A03C559BAA139FDA3B950613D6F7A272701BCA360B6FA941A9A350AF644F5EA4CE18151FAFD3234CE287EBCF1183F26D0183B89CD7B56EF76172F6AC9BD80E11
            Malicious:false
            Reputation:unknown
            Preview:p...... ..........>7G...(................8X6......^u.....................^u... ........8X6....................,...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.L.X.N.C.z.D.v.B.h.H.e.c.W.j.g.7.0.i.J.h.B.W.0.I.n.y.w.Q.U.a.n.I.m.e.t.A.e.7.3.3.n.O.2.l.R.1.G.y.N.n.5.A.S.Z.q.s.C.E.E.5.A.5.D.d.U.7.e.a.M.A.A.A.A.A.F.H.T.l.H.8.%.3.D...".0.F.5.F.1.8.A.1.D.4.3.8.F.6.D.E.4.2.1.B.C.A.F.4.0.A.6.D.5.1.9.2.6.B.9.6.2.7.B.0.5.6.C.5.E.C.9.5.D.B.D.9.D.5.3.2.E.8.4.5.2.B.2.2."...
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):540
            Entropy (8bit):3.964873284881425
            Encrypted:false
            SSDEEP:
            MD5:2748F11B73B0C70826E1FF19C876E25F
            SHA1:72B9CE7A65E21122724B7789210E60F0F08A74D4
            SHA-256:1A50CC21991DD882474BFB2107D6A87CD090C1DD391C309BB7B969757432154F
            SHA-512:0BC786028CA931A1A00226D40C6477C26D19445762857B85F39DDB46A18CD845AD9952C867F9FAAAF560A1DB3AC362EC20FA5AEC3F0411F7E82D96201B1082E6
            Malicious:false
            Reputation:unknown
            Preview:p...... ...."...l..[G...(................h.r.......d.......................d... ........h.r...................&...h.t.t.p.:././.o.c.s.p...e.n.t.r.u.s.t...n.e.t./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.R.p.%.2.B.m.Q.D.K.a.u.E.4.n.I.g.%.2.F.g.k.n.Z.H.u.B.l.L.k.f.K.g.Q.U.z.o.l.P.g.l.G.q.F.a.K.E.Y.s.o.x.I.2.H.S.Y.f.v.4.%.2.F.n.g.C.E.G.W.4.H.A.D.K.t.s.p.Z.v.o.B.q.8.n.s.t.n.N.M.%.3.D...".F.8.A.C.7.C.2.A.C.E.B.F.F.B.F.5.7.D.A.7.D.D.6.D.3.5.C.8.3.8.8.5.8.5.7.0.9.9.6.9.3.9.6.A.9.8.2.F.4.0.1.3.C.9.C.9.F.3.C.9.D.E.D.4."...
            Process:C:\Windows\SysWOW64\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):288
            Entropy (8bit):3.054698257636291
            Encrypted:false
            SSDEEP:
            MD5:90321F2695D63414E8B0D9A70B7CE6F1
            SHA1:C7136217B49332019FC05B05A0BAD20584407812
            SHA-256:4E676BC85852FCB80B60382FE4D7B0AD875BB8AC0935998C27452BECD5E16D0C
            SHA-512:26B0EC209D7CB66CA4A14C3E0E6AA26B87A27D3DFE0B21716AEEF87A422156AEF2616DBFB438EF80134E669F40DEC618DBEC63CD417612A366673DDFCF01C060
            Malicious:false
            Reputation:unknown
            Preview:p...... ....B.....,[G...(....................................................... ........!..........j............D..h.t.t.p.:././.c.r.l...e.n.t.r.u.s.t...n.e.t./.e.v.c.s.2...c.r.l...".d.8.0.0.2.6.4.0.4.9.e.c.1.8.c.a.2.5.e.5.1.9.c.a.c.7.7.c.d.f.9.5.:.1.7.4.3.5.1.9.2.7.9...0.7.4.9.3.3."...
