Edit tour

Windows Analysis Report
SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Overview

General Information

Sample name:	SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
Analysis ID:	1430329
MD5:	bf33e9af43b635a47ba59405048173a6
SHA1:	191d856ce5b9a5ce5831653db15e475d301299b1
SHA256:	49f0fca0e58c3f40319fc730b3423c5b536d9308ec65fe243180a2ef22328978
Tags:	exe
Infos:

Detection

Score:	25
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Compliance

Score:	32
Range:	0 - 100

Signatures

Writes many files with high entropy

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample searches for specific file, try point organization specific fake files to the analysis machine

Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior

Process Tree

System is w10x64

SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe (PID: 6484 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe" MD5: BF33E9AF43B635A47BA59405048173A6)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UNINSTAL.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\cnwgdicp.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiicef.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiidci.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Uninstal.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UNINSTAL.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\cnwgdicp.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiicef.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiidci.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Uninstal.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Creates license or readme file

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAC.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAF.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAG.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAI.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAJ.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAO.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAP.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAR.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAS.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAU.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_C.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_E.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_F.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_G.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_I.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_J.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_K.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_P.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_R.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_S.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Spanish.txt	Jump to behavior

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static PE information: certificate valid

Binary contains paths to debug symbols

Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_x64\UninsUIR.pdb source: UninsUIR.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_x64\UninsUII.pdb source: UninsUII.dll.0.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_x64\SetupUIJ.pdb! source: SetupUIJ.dll.0.dr
Source:	Binary string: c:\workspace_source\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresjp\release_x64\UninsUIJ.pdb source: UninsUIJ.dll.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x64\Heidi\bin\i386\Release64\cnwgdi9.pdb0 source: cnwgdi9.hdi0.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_x64\SetupUIC.pdb source: SetupUIC.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResKO\Release_x64\SetupUIO.pdb! source: SetupUIO.dll.0.dr
Source:	Binary string: c:\workspace_source\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresjp\release_x64\UninsUIJ.pdb! source: UninsUIJ.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresko\release_x64\UninsUIO.pdb source: UninsUIO.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_x64\UninsUIR.pdb! source: UninsUIR.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResGR\Release_x64\SetupUIG.pdb source: SetupUIG.dll.0.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\SetupResRU\Release_x64\SetupUIR.pdb source: SetupUIR.dll.0.dr
Source:	Binary string: c:\source\drv\win\OptimizedDriver\V1.13\_Installer\bin\x64\release\Setup.pdb source: Setup.exe0.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_x64\SetupUIS.pdb source: SetupUIS.dll.0.dr
Source:	Binary string: E:\DrvSrc\savesetting\FileSucceedPlus\Release\cnwiicef.pdb source: cnwiicef.exe.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2010\x64\Heidi\bin\i386\Release64\cnwgdi10.pdb source: cnwgdi10.hdi.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_x64\UninsUII.pdb! source: UninsUII.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_x64\SetupUIC.pdb! source: SetupUIC.dll.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2011\x64\Heidi\bin\i386\Release64\cnwgdi10.pdb source: cnwgdi10.hdi0.0.dr
Source:	Binary string: c:\source\drv\win\optimizeddriver\v1.13\_installer\bin\x64\release\cnwgdicp.pdb source: cnwgdicp.exe.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x64\Heidi\bin\i386\Release64\cnwgdi9.pdb source: cnwgdi9.hdi0.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResFR\Release_x64\SetupUIF.pdb! source: SetupUIF.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresgr\release_x64\UninsUIG.pdb! source: UninsUIG.dll.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2013\x64\Heidi\bin\i386\Release64\cnwgdi11.pdb source: cnwgdi11.hdi.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresgr\release_x64\UninsUIG.pdb source: UninsUIG.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResKO\Release_x64\SetupUIO.pdb source: SetupUIO.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResGR\Release_x64\SetupUIG.pdb! source: SetupUIG.dll.0.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\SetupResRU\Release_x64\SetupUIR.pdb! source: SetupUIR.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResFR\Release_x64\SetupUIF.pdb source: SetupUIF.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresko\release_x64\UninsUIO.pdb! source: UninsUIO.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_x64\SetupUIS.pdb! source: SetupUIS.dll.0.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_x64\SetupUIJ.pdb source: SetupUIJ.dll.0.dr

Spreading

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\	Jump to behavior

Networking

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, cnwgdicp.exe.0.dr, cnwiidci.exe.0.dr, Setup.exe0.0.dr, cnwiicef.exe.0.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, cnwgdicp.exe.0.dr, cnwiidci.exe.0.dr, Setup.exe0.0.dr, cnwiicef.exe.0.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, cnwgdicp.exe.0.dr, cnwiidci.exe.0.dr, Setup.exe0.0.dr, cnwiicef.exe.0.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, cnwgdicp.exe.0.dr, cnwiidci.exe.0.dr, Setup.exe0.0.dr, cnwiicef.exe.0.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, cnwgdicp.exe.0.dr, cnwiidci.exe.0.dr, Setup.exe0.0.dr, cnwiicef.exe.0.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	String found in binary or memory: http://www.winzip.com

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\6WW77JM.cat

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data1.cab entropy: 7.99898791615	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data2.cab entropy: 7.9984126627	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_satinphotopaper170gsm.ic_ entropy: 7.99661565766	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg170.ic_ entropy: 7.99730308238	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg255.ic_ entropy: 7.99628257576	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw407.dl_ entropy: 7.99943106031	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw409.dl_ entropy: 7.99944072402	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw40a.dl_ entropy: 7.99914425237	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw40c.dl_ entropy: 7.99916240347	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw410.dl_ entropy: 7.99933030161	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw411.dl_ entropy: 7.99951897894	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw412.dl_ entropy: 7.99930329156	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\aussdrv.dl_ entropy: 7.9974478539	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_glossyphotopaper170gsm.ic_ entropy: 7.99696080557	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_glossyphotopaperhg170.ic_ entropy: 7.99750379964	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_glossyphotopaperhg255.ic_ entropy: 7.99631361308	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_photopaperplussemi-gloss.ic_ entropy: 7.99655226464	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_premiumglossypaper2-280.ic_ entropy: 7.99675445331	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_premiumsemiglossypaper2-280.ic_ entropy: 7.99654459165	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw416.dl_ entropy: 7.99920039201	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw419.dl_ entropy: 7.99917828868	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw804.dl_ entropy: 7.99937609153	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ac.ch_ entropy: 7.99905966223	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15af.ch_ entropy: 7.99898735292	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ag.ch_ entropy: 7.99892123794	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ai.ch_ entropy: 7.99880867066	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15aj.ch_ entropy: 7.99896393661	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ao.ch_ entropy: 7.99859875631	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ap.ch_ entropy: 7.99888599007	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ar.ch_ entropy: 7.99893916265	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15as.ch_ entropy: 7.99880078106	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15au.ch_ entropy: 7.99888576809	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwfcgco.dl_ entropy: 7.99900564919	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwfdpkj.dl_ entropy: 7.9940712204	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwfdpkk.dl_ entropy: 7.9940712204	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwiosif.dl_ entropy: 7.99517265543	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwiwebi.dl_ entropy: 7.99487134338	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwm.dl_ entropy: 7.99936161116	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\CAB1.CAB entropy: 7.99398555339	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwmui.dl_ entropy: 7.99938918869	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwp0rsw.dl_ entropy: 7.99881762311	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvprev.ex_ entropy: 7.99858360274	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr407.dl_ entropy: 7.99455920082	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr409.dl_ entropy: 7.99564353439	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr40a.dl_ entropy: 7.99442002316	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr40c.dl_ entropy: 7.99489722329	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr410.dl_ entropy: 7.99482206189	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr411.dl_ entropy: 7.99476451184	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr412.dl_ entropy: 7.99298039245	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr416.dl_ entropy: 7.99509478163	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr419.dl_ entropy: 7.99450790363	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr804.dl_ entropy: 7.99207848547	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnww77jm.ci_ entropy: 7.99738783352	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10dw1.ex_ entropy: 7.99905370756	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10ew1.dl_ entropy: 7.99909716579	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10qw1.ex_ entropy: 7.99906969877	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10sw1.dl_ entropy: 7.99180585797	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10vw1.ex_ entropy: 7.99910846206	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1csw1.ch_ entropy: 7.99113453055	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1csw1.dl_ entropy: 7.99334964029	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1dew1.dl_ entropy: 7.99375421523	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1esw1.dl_ entropy: 7.99404144267	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1frw1.dl_ entropy: 7.99325326515	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1itw1.dl_ entropy: 7.99419318671	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1jpw1.ch_ entropy: 7.99083568923	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1jpw1.dl_ entropy: 7.99339891439	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1krw1.dl_ entropy: 7.99262384732	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1ruw1.ch_ entropy: 7.99000288079	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1ruw1.dl_ entropy: 7.99358282694	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1usw1.dl_ entropy: 7.9943613279	Jump to dropped file

System Summary

PE file contains executable resources (Code or Archives)

Source: SetupUIG.dll.0.dr

Static PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped

PE file does not import any functions

Source: MUI.dll.0.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus25.rans.winEXE@1/222@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491

Jump to behavior

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

File written: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\UninstFiles.ini

Jump to behavior

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static PE information: certificate valid

Submission file is bigger than most known malware samples

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static file information: File size 48111280 > 1048576

PE file has a big raw section

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static PE information: Raw size of _winzip_ is bigger than: 0x100000 < 0x2dbd000

Binary contains paths to debug symbols

Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_x64\UninsUIR.pdb source: UninsUIR.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_x64\UninsUII.pdb source: UninsUII.dll.0.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_x64\SetupUIJ.pdb! source: SetupUIJ.dll.0.dr
Source:	Binary string: c:\workspace_source\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresjp\release_x64\UninsUIJ.pdb source: UninsUIJ.dll.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x64\Heidi\bin\i386\Release64\cnwgdi9.pdb0 source: cnwgdi9.hdi0.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_x64\SetupUIC.pdb source: SetupUIC.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResKO\Release_x64\SetupUIO.pdb! source: SetupUIO.dll.0.dr
Source:	Binary string: c:\workspace_source\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresjp\release_x64\UninsUIJ.pdb! source: UninsUIJ.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresko\release_x64\UninsUIO.pdb source: UninsUIO.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_x64\UninsUIR.pdb! source: UninsUIR.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResGR\Release_x64\SetupUIG.pdb source: SetupUIG.dll.0.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\SetupResRU\Release_x64\SetupUIR.pdb source: SetupUIR.dll.0.dr
Source:	Binary string: c:\source\drv\win\OptimizedDriver\V1.13\_Installer\bin\x64\release\Setup.pdb source: Setup.exe0.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_x64\SetupUIS.pdb source: SetupUIS.dll.0.dr
Source:	Binary string: E:\DrvSrc\savesetting\FileSucceedPlus\Release\cnwiicef.pdb source: cnwiicef.exe.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2010\x64\Heidi\bin\i386\Release64\cnwgdi10.pdb source: cnwgdi10.hdi.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_x64\UninsUII.pdb! source: UninsUII.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_x64\SetupUIC.pdb! source: SetupUIC.dll.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2011\x64\Heidi\bin\i386\Release64\cnwgdi10.pdb source: cnwgdi10.hdi0.0.dr
Source:	Binary string: c:\source\drv\win\optimizeddriver\v1.13\_installer\bin\x64\release\cnwgdicp.pdb source: cnwgdicp.exe.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x64\Heidi\bin\i386\Release64\cnwgdi9.pdb source: cnwgdi9.hdi0.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResFR\Release_x64\SetupUIF.pdb! source: SetupUIF.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresgr\release_x64\UninsUIG.pdb! source: UninsUIG.dll.0.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2013\x64\Heidi\bin\i386\Release64\cnwgdi11.pdb source: cnwgdi11.hdi.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresgr\release_x64\UninsUIG.pdb source: UninsUIG.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResKO\Release_x64\SetupUIO.pdb source: SetupUIO.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResGR\Release_x64\SetupUIG.pdb! source: SetupUIG.dll.0.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\SetupResRU\Release_x64\SetupUIR.pdb! source: SetupUIR.dll.0.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResFR\Release_x64\SetupUIF.pdb source: SetupUIF.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresko\release_x64\UninsUIO.pdb! source: UninsUIO.dll.0.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_x64\SetupUIS.pdb! source: SetupUIS.dll.0.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_x64\SetupUIJ.pdb source: SetupUIJ.dll.0.dr

Data Obfuscation

PE file contains sections with non-standard names

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Static PE information: section name: _winzip_

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UNINSTAL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\cnwgdicp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\MUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Uninstal.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\cnwdsck6.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\instpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\CNWIDSCK.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\InsCmn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiicef.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiidci.exe	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file

Creates license or readme file

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAC.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAF.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAG.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAI.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAJ.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAO.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAP.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAR.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAS.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAU.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_C.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_E.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_F.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_G.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_I.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_J.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_K.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_P.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_R.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_S.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Spanish.txt	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\cnwgdicp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UNINSTAL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\MUI.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Uninstal.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\cnwdsck6.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\instpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\CNWIDSCK.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\InsCmn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiicef.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiidci.exe	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\	Jump to behavior