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (native) x86-64, for MS Windows
            Category:dropped
            Size (bytes):55648
            Entropy (8bit):6.511804090450235
            Encrypted:false
            SSDEEP:
            MD5:02D45AC8D7194ADF647CADF73BA0DA59
            SHA1:6142A950C3D3153A1C6D83277CD84398A00C9612
            SHA-256:AB5C8CD7382D2B8BA769A6315A67361D028936A95E5CA2F8B400450715FCFEDC
            SHA-512:EC619D0F501DF3788C4B1A90F820C3739325364126A8608DF5264F6523F54A4AF8060C387D9EB1AC1E8A3873FB8C61C2EBD32138D00E0448057ED7A0156C3608
            Malicious:true
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-..C...C...C...E...C...B...C...B...C...F...C...@...C...G...C...G...C.......C...A...C.Rich..C.........................PE..d....`.Z.........."......n...(......x..........@.....................................u....`.................................................p...<...............t.......`?......4....h..8............................i...............`..X............................text...QF.......H.................. ..h.rdata..0....`.......L..............@..H.data................`..............@....pdata..t............d..............@..H.gfids...............j..............@..HPAGE.................l.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..4...........................@..B................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
            Category:dropped
            Size (bytes):617872
            Entropy (8bit):6.470134510383238
            Encrypted:false
            SSDEEP:
            MD5:4940B76C5B820E8CA543D339BCF8FAF3
            SHA1:80896B3EA281725AF6596CDC8FF04D848E8103AB
            SHA-256:315503B27BEF212A3E4594E11C89144CACE115C58EC0268D0C0E9A54C5BC4179
            SHA-512:69B02CB7300D76E962AF98D68A0EEB9EB3C8C13660AB4940469528D23A38F88A475EC9B6A1F91AFC252FEAF6471319B9C7E60BA87FB43B44F4DFB4370E67E944
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........:...[.G.[.G.[.G.;.F.[.G...F.[.G...F.[.G...F.[.G[..F.[.G.;.F.[.G.;.F.[.G.;.F.[.G.;.F.[.G.[.G.Z.G)..F.[.G,..G.[.G.[pG.[.G)..F.[.GRich.[.G........................PE..L...1f.d.................:...................P....@..................................Z....@............................................X............@...-.......x.. ...T...........................x...@............P..(............................text....9.......:.................. ..`.rdata...F...P...H...>..............@..@.data....C.......0..................@....tls................................@....rsrc...X...........................@..@.reloc...x.......z..................@..B................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
            Category:dropped
            Size (bytes):348048
            Entropy (8bit):6.261687864292811
            Encrypted:false
            SSDEEP:
            MD5:B418178E4299F4C5B701225E4CE52A42
            SHA1:DEF76599FDF5E68883D4007C417E1A4515B743E5
            SHA-256:A149361C91B8877F4DC274DF9E744A27B2AC97F8AE24C818E69BAF9F981F21B1
            SHA-512:D1DBF46B60A53BBC812D6396D27C23246BAAAB883FA0964B828A5B1340FE7904904476BCBE1A15BAC1DD571FB836A3BD31744C1536EBD4046245CABE278D5FEB
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'..F..F..F..-..F..-..F..-..F..2..F..2..F..2..F..-..F..F..G.B2..F.B2..F.B29..F..FQ..F.B2..F.Rich.F.........PE..d....Z.d.........." ................pI....................................................`A................................................`........p..P....0...%..."...-......t....v..p....................x..(....v..8............................................text...\........................... ..`.rdata...Q.......R..................@..@.data..., ..........................@....pdata...%...0...&..................@..@_RDATA.......`......................@..@.rsrc...P....p......................@..@.reloc..t...........................@..B................................................................................................................................................................................................
            Process:C:\Users\user\AppData\Local\Temp\F5_TMP_1737816116419021138162\ursetvpn.exe
            File Type:PE32+ executable (native) x86-64, for MS Windows
            Category:dropped
            Size (bytes):49560
            Entropy (8bit):6.770563382852907
            Encrypted:false
            SSDEEP:
            MD5:BF901F72700769492BEF37003AC8BAD9
            SHA1:6846E7EEADD8FB8FDD0889FCAE6799A038A26ECA
            SHA-256:82893F0E797869C0BA52DC130D7CAD7281AD1ED699FE93DFCF18F58893368C31
            SHA-512:0F2AAAB6C5BD450C1AEC1B76F0DD2CFF58A55F5660EF488E56C72DB9BE74BA41B9EE6EA4952380976C53706DB2CD0345D6C509584FDF5591D2F8219CFA720201
            Malicious:false
            Reputation:unknown
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.:A!.T.!.T.!.T.5.R.&.T.5.U.&.T.!.U...T.5.W.$.T.5.P.'.T...P.$.T..... .T...V. .T.Rich!.T.................PE..d......b.........."......L... .................@....................................q.....`A....................................................P............`.......p...Q......4....F..8............................F...............@...............................text...*%.......&.................. ..h.rdata.. ....@.......*..............@..H.data........P.......:..............@....pdata.......`.......>..............@..HPAGE.........p.......B.............. ..`INIT.................`.............. ..b.rsrc................h..............@..B.reloc..4............n..............@..B........................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):73728
            Entropy (8bit):0.26155981214721225
            Encrypted:false
            SSDEEP:
            MD5:19248AB862DE6A25D8AFDFEC142D5DB8
            SHA1:878E7BA296796B8AC3271244B4E7442D8AAE418D
            SHA-256:B138D076E4FAFEF19B6778708944B42F9E1D183C066B3C8962AE93ADC2497B2D
            SHA-512:1D43099BFC61D725C2AB333B4C6C223DC7E11DB62C4181AD3B1D4C82E5352C2B3594AFC37C536D701A084B78BF4E382324894ACCB6D0F8D08131CB4C4423E346
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):1.1497706625642787
            Encrypted:false
            SSDEEP:
            MD5:CBE0AE6220387667347616B69165A63D
            SHA1:3E146723E9507C0BC5D7E8EC27730A21655617D3
            SHA-256:B762AEE18CAE0A39C56959867202753923746F9A9F8B158E396E6138E8265981
            SHA-512:9EDC7B38558A07CC0ED6649A4EC8D21F786577DD1A50956FFFC018EE74DD4460DDFA9ABCA781F420A564C4901018115BA110184ED8F009AEC5390ADF0E7E0502
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):20480
            Entropy (8bit):1.8938710372683736
            Encrypted:false
            SSDEEP:
            MD5:3F10517FB9234589AEFB60977D4B351C
            SHA1:367DA05CEBAFEC2A07E358B43D65C6B466EA4D41
            SHA-256:D70EBF6848F8B9FC7E8AAB349FA3E8B5355399E597AC0CFF860197B4D4532641
            SHA-512:73C7DFC76F2F21CCE15053CDE6F6A48EBB4D56B31E533C8DC5B3454FFC64CA22C018896A99C6200EFA01E7AAC9EB08803596742FC2CBC579940B86452594B49C
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):1.4923804111858439
            Encrypted:false
            SSDEEP:
            MD5:0502B665BF87E64DFBEB11BC89DFC7C1
            SHA1:C22AE38AEEB2231ED0F64A9632952376348BCC90
            SHA-256:2CA38A75ED9734F67499EDB0783B873669AC4242BD5C9F2D9ECC4055B8D3E73B
            SHA-512:B56BFF99990B6ADAD23E17EE746C3303069F04A35D0E890A2756C94A305B46CE3F5D0E8A9976E945A1D576700ED8EF9D0635360DA30660686BA04FB41DBD0245
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):32768
            Entropy (8bit):1.4925783100359
            Encrypted:false
            SSDEEP:
            MD5:0D6B11F57BAA12784180E2B863CFC105
            SHA1:A1FA8F86D98651FD6A18EEF2F0EAC3531AF51453