Source: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, cnwfcgco.dl_.0.dr

Binary or memory string: eMqeMUa}mq

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Search Order Hijacking	1 DLL Search Order Hijacking	1 DLL Side-Loading	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	Data from Removable Media	Junk Data	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Search Order Hijacking	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Steganography	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiicef.exe	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiidci.exe	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\instpack.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\MUI.dll	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Setup.exe	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\CNWIDSCK.dll	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\cnwdsck6.dll	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\InsCmn.dll	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIC.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIF.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIG.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUII.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIJ.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIO.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIP.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIR.dll	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIS.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIU.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UNINSTAL.exe	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIC.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIF.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIG.dll	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUII.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIJ.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIO.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIP.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIR.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIS.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIU.dll	2%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\100\cnwgdi10.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\101\cnwgdi10.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\102\cnwgdi10.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\110\cnwgdi11.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\111\cnwgdi11.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\120\cnwgdi12.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\91\cnwgdi9.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\92\cnwgdi9.hdi	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Setup.exe	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Uninstal.exe	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\cnwgdicp.exe	0%	ReversingLabs
C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Setup.exe	0%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://ocsp.thawte.com0	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.winzip.com	SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, cnwgdicp.exe.0.dr, cnwiidci.exe.0.dr, Setup.exe0.0.dr, cnwiicef.exe.0.dr	false		high
http://ocsp.thawte.com0	SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2223962252.00000000034DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224586915.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe, 00000000.00000003.2224397071.00000000033D3000.00000004.00000020.00020000.00000000.sdmp, cnwgdicp.exe.0.dr, cnwiidci.exe.0.dr, Setup.exe0.0.dr, cnwiicef.exe.0.dr	false	URL Reputation: safe	unknown

World Map of Contacted IPs

⊘No contacted IP infos

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430329
Start date and time:	2024-04-23 14:39:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
Detection:	SUS
Classification:	sus25.rans.winEXE@1/222@0/0
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
VT rate limit hit for: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\CHECKSUM

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	12820
Entropy (8bit):	5.284127309515397
Encrypted:	false
SSDEEP:	384:Q17rG0HGNJP5OKJhQMTS67c6h6KY66nZD:MQiYLCnZD
MD5:	2CDB6FE5E62661CE8D7F164B5073095D
SHA1:	02F73D10BD022906A8610E4D4B7F43825CB1FC39
SHA-256:	5DD1DC5397ACD7E7BF0B302E3F179010247FAA483FF3A80A119C1930FDC21B29
SHA-512:	9CAB867CE94B514BF0AEE87F11FC889CEED1B20F44A7DCEDC18682C727DB010C4BC8C078DB7F9015181A6DDA03AB0FE030C811E826DB0208C73F3F3A637BC835
Malicious:	false
Reputation:	low
Preview:	CHECKSUM.--------------------------------..Driver/6WW77JM.INF.c6aba6269058fb46a709d7d533a299b6..Driver/6WW77JM.cat.28a203339d22ac3fd626880cb9763beb..Driver/License_Chinese_Simplified.txt.84f1a3414fc5e59a01d1371b60762473..Driver/License_English.txt.21b4826b9a788654bd3e176c0ea03e79..Driver/License_French.txt.7068743bbc999414a3f49531d493b0fc..Driver/License_German.txt.24b0a301a2e3c0884beb4d29de7c73e5..Driver/License_Italian.txt.330adc5b9e5ea76442e580ae5ac6e513..Driver/License_Japanese.txt.6f37bcb885cb45b3514f2223928d425d..Driver/License_Korean.txt.3063f7e7ba5d993f5e7fdf53825c7e22..Driver/License_Portuguese.txt.f04fc57019b68468e9715f9dd05e8edd..Driver/License_Russian.txt.e2e0d0918d3cf3c97df5a29e0978b669..Driver/License_Spanish.txt.6f72b77e2faba49a63d77c62b3b6f339..Driver/ReadMe_Chinese_Simplified.txt.01f63cb9e6d8cfbb53511bf8952e0b6f..Driver/ReadMe_English.txt.849307d04d42ffa00da4b9bf6419d1ec..Driver/ReadMe_French.txt.8b2d008769470224c705d9a9d4c9d83b..Driver/ReadMe_German.txt.0d60494a2c7d64

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\6WW77JM.INF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Windows setup INFormation
Category:	dropped
Size (bytes):	6884
Entropy (8bit):	5.473895041716401
Encrypted:	false
SSDEEP:	192:4fSb5AG4csGvsTc9UOfFcP+/6jhuQPUKs97Kdpk7Llp:AS90cHsTc9zfFcP+/6ljPUKIWeLlp
MD5:	C6ABA6269058FB46A709D7D533A299B6
SHA1:	9806389D126E93FA3C694E793F717A4163786432
SHA-256:	9C6E5F9C6AE2AAB3CD84EB9971AB07A5FA3AAF0C5A63A49C26897E4E51F270FE
SHA-512:	76F77F0FA842C613A2E7EE804725C6C1CC83B43C358764A012DDCE2873B27D328D442B59C246A85AB812A3219674741B874AAB302670CE878A0DE136F0677334
Malicious:	false
Reputation:	low
Preview:	; Canon imagePROGRAF Printer Driver 2015 INF for Microsoft Windows (x64)....; Copyright CANON INC. 2000-2015..; 6WW77JM.INF (CD-ROM Release) for CCD3....[Version]..Signature="$Windows NT$"..Provider=%CANON%..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Class=Printer..DriverVer=09/16/2014,4.91.0.0..CatalogFile=6WW77JM.CAT....[Manufacturer]..%CANON%=Canon,NTamd64,NTamd64.6.0....;..; for 64-bit x64..;..[Canon.NTamd64].."Canon iPF770" = iPF770,USBPRINT\CanoniPF7701D5F,CanoniPF770...."Canon iPF771" = iPF771,USBPRINT\CanoniPF771DD9E,CanoniPF771....;..; for Windows Vista..;..[Canon.NTamd64.6.0].."Canon iPF770" = iPF770,USBPRINT\CanoniPF7701D5F,CanoniPF770...."Canon iPF771" = iPF771,USBPRINT\CanoniPF771DD9E,CanoniPF771...."Canon iPF770" = iPF770,WSDPRINT\CanoniPF7701D5F,CanoniPF770...."Canon iPF771" = iPF771,WSDPRINT\CanoniPF771DD9E,CanoniPF771....;..; for 32-bit x86..;..[Canon].."Canon iPF770" = iPF770,USBPRINT\CanoniPF7701D5F,CanoniPF770...."Canon iPF771" = iPF771,USBPRINT\CanoniPF771DD

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\6WW77JM.cat

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	data
Category:	dropped
Size (bytes):	43380
Entropy (8bit):	5.517491808595263
Encrypted:	false
SSDEEP:	384:NJkucBig1mR3ICCuRC5jB9iBW2hgsneeqsBZMCEUrHUzbsfxT19nKsQhobN89Jrk:EvVAW/k8d4uctEKXT3SzK
MD5:	28A203339D22AC3FD626880CB9763BEB
SHA1:	64801979D6EB8F72A50D11E4C87365FD05D634F6
SHA-256:	EF4B9276552D39862FCF4433E78334E031D3F8585B016D60078B2B1A9A5F4689
SHA-512:	13CE5D0AA9AF897189C5E896A5DF606BD6187359AB47480D1BB006F66C5FFDD7243F648169032C127CF0BCE304017EB4BAF883427665BB9908DBF108E8783171
Malicious:	false
Reputation:	low
Preview:	0..p..*.H.........a0..]...1.0...+......0..0..+.....7.....!0...0...+.....7.......3...@..%..."..140929075859Z0...+.....7.....0...0....R0.4.C.E.9.D.D.0.6.3.2.3.8.8.3.4.D.5.3.0.F.1.D.3.8.A.8.C.8.6.1.7.A.B.0.2.4.1.D.F...1..O0<..+.....7...1.0,...F.i.l.e........c.n.w.a.1.5.a.s...c.h.m...0E..+.....7...17050...+.....7.......0!0...+...........c#.4.0.......A.0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0....R0.9.C.3.3.0.1.8.E.D.A.3.F.3.B.0.1.6.F.5.6.7.0.B.7.C.F.0.9.9.8.C.F.4.B.E.F.A.5.4...1..W0<..+.....7...1.0,...F.i.l.e........c.p.c.1.0.d.w.1...e.x.e...0M..+.....7...1?0=0...+.....7...0...........0!0...+..........0.....g.\|....T0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0d..+.....7...1V0T...O.S.A.t.t.r.......>2.:.5...0.0.,.2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0....R1.3

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Chinese_Simplified.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ISO-8859 text, with very long lines (556), with CRLF line terminators
Category:	dropped
Size (bytes):	3859
Entropy (8bit):	6.542476018506035
Encrypted:	false
SSDEEP:	96:4C05TMCfK3bogUDhs0yuQna1fF8yCXy0Oxc5a2MgT8mqRVO4DcwX:gTMgK30gAe0yuQcfCXFNqP5vX
MD5:	84F1A3414FC5E59A01D1371B60762473
SHA1:	ABC50BB4BDD4F73243B8DEE900BA29547AA44115
SHA-256:	7D6E59098345CE6DEDB10C9AE587E238BE5C8FFB79F5FB73A2B5A8FE69B6E759
SHA-512:	1AB04DC9809A25FB19C17D674893F4B5C4665D3695321F2DE113CDB4BA3BB846C4FA29D850DF5CFCE1F199110D32DE1E1D426DAB63A66D32E893797F37E0A209
Malicious:	false
Reputation:	low
Preview:	..................................................................................................................................................................................................................................................................................................1. .........................................................................................................................................LAN......................................................................................................LAN...................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_English.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ASCII text, with very long lines (993), with CRLF line terminators
Category:	dropped
Size (bytes):	6484
Entropy (8bit):	5.142001411707478
Encrypted:	false
SSDEEP:	192:zhNzPMpOBwZLZ3fUbz9Sff/WdfbC9SDCyNqP0qHMcm:tdk+WOM/WdCyIMcm
MD5:	21B4826B9A788654BD3E176C0EA03E79
SHA1:	444E221C3363AC9EE4CF6F055B8734677BFAB40A
SHA-256:	A8F4168AC82D20208ACF0E438E4F8BE699C917B80F16569AFF88FDD463D12CE0
SHA-512:	7A182A11CF04EBD83426742D943AAC7E4014558DF1924DA0E23454EF77DEB8E99EEA3AAAF80E11E9F66B4A8D385F6864FDEFE239F1BF3B8F6887827726EEE3FA
Malicious:	false
Reputation:	low
Preview:	CANON SOFTWARE LICENSE AGREEMENT....IMPORTANT-READ THIS AGREEMENT BEFORE INSTALLING THE SOFTWARE!....This legal document is a license agreement between you and Canon Inc. ("Canon") governing your use of the software and the online or electric manual (collectively, the "SOFTWARE"). BY INSTALLING THE SOFTWARE, YOU ARE DEEMED TO HAVE AGREED TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY CLOSE THIS INSTALLATION PROGRAM AND DO NOT INSTALL THE SOFTWARE.....In consideration of the right to use the SOFTWARE, you agree to abide by the terms and conditions of this Agreement.....1. GRANT OF LICENSE AND RESTRICTIONS: You may use ("use" shall mean storing, loading, installing, executing, or displaying) the SOFTWARE on your computer solely for the use with Canon's inkjet printer ("PRINTER")...You may allow other users of other computers connected by way of a network to the PRINTER in a multiple computer arrangement (the "LAN Users") to use th

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_French.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Non-ISO extended-ASCII text, with very long lines (1165), with CRLF line terminators
Category:	dropped
Size (bytes):	7633
Entropy (8bit):	5.093263497659427
Encrypted:	false
SSDEEP:	192:qwHYRl67SMYN+/ngTtmWh8DB+WaYNqPix3o:xHFlnGtmN+WaYNx3o
MD5:	7068743BBC999414A3F49531D493B0FC
SHA1:	A27387EB27DDEAED59ACE6814D69E28201C13A7B
SHA-256:	46D37C4535B316B69A524CC7ED68F78193F921799D7248CC64B9F4C679048EAD
SHA-512:	97FA0AFB0BA97FF1C0C89DA331C9430D768D9EC15FE5E108419C1A4075B12AC9BC5A5A1B019A8D252C693DEF43B7B92840DDB22AA3058BEB9F9B968F1CAB760E
Malicious:	false
Reputation:	low
Preview:	CONTRAT DE LICENCE DE LOGICIEL DE CANON....IMPORTANT - NE PAS OUBLIER DE LIRE CE CONTRAT AVANT D'INSTALLER LE LOGICIEL!....Ce document juridique est un contrat de licence .tabli entre vous et la firme Canon Inc. (d.sign.e par "Canon") r.gissant votre utilisation du logiciel et du manuel en ligne ou .lectrique (collectivement d.sign. par le "LOGICIEL"). EN INSTALLANT LE LOGICIEL, IL EST CONSID.R. QUE VOUS ACCEPTEZ D'.TRE LI. PAR LES CONDITIONS DE CE CONTRAT. EN CAS DE D.SACCORD AVEC LES CONDITIONS DE CE CONTRAT, FERMER SANS ATTENDRE CE PROGRAMME D'INSTALLATION ET NE PAS INSTALLER LE LOGICIEL.....En consid.ration des droits d'utilisation du LOGICIEL, vous acceptez de respecter les modalit.s et les conditions de ce Contrat.....1. CONCESSION DE LICENCE ET RESTRICTIONS: Vous pouvez utiliser (le terme "utiliser" signifiera stocker, charger, installer, ex.cuter ou afficher) le LOGICIEL sur votre ordinateur uniquement . des fins d'usage avec une imprimante . jet d'encre Canon ("IMPRIMANTE")...