            SHA-256:EC4BDBB9A45B033525EE9FF7A82E8AD86410588F3CBBB64DA004020E82122295
            SHA-512:4E602A6BAE10C49CCE3FE493429C924BA5A77EFD103D1DF57F4226F25D2DBEA3560D9AC88D888DD5835D9AA2ED7BB57927C87C7734BD3378EB2A9F97CE426785
            Malicious:false
            Reputation:unknown
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):512
            Entropy (8bit):0.0
            Encrypted:false
            SSDEEP:
            MD5:BF619EAC0CDF3F68D496EA9344137E8B
            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
            Malicious:false
            Reputation:unknown
            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            Process:C:\Windows\System32\msiexec.exe
            File Type:data
            Category:dropped
            Size (bytes):73728
            Entropy (8bit):0.26149443469093986
            Encrypted:false
            SSDEEP:
            MD5:44B12AF49C179715B724B667137F505B
            SHA1:59184E14C250996B301412EBA81638AB93C15150
            SHA-256:8DD73EF62ACA273B01773EA462E3C107D8BFF9F8EA31FF9960731FBF767B17B6
            SHA-512:F8FFE3A839548C0FE35EBFFEFE3C0C75AB203AD38D613BD0A9BCBC97B5A669961A48B578073F0D6491B6DD12147EDF17B18E12809C6595992ACEF12FBE1F77EB
            Malicious:false
            Reputation:unknown
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
            File type:PE32 executable (GUI) Intel 80386, for MS Windows
            Entropy (8bit):7.998311586042876
            TrID:
            • Win32 Executable (generic) a (10002005/4) 99.96%
            • Generic Win/DOS Executable (2004/3) 0.02%
            • DOS Executable Generic (2002/1) 0.02%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:BIGIPEdgeClient 2024.exe
            File size:32'294'824 bytes
            MD5:f5ddc35484fadc74b8b577278c85ba10
            SHA1:0db38695a6e070a2b2eb75a89482a9460a1d63c3
            SHA256:6552659af321c91350cdb76dbf30219ed16bea081c7fb43e308fb137da1f541f
            SHA512:1c435b2e998198355d82dd089b68e4ab0e49878fe0638c09975ef793085a537289e63e09f0c4cb656ae03d0f3ed2322b53e41341ab62e1f82b658e0afe25ac62
            SSDEEP:786432:5dD9ly1GbCZh/spH9keZmqmPTwacooKg7Jou:fGwCv/sx9kewqIkacoG7Ku
            TLSH:066733107A96E921F2728A361FB49379A99DB4128B2582EFD3CC0FB92D406D1C737717
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................`...Df......................?...............M...............................M.......H.%.....M......
            Icon Hash:2d2e3797b32b2b99
            Entrypoint:0x424b20
            Entrypoint Section:.text
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
            Time Stamp:0x64B65A7F [Tue Jul 18 09:25:19 2023 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:6
            OS Version Minor:0
            File Version Major:6
            File Version Minor:0
            Subsystem Version Major:6
            Subsystem Version Minor:0
            Import Hash:77e82d910b00f5dda4227cfbcd1516ff
            Instruction
            call 00007F1E949FE149h
            jmp 00007F1E949FD9DDh
            int3
            int3
            int3
            int3
            int3
            int3
            push ebx
            push esi
            mov eax, dword ptr [esp+18h]
            or eax, eax
            jne 00007F1E949FDB6Ah
            mov ecx, dword ptr [esp+14h]
            mov eax, dword ptr [esp+10h]
            xor edx, edx
            div ecx
            mov ebx, eax
            mov eax, dword ptr [esp+0Ch]
            div ecx
            mov edx, ebx
            jmp 00007F1E949FDB93h
            mov ecx, eax
            mov ebx, dword ptr [esp+14h]
            mov edx, dword ptr [esp+10h]
            mov eax, dword ptr [esp+0Ch]