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_German.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ISO-8859 text, with very long lines (1154), with CRLF line terminators
Category:	dropped
Size (bytes):	7359
Entropy (8bit):	5.190750765780741
Encrypted:	false
SSDEEP:	96:7bY7gWJSRdQllh3dC3dn4QX+lj3SNLOUGlsFvl3gwPb4rjDUqsnwFGMgT8mqRVew:25J+e23zX+lj3eLO5lsFvlwQaGNqPII
MD5:	24B0A301A2E3C0884BEB4D29DE7C73E5
SHA1:	83A69FAB2D1BF97FE56F5D933D2D5DE80EF4E566
SHA-256:	BDBF04A18A4888746C15466093FAFCA9915CDCEC9CCDF39DB3A3EF45577CC246
SHA-512:	72B9BED22CDE9C2C5196275B75E1C9A2D9A1F027F1A75D938FFF40BB37BBB88376878D3C2DADB2903F0C1B1086273DE7622880581F7859C4D4D09D190CA2D664
Malicious:	false
Reputation:	low
Preview:	CANON SOFTWARE-LIZENZVEREINBARUNG....WICHTIG - LESEN SIE DIESE VEREINBARUNG VOR DER INSTALLATION DER SOFTWARE!....Dieses juristische Dokument ist eine Lizenzvereinbarung zwischen Ihnen und Canon Inc. ("Canon") bez.glich Ihrer Verwendung der Software und der in elektronischer Form vorhandenen Anleitungen (hier gemeinsam als "SOFTWARE" bezeichnet). MIT DER INSTALLATION DER SOFTWARE STIMMEN SIE DEN BEDINGUNGEN DIESER VEREINBARUNG ZU UND SIND AN DIESE GEBUNDEN. WENN SIE DEN BEDINGUNGEN DIESER VEREINBARUNG NICHT ZUSTIMMEN, BEENDEN SIE DAS INSTALLATIONSPROGRAMM SOFORT UND INSTALLIEREN SIE DIESE SOFTWARE NICHT.....Im Rahmen des Rechts zur Verwendung der SOFTWARE verpflichten Sie sich, die Bedingungen und Konditionen dieser Vereinbarung zu befolgen.....1. ERTEILUNG DER LIZENZ UND RESTRIKTIONEN: Wie k.nnen die SOFTWARE auf Ihrem Computer nur zur Verwendung mit dem Canon-Tintenstrahldrucker (im Folgenden "DRUCKER" genannt) benutzen (mit "benutzen" ist hier das Speichern, Laden, Installieren, Aus

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Italian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Non-ISO extended-ASCII text, with very long lines (1028), with CRLF line terminators
Category:	dropped
Size (bytes):	7140
Entropy (8bit):	5.0602238198316964
Encrypted:	false
SSDEEP:	96:abzvkcOELZ4pOtGmILkOucjUSzEng8eqxQPJeqReT83cQCGpuFvycJjMgT8mqRVw:aMlE8OdZOuTSWe3PJeKsWuFVFNqPSKVS
MD5:	330ADC5B9E5EA76442E580AE5AC6E513
SHA1:	9DF46F24FBEF8F4E65E1AF0DDADAE9A2253A3375
SHA-256:	05196C4D38C4AAF9C78A48D4C48F2F31FBFF3D29B9BD046B59D8CEB5AD895DE2
SHA-512:	FEC3E86D03EF3FB1A68C23C181002B554FAAE887A370E95CB3CE37E5F5E67D31FF8EAAABD32BC135C1B9496DD547154EBF74D9C9F5D22CFF594C9A7687DBF054
Malicious:	false
Reputation:	low
Preview:	CONTRATTO DI LICENZA DEL SOFTWARE CANON....IMPORTANTE-LEGGERE IL PRESENTE CONTRATTO PRIMA DI INSTALLARE IL SOFTWARE!....Il presente documento legale costituisce un contratto di licenza tra l.utente e la Canon Inc. ("Canon") regolante l.utilizzo del software e del manuale online o elettronico (nel loro insieme, il "SOFTWARE"). INSTALLANDO IL SOFTWARE, L.UTENTE ACCETTA DI ESSERE VINCOLATO DALLE CONDIZIONI DEL PRESENTE CONTRATTO. QUALORA L.UTENTE NON ACCETTI LE CONDIZIONI DEL PRESENTE CONTRATTO, DEVE IMMEDIATAMENTE TERMINARE IL PROGRAMMA D.INSTALLAZIONE E NON INSTALLARE IL SOFTWARE.....In considerazione del diritto di utilizzo del SOFTWARE, l.utente si impegna a rispettare i termini e le condizioni del presente Contratto. ....1. CONCESSIONE DELLA LICENZA E RESTRIZIONI: L.utente pu. utilizzare (il termine "utilizzare" include memorizzare, caricare, installare, eseguire o visualizzare) il SOFTWARE sul proprio computer esclusivamente per l.utilizzo con la stampante inkjet Canon ("STAMPANTE")

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Japanese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Non-ISO extended-ASCII text, with very long lines (518), with CRLF, NEL line terminators
Category:	dropped
Size (bytes):	4920
Entropy (8bit):	6.081092070443856
Encrypted:	false
SSDEEP:	96:PR90kLMLRucvzXof0YSFrFbuql6CNJ+EqLMjMwbqfyolLjMgTMmMRVzC/:k1LRuIXoIRF3l6iJ+EqLMjZqLVMPzC/
MD5:	6F37BCB885CB45B3514F2223928D425D
SHA1:	75ACD8492ED79D0A7CC99321F8B8DFE8AB3E2593
SHA-256:	B8F1865A7F6AC2D63ADB7858D30C8C71FE5CEC2163F57B8FB8C92B624E08724F
SHA-512:	62B85B8EB24595FE7120012E0DCCA44F5B821254EA3E0BF33F23DDBC58C58E22331E1CC77534E21556CC74B4685C88F12D14D30A29218F192B8CE045FB5B2B6F
Malicious:	false
Reputation:	low
Preview:	.\.t.g.E.F.A.g.p....._.......{.\.t.g.E.F.A.....g.p....O..A........................B......_...A...q.l..A.L...m.........i....L...m...........j....._.....B...L...m....A...q.l.....A.{._..............\.t.g.E.F.A.i.e.}.j...A.......A..............u.{.\.t.g.E.F.A.v.........j.....I.g.p.......L................A...q.l.....L............................B.....q.l..A.u.{.\.t.g.E.F.A.v..C...X.g.[..........A...._...................B.....q.l......_................A...g.p.E.C...X.g.[.......A......u.{.\.t.g.E.F.A.v..j............B.....P.D.g.p........(1) ...q.l..A.u.{.\.t.g.E.F.A.v...A.L...m....C...N.W.F.b.g.v.....^.i.....v.....^..........j.........l.b.g...[.N................R...s...[.^.............g.p.i.u.g.p.v...A.u.....\.t.g.E.F.A.v...R...s...[.^..L...}....C...X.g.[........A.....R...s...[.^.......\........A.A.N.Z.X......A...o......A..........s.....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Korean.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ISO-8859 text, with very long lines (530), with CRLF line terminators
Category:	dropped
Size (bytes):	5469
Entropy (8bit):	5.924335864080618
Encrypted:	false
SSDEEP:	96:5W8eAXGYlIyOLaL5EJstTHQg+4Ed92MUfuXJrOeqlaPCj8MMgT8mqRVAsDK2pA:3jKJat/7hg5FuvNqPTpA
MD5:	3063F7E7BA5D993F5E7FDF53825C7E22
SHA1:	C272289AC23876E76DC4D9BA79C6C6FF91C8E22D
SHA-256:	2311CFE6E11A4BFD25ED02A03A29076BED4416B870B732AC118973097F67591C
SHA-512:	6BBB715D46D598862B8A05290E60F373B5ED41496FA7E5B52F4C8D94D4E828D8EE70E58646B63F6A7883D4ED6A04D563117B75E9704C445568FB24C54051930B
Malicious:	false
Reputation:	low
Preview:	CANON ......... ....... .......... - ......... ...... .... .. ..... ...... ........!...... .... ...... .......... ..... ... .... ..... (... "........." ... ....) .. ... .... ...... Canon Inc. ("Canon" .... ....) ...... ....... ........ ......... ...... .. ..... ... ..... ....... ...... ......... .. ..... ..... ........ ...... ... ... ........ ... ......... ....... .................... ... ..... ..... ...... .. ..... ..... ..... ....... ...... .............1. ....... .... .. .. .... ....: ...... Canon ..... ......("......" ... ....) ..... ... .... ..... .......... ......... ... ("..." ... ...., ..., ..., .... ... ... .... .....).. .. ............... .... ...... ...... ...... ...... ........ .... ....... ..... ... ....... ... ..... ("LAN ....." ... ....) .. .. ......... ........ .... .. ....... .. ...... ... LAN ...... .. ..... ...... ......, ......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Portuguese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ISO-8859 text, with very long lines (996), with CRLF line terminators
Category:	dropped
Size (bytes):	6709
Entropy (8bit):	5.17818728858314
Encrypted:	false
SSDEEP:	192:76MCx1dO9Pz/ZKusjDEbFMUGem6AIyVsPiluzsS:eMc1duPz/9bqUbm1Iy7S
MD5:	F04FC57019B68468E9715F9DD05E8EDD
SHA1:	0E49CD41477E229DA83AEF50700C2B3F7612F85A
SHA-256:	02BF92B1BB0780C4B8BD427F111DA94E752DCE31DB33364EDCD219AD50167B92
SHA-512:	07D6F00A5B4BE14306669A5CCE61B2296510B8D2860FC7F4C75E8A2CC599E425C688FC5B76CE1F603D216AD9A51D2B6181A24E3A153273EC3DEBECE5D6449D60
Malicious:	false
Reputation:	low
Preview:	CONTRATO DE LICEN.A DO SOFTWARE CANON....IMPORTANTE-LEIA ESTE CONTRATO ANTES DE INSTALAR O SOFTWARE! ....Este documento legal . um contrato de licen.a entre voc. e a Canon Inc. ("Canon") que rege sua utiliza..o do software e o manual online ou eletr.nico (coletivamente o "SOFTWARE"). AO INSTALAR O SOFTWARE, CONSIDERAMOS QUE VOC. CONCORDOU EM SEGUIR OS TERMOS DESTE CONTRATO. SE N.O CONCORDAR COM OS TERMOS DESTE CONTRATO, FECHE IMEDIATAMENTE ESTE PROGRAMA DE INSTALA..O E N.O INSTALE O SOFTWARE.....Em considera..o ao direito de usar o SOFTWARE, voc. concorda em cumprir os termos e condi..es deste Contrato.....1. CONCESS.O DE LICEN.A E RESTRI..ES: Voc. pode utilizar ("utilizar" significa armazenar, carregar, instalar, executar ou exibir) o SOFTWARE em seu computador somente para utiliza..o com a impressora jato de tinta da Canon ("IMPRESSORA")...Voc. pode permitir que outros usu.rios de outros computadores conectados . IMPRESSORA por meio de uma rede em um local com v.rios computadores

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Russian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ISO-8859 text, with very long lines (1182), with CRLF line terminators
Category:	dropped
Size (bytes):	7798
Entropy (8bit):	5.687989292227232
Encrypted:	false
SSDEEP:	192:UrpQ42CnyAZmuJxnkbkM+IebBk1WYhvV5DjCfzCfVsP9s5lbe:b6hMlAILfi
MD5:	E2E0D0918D3CF3C97DF5A29E0978B669
SHA1:	9D2C3D4EB62606E101536D6100992DF2DCB06902
SHA-256:	48CE910355DC327EA22B4E01A023B82AE6922EAB0021824C7D36486EF1820B4E
SHA-512:	09098A8182B8412493628C038A8AC3FB81212CCEADBB01C2E660A6CEC48A215FD93BFB43DBED2AEB6214172E62E9DCEC996EF6E705BCA7E4D0C1116B7FDAC55F
Malicious:	false
Reputation:	low
Preview:	........ .. ........... ........... CANON.........: ........ ... .......... ..... .......... ............ ...........!........ ........ ........ ........ ............ ........... ..... .... . ........... Canon Inc. ("Canon"), ............ ............. .... ..... ............ ..........., . ..... ............. . ........... .......... (......... .......... "........... ............"). .............., ..., ............ ... ........... ..........., .. ............. .... ........ .... ......... ......... ..... ........... .... .. .. ........ . ......... .......... .........., ..... ........ ... ......... ......... . .. .............. ... ........... ........................ ....... ............ ... ........... ..........., .. ............ . .............. ......... ......... . ....... ....... ...............1. ......... ........ . ...........: .. ...... ............ (... ........ "............" ..........: ...... .. ...., ........, ........., .......... ... ...........) ... ........... ..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Spanish.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ISO-8859 text, with very long lines (1087), with CRLF line terminators
Category:	dropped
Size (bytes):	7037
Entropy (8bit):	5.091026381663389
Encrypted:	false
SSDEEP:	192:PnrkGE/IlvyagS3MRpxVBFO9QINqPNjL1:PHvyagmMRvV7wy
MD5:	6F72B77E2FABA49A63D77C62B3B6F339
SHA1:	E99A4B0EE191B2E3AD932BF250E2A8F1FF003EE8
SHA-256:	2A4DC0F2FCAC7C59A0516B0729B41D94997B666C4AA46E0E982D50582ABC8E59
SHA-512:	68CA78BB6F620DE4051A39A140819E3D91AE03DAB0354D1E5883A140A01D039B5049EBC38B85C212A7D8D86ADECEDDF04EF18554F69E8CFE47E44106DE558832
Malicious:	false
Reputation:	low
Preview:	ACUERDO DE LICENCIA DEL SOFTWARE DE CANON....IMPORTANTE - .LEA ESTE ACUERDO ANTES DE INSTALAR EL SOFTWARE!....Este documento legal es un acuerdo de licencia entre usted y Canon Inc. ("Canon") que establece el uso del software y del manual en l.nea o el.ctrico (colectivamente, el "SOFTWARE"). CON LA INSTALACI.N DEL SOFTWARE, SE CONSIDERA QUE USTED EST. DE ACUERDO CON LA OBLIGACI.N DE RESPETAR LOS T.RMINOS DE ESTE ACUERDO. SI USTED NO ACEPTA LOS T.RMINOS DE ESTE ACUERDO, CIERRE INMEDIATAMENTE ESTE PROGRAMA DE INSTALACI.N Y NO INSTALE EL SOFTWARE.....En consideraci.n al derecho de uso del SOFTWARE, usted acepta cumplir con los t.rminos y las condiciones de este Acuerdo.....1. OTORGAMIENTO DE LA LICENCIA Y RESTRICCIONES: Usted podr. usar ("usar" significar. almacenar, cargar, instalar, ejecutar, o presentar en pantalla) el SOFTWARE en su computadora s.lo para el uso con la impresora de chorro de tinta Canon ("IMPRESORA")...Usted podr. permitir el uso del SOFTWARE a otros usuarios de otras