            shr ecx, 1
            rcr ebx, 1
            shr edx, 1
            rcr eax, 1
            or ecx, ecx
            jne 00007F1E949FDB46h
            div ebx
            mov esi, eax
            mul dword ptr [esp+18h]
            mov ecx, eax
            mov eax, dword ptr [esp+14h]
            mul esi
            add edx, ecx
            jc 00007F1E949FDB60h
            cmp edx, dword ptr [esp+10h]
            jnbe 00007F1E949FDB5Ah
            jc 00007F1E949FDB59h
            cmp eax, dword ptr [esp+0Ch]
            jbe 00007F1E949FDB53h
            dec esi
            xor edx, edx
            mov eax, esi
            pop esi
            pop ebx
            retn 0010h
            jmp dword ptr [0044735Ch]
            mov ecx, dword ptr [ebp-0Ch]
            mov dword ptr fs:[00000000h], ecx
            pop ecx
            pop edi
            pop edi
            pop esi
            pop ebx
            mov esp, ebp
            pop ebp
            push ecx
            ret
            push eax
            push dword ptr fs:[00000000h]
            lea eax, dword ptr [esp+0Ch]
            sub esp, dword ptr [esp+0Ch]
            push ebx
            push esi
            push edi
            mov dword ptr [eax], ebp
            mov ebp, eax
            mov eax, dword ptr [0045E264h]
            xor eax, ebp
            push eax
            push dword ptr [ebp-04h]
            mov dword ptr [ebp-04h], FFFFFFFFh
            lea eax, dword ptr [ebp-0Ch]
            mov dword ptr fs:[00000000h], eax
            ret
            Programming Language:
            • [ C ] VS2015 UPD3.1 build 24215
            • [C++] VS2015 UPD3.1 build 24215
            • [RES] VS2015 UPD3 build 24213
            • [LNK] VS2015 UPD3.1 build 24215
            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x5c18c0x8c.rdata
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x9998.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x6d0000x41bc.reloc
            IMAGE_DIRECTORY_ENTRY_DEBUG0x57dd00x54.rdata
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x57e240x18.rdata
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4ec980x40.rdata
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x470000x35c.rdata
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x5bec40xc0.rdata
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x10000x4573a0x458004fa05c91df9837909c9308897697abc4False0.5174973302607914data6.558181840536306IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rdata0x470000x165360x166006f21db976db84e111b8a9175051837a7False0.4528194832402235data5.608259046281309IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .data0x5e0000x293c0x14009ac5d096966c059a4acf874c972f3c4aFalse0.2205078125data3.7592872495006473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .didat0x610000x780x2001558441f6618d0302f5395cfbe981051False0.1640625data1.06602633892955IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .tls0x620000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
            .rsrc0x630000x99980x9a002c712341edc3c88bb4747deb137316d5False0.29248681006493504data4.841559579895467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
            .reloc0x6d0000x41bc0x420073add3098de9965a7fe25ca39965b738False0.7330137310606061data6.690116030932867IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_ICON0x63c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5675675675675675
            RT_ICON0x63d300x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
            RT_ICON0x642980x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
            RT_ICON0x645800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