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Chinese_Simplified.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	10751
Entropy (8bit):	6.109634698075743
Encrypted:	false
SSDEEP:	192:FnF946eOwUAeYW3qvNj3UQ73yZKiuofuecNW9ERefKR1Y:FI6eOjYW0rUdJyDY
MD5:	01F63CB9E6D8CFBB53511BF8952E0B6F
SHA1:	DEF494B4C7B81789F0B7E745AD5D6A6BDE76FEF1
SHA-256:	F99AADBEB26F9C9A9317A521EC813E7616E6CA0E8B901453BEFD409B64DD21E8
SHA-512:	922331FAEE01EB60B6C9594C3CE828592AB7E97528ED59F5EE4DE05C7D57B8473886D538EAB6F8A4A6EAAB86BA77CE15FEBD8A33EC070534F9470D0CCAC88A38
Malicious:	false
Reputation:	low
Preview:	._______________________________________________________________________________.... Canon imagePROGRAF ......... 4.91 ... * CANON ...... 2015 *.._______________________________________________________________________________.......... 1. .... 2. ...... 3. .................1... ------------------------------------------------------------------------.......... Windows ..................<..>..Canon.Canon ...imagePROGRAF ................Microsoft.Microsoft Corporation........Windows.Microsoft Corporation..../...../.............Windows Vista.Microsoft Corporation..../...../.................2..... ----------------------------------------------------

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_English.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12304
Entropy (8bit):	4.608305666838869
Encrypted:	false
SSDEEP:	384:eOzItZG6MXxVVE8OBepsefLPeONyoBZLyUW:kZRTzBepsefLJ3m
MD5:	849307D04D42FFA00DA4B9BF6419D1EC
SHA1:	E8F71A9EA938C52475CF3495D704D55E0319335D
SHA-256:	63710D703D1D79AB3E6F7C45EF90B31F886E45C00A55A3F34A1A621B5FFBE5E1
SHA-512:	96AB99088576AF72A941A7ED6B516E5CFF72F971A4889E7C7F7F494DE745F6A12409EB882FBE36E0EACEC1DF68A6AAAC94A805D8FE5EB0E4228B3DD3B1147D9A
Malicious:	false
Reputation:	low
Preview:	._______________________________________________________________________________.... Canon imagePROGRAF Printer Driver.. Version 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Contents.... 1. Introduction.. 2. System Requirements.. 3. Cautions, Limitations and Restrictions......1. Introduction ---------------------------------------------------------------....Follow this procedure to install the printer driver for Windows software ..applications.....<Trademarks>..Canon, the Canon logo, and imagePROGRAF are trademarks or registered trademarks ..of CANON INC...Microsoft is a registered trademark of Microsoft Corporation...Windows is a trademark or registered trademark of Microsoft Corporation in the ..U.S. and/or other countries...Windows Vista is a trademark or registered trademark of Microsoft Corporation ..in the U.S. and/or

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_French.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	15159
Entropy (8bit):	4.65693356679848
Encrypted:	false
SSDEEP:	384:nOn1bkVX89bPg54UM5b0BHfEa/E3ar0ED/ttAUMpsHJZMs1s9K80H:O1bkVmb4Gb0xl/wF68ns
MD5:	8B2D008769470224C705D9A9D4C9D83B
SHA1:	647D6C9CD407BEE31C5D6AF2C218647D7F97DF56
SHA-256:	16952CC2664F727AC7AB782A768BDEBCE7FC7304E20FFE3E6F8BB85608E6A757
SHA-512:	98D7E07291144BABB66AE7BDA8544C435FF251791CB61CFE7F9AF9E78BD10B747E3E45EC5F2750EA73213F1AFEE2CEFBCEE87DA04BE507077AED31A3CC70CD21
Malicious:	false
Preview:	._______________________________________________________________________________.... Pilote d'imprimante Canon imagePROGRAF.. Version 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Sommaire.... 1. Introduction.. 2. Configuration requise.. 3. Pr.cautions, limitations et restrictions......1.Introduction ----------------------------------------------------------------....Suivez cette proc.dure pour installer le pilote d'imprimante pour les ..logiciels Windows.....<Marques de commerce>..Canon, le logo Canon et imagePROGRAF sont des marques commerciales et des marques ..d.pos.es de CANON INC...Microsoft est une marque d.pos.e de Microsoft Corporation...Windows est une marque ou une marque d.pos.e de Microsoft Corporation aux ...tats-Unis et/ou dans d'autres pays...Windows Vista est une marque ou une marque d.pos.e de Micr