            RT_DIALOG0x659a00xdedata0.6891891891891891
            RT_DIALOG0x657e00xdedata0.6891891891891891
            RT_DIALOG0x658c00xdedata0.6891891891891891
            RT_DIALOG0x655400xdedataChineseTaiwan0.6891891891891891
            RT_DIALOG0x652a00xdedataEnglishUnited States0.6891891891891891
            RT_DIALOG0x653800xdedataJapaneseJapan0.6891891891891891
            RT_DIALOG0x656200xdedataKoreanNorth Korea0.6891891891891891
            RT_DIALOG0x656200xdedataKoreanSouth Korea0.6891891891891891
            RT_DIALOG0x657000xdedataRussianRussia0.6891891891891891
            RT_DIALOG0x654600xdedataChineseChina0.6891891891891891
            RT_STRING0x6b8480x158data0.5872093023255814
            RT_STRING0x695180x16edata0.5409836065573771
            RT_STRING0x6a6000x18cdata0.547979797979798
            RT_STRING0x678480x9cdataChineseTaiwan0.8782051282051282
            RT_STRING0x65a800x13adataEnglishUnited States0.5955414012738853
            RT_STRING0x668e00xd6dataJapaneseJapan0.8785046728971962
            RT_STRING0x67dc80xe6dataKoreanNorth Korea0.8130434782608695
            RT_STRING0x67dc80xe6dataKoreanSouth Korea0.8130434782608695
            RT_STRING0x686c80x13cdataRussianRussia0.6265822784810127
            RT_STRING0x672100xa2dataChineseChina0.845679012345679
            RT_STRING0x6b9a00x86edata0.3341056533827618
            RT_STRING0x696880x852data0.3032863849765258
            RT_STRING0x6a7900x918data0.30369415807560135
            RT_STRING0x678e80x242dataChineseTaiwan0.7283737024221453
            RT_STRING0x65bc00x6e4dataEnglishUnited States0.3287981859410431
            RT_STRING0x669b80x46edataJapaneseJapan0.5194003527336861
            RT_STRING0x67eb00x41adataKoreanNorth Korea0.540952380952381
            RT_STRING0x67eb00x41adataKoreanSouth Korea0.540952380952381
            RT_STRING0x688080x6f8dataRussianRussia0.367152466367713
            RT_STRING0x672b80x2dcdataChineseChina0.6229508196721312
            RT_STRING0x6c2100x788data0.33713692946058094
            RT_STRING0x69ee00x720data0.3514254385964912
            RT_STRING0x6b0a80x79edata0.3292307692307692
            RT_STRING0x67b300x298dataChineseTaiwan0.713855421686747
            RT_STRING0x662a80x634dataEnglishUnited States0.3425692695214106
            RT_STRING0x66e280x3e6dataJapaneseJapan0.5521042084168337
            RT_STRING0x682d00x3f8dataKoreanNorth Korea0.5698818897637795
            RT_STRING0x682d00x3f8dataKoreanSouth Korea0.5698818897637795
            RT_STRING0x68f000x618dataRussianRussia0.39807692307692305
            RT_STRING0x675980x2acdataChineseChina0.6564327485380117
            RT_GROUP_ICON0x64e280x3edataEnglishUnited States0.8387096774193549
            RT_VERSION0x64e680x438data0.43148148148148147
            RT_MANIFEST0x635b00x651XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4155844155844156
            DLLImport
            COMCTL32.dllInitCommonControlsEx
            KERNEL32.dllGetCurrentProcess, GetCurrentProcessId, GetExitCodeProcess, GetCurrentThreadId, CreateProcessA, GetSystemInfo, GetSystemTime, GetSystemDirectoryA, GetWindowsDirectoryA, GetVersionExA, FreeLibrary, GetModuleFileNameA, GetModuleHandleA, GetModuleHandleExA, GetProcAddress, LoadLibraryA, LocalAlloc, LocalFree, FormatMessageA, lstrcmpA, lstrlenA, CopyFileA, VerifyVersionInfoW, MultiByteToWideChar, WideCharToMultiByte, GetLocaleInfoA, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetFullPathNameA, SetDefaultDllDirectories, lstrcpynA, lstrcpyA, lstrcatA, CompareStringA, GlobalAlloc, GlobalFree, VirtualProtect, VirtualQuery, GetModuleHandleW, LoadLibraryExA, GlobalUnlock, GlobalLock, FileTimeToLocalFileTime, GetFileTime, LocalFileTimeToFileTime, SetEndOfFile, SetFilePointer, SetFileTime, GetVolumeInformationA, GetLocalTime, GetVersion, DosDateTimeToFileTime, SetVolumeLabelA, FileTimeToSystemTime, SystemTimeToFileTime, lstrcmpiA, CreateDirectoryW, GetFileAttributesExW, SetEnvironmentVariableW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, IsValidCodePage, FindFirstFileExA, GetFullPathNameW, GetCurrentDirectoryW, HeapSize, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, GetTimeZoneInformation, ReadConsoleW, ReadFile, SetFilePointerEx, GetConsoleMode, GetConsoleCP, GetACP, WriteFile, GetStdHandle, GetModuleHandleExW, ExitProcess, HeapReAlloc, SetStdHandle, WriteConsoleW, SystemTimeToTzSpecificLocalTime, PeekNamedPipe, GetFileInformationByHandle, GetDriveTypeW, GetCommandLineW, GetCommandLineA, GetFileType, CreateEventA, CreateMutexA, WaitForSingleObject, ReleaseMutex, ResetEvent, SetEvent, DeleteCriticalSection, InitializeCriticalSectionEx, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, GetProcessHeap, HeapFree, HeapAlloc, QueryPerformanceCounter, GetLastError, RaiseException, CloseHandle, DecodePointer, OutputDebugStringA, GetTempPathA, SetFileAttributesW, SetFileAttributesA, RemoveDirectoryA, GetLongPathNameA, GetFileAttributesA, FlushFileBuffers, FindNextFileA, FindFirstFileA, FindClose, DeleteFileW, DeleteFileA, CreateFileW, CreateFileA, CreateDirectoryA, VerSetConditionMask, GetDriveTypeA, LoadLibraryExW, RtlUnwind, InitializeSListHead, GetStartupInfoW, WaitForSingleObjectEx, IsProcessorFeaturePresent, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCPInfo, GetStringTypeW, GetLocaleInfoW, LCMapStringW, CompareStringW, GetSystemTimeAsFileTime, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, CreateEventW, InitializeCriticalSectionAndSpinCount, SetLastError, EncodePointer, OutputDebugStringW, IsDebuggerPresent
            USER32.dllDispatchMessageA, PeekMessageA, DefWindowProcA, DestroyWindow, ShowWindow, TranslateMessage, SetWindowTextA, GetWindowRect, GetWindowLongA, SetWindowLongA, ExitWindowsEx, CharPrevA, LoadStringA, CreateDialogParamA, LoadIconA, OemToCharA, CharNextA, wsprintfA, MsgWaitForMultipleObjects, SystemParametersInfoA, IsDialogMessageA, SetForegroundWindow, GetSystemMetrics, SetFocus, SetDlgItemTextA, GetDlgItem, MoveWindow, WaitMessage, PostMessageA, SendMessageA, MessageBoxA
            ADVAPI32.dllLookupPrivilegeValueA, SetKernelObjectSecurity, IsValidSecurityDescriptor, GetSecurityDescriptorControl, GetKernelObjectSecurity, AdjustTokenPrivileges, ConvertStringSecurityDescriptorToSecurityDescriptorA, RegQueryValueExA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegCloseKey, GetTokenInformation, GetSidSubAuthorityCount, GetSidSubAuthority, FreeSid, AllocateAndInitializeSid, OpenProcessToken
            SHELL32.dllSHGetPathFromIDListA, SHBrowseForFolderA
            ole32.dllCoTaskMemFree, CoCreateGuid, StringFromGUID2
            DescriptionData
            CompanyNameF5 Networks, Inc.
            FileDescriptionF5 Networks BIG-IP Edge Client Installer
            FileVersion7243, 2023, 0718, 0858
            InternalNamesetup.exe
            LegalCopyright 2023 F5 Networks, Inc. All rights reserved.
            LegalTrademarksBIG-IP is a registered trademark of F5 Networks, Inc.
            OriginalFilenamesetup.exe
            ProductNameBIG-IP Edge Client
            ProductVersion7243, 2023, 0718, 0858
            Build3555.0
            Translation0x0000 0x04b0
            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States
            ChineseTaiwan
            JapaneseJapan
            KoreanNorth Korea
            KoreanSouth Korea
            RussianRussia
            ChineseChina