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_German.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	14526
Entropy (8bit):	4.7616870078926405
Encrypted:	false
SSDEEP:	192:fkvECXth224mz/pJfg5okoeYunTsLcBdK2FJ5AI6vQgXGD0JU8Wm282uQwOfplgf:fkv5L/bUoZL+e2QJTp+TGj
MD5:	0D60494A2C7D64FB02A1616EB4576B88
SHA1:	965D3C2A2A1FE3BF71722938E4EC3F4C2744B5E2
SHA-256:	0AC7C295FBF27AC69C2F674EB76B6417093378B5835245D9C9763E98E67EC653
SHA-512:	84129051D7BCFAD41DF9D2337CDE698A74D4A746829B702CE93AD1417514066860A37743DDA7F25A383D4197E1B147C9FECFC20FF23C991C7729A914FBACE9E2
Malicious:	false
Preview:	._______________________________________________________________________________.... Canon imagePROGRAF Druckertreiber.. Version 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Inhalt.... 1. Einf.hrung.. 2. Systemanforderungen.. 3. Vorsichtshinweise, Begrenzungen und Beschr.nkungen......1. Einf.hrung -----------------------------------------------------------------....F.hren Sie dieses Verfahren durch, um den Druckertreiber f.r ..Windows-Software-Anwendungen zu installieren.....<Warenzeichen>..Canon, das Canon-Logo und imagePROGRAF sind Warenzeichen oder eingetragene ..Warenzeichen von CANON INC...Microsoft ist eine eingetragene Marke der Microsoft Corporation...Windows ist eine Marke oder eine eingetragene Marke der Microsoft ..Corporation in den USA und/oder anderen L.ndern...Windows Vista ist eine Marke oder eine einge

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Italian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	14691
Entropy (8bit):	4.519139394271867
Encrypted:	false
SSDEEP:	192:Ip1wwhgnzAcGNr2L4P2mQZgN67xx6u7PnlDU/KwH1NGQdtRcectJAg:IXynH8hFQZgWPPloS0GHH
MD5:	BEF56A9B8B77A9AD3E0B804A15A0A0CE
SHA1:	D389F7636125BF9E1213CB50E4BAF8F5F1547926
SHA-256:	3D853730EF75B278AC7B3326143120F492AF38317E3CB00F4BBD199C19BF238F
SHA-512:	D7F6CC9A92F9B3CDC97A52E6E96D1D62C2CB5C6214F9ED3EF3D9A6ECC0F75D5F3402D95020D1381600A6F2857F5E0C36AB04E0EFF0920B4B03BB0497D89BC1F0
Malicious:	false
Preview:	._______________________________________________________________________________.... Canon imagePROGRAF Driver di stampa.. Versione 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Sommario.... 1. Introduzione.. 2. Requisiti di sistema.. 3. Avvertenze, limiti e restrizioni......1. Introduzione ---------------------------------------------------------------....Per installare il driver di stampa per software applicativi in ambiente ..Windows, osservare la procedura che segue.....<Marchi commerciali>..Canon, il logo Canon, e imagePROGRAF sono marchi di fabbrica o marchi di ..fabbrica registrati della CANON INC...Microsoft . un marchio registrato di Microsoft Corporation...Windows . un marchio commerciale o marchio registrato di Microsoft Corporation, ..registrato negli Stati Uniti e/o in altri Paesi...Windows Vista . un marchio c

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Japanese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	15926
Entropy (8bit):	5.29962881628648
Encrypted:	false
SSDEEP:	192:peKUtFrJR/mZyzP05iEWl71jnmhas5L+O2ZqLVa8EAL2kEMPF7YQATnBBSGQMQrY:pEx02lak8kZALqUY
MD5:	A00C0D8C865FA297C39D4A12C914E8BA
SHA1:	884F16DFD337BC06E19409922E782707B39AB217
SHA-256:	59FEF6345D64EE424AB3F66BCDD46F79F5204579838FF19A87B275EAA4C7D938
SHA-512:	B2EF680D1033C0DB142DDF8766D81C6963E6BAF5956217EA4F19A079BD9EBD5A10D6A5719A18557D1FEE02E3330195E362EECEF087FA7B92295B7768177B1736
Malicious:	false
Preview:	._______________________________________________________________________________.... Canon imagePROGRAF .......... Version 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________........... 1. ...... 2. ...... 3. ............1. .... -------------------------------------------------------------------.............................Windows.............................Canon.Canon ...imagePROGRAF .........................Microsoft..Microsoft Corporation ..........Windows....Microsoft Corporation...............................Windows Vista....Microsoft Corpo

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Korean.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	14655
Entropy (8bit):	5.49484033433693
Encrypted:	false
SSDEEP:	384:4nTvXnD6gml/PiVcrBZ026SdyQSvuk7O2c:2nG3likB5z4uk7Of
MD5:	EEE60C3787B341D90F9C9EB6D07A0853
SHA1:	5B9216CB787EB3D9DC2ABAF2B09EB253772894B3
SHA-256:	EA0B19472D982CAACBC8DC8B60F1261271AD61659F15CC96B7221296E88C621B
SHA-512:	33ED90CF32EF8C5F32A8C715EC358A7FADD0A1FC0E9D90F18E548CF5D8BACE486A58584FAD6432AAB0EE5C5179AAE73B05D56C645244EB9204032F0025C80791
Malicious:	false
Preview:	._______________________________________________________________________________.... Canon imagePROGRAF ... ...... .. 4.91.. * ... CANON INC. 2015 *.._______________________________________________________________________________.......... 1. ...... 2. ... ...... 3. .., .. ... ........1. .... -------------------------------------------------------------------....Windows ..... ....... ... ..... ...... .. ... .............<..>..Canon, Canon .. . imagePROGRAF . CANON INC.. .. .. .. ........Microsoft. Microsoft Corporation. .. ........Windows. .. ./.. .. .... Microsoft Corporation. .. .. .. ..........Windows Vista. .. ./.. .. .... Mi

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Portuguese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	13605
Entropy (8bit):	4.672775767949875
Encrypted:	false
SSDEEP:	384:1hYqBXGqMJdG9utHy6Rt9IuS8iDvlDu5tQZX92mQYg2wvx89OD9ye38qKkEMK5qO:1hoDJdG9utHy6n9IuS/blDu5tQZX9DwG
MD5:	7958F057506CEF73592C09111954B179
SHA1:	EB103A14E85434E8E158584D72058FDA6953DADD
SHA-256:	86E983C145F19C5A4F9910E30CC429EE8C585790A7E1DD3918196893C34FC62B
SHA-512:	75843D144A996EC6BD61913CA709E4625C555A099C4D44A6B3282AAB2A658998690D0B1BDA582F7A5E8410EA8D13834902C76B4EA9CBC1FCE7EACF54DF770BF4
Malicious:	false
Preview:	._______________________________________________________________________________.... Driver da impressora Canon imagePROGRAF.. Vers.o 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Conte.do.... 1. Introdu..o.. 2. Requisitos do sistema.. 3. Cuidados, limita..es e restri..es......1. Introdu..o ---------------------------------------------------------------....Siga estes procedimentos para instalar o driver da impressora para aplicativos..de software para Windows.....<Marcas comerciais>..Canon, o logotipo da Canon e imagePROGRAF s.o marcas comerciais ou..registradas da CANON INC...Microsoft . uma marca registrada da Microsoft Corporation...Windows . uma marca comercial ou marca registrada da Microsoft Corporation ..nos EUA e/ou em outros pa.ses...Windows Vista . uma marca comercial ou marca registrada da Microsoft C

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Russian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	22690
Entropy (8bit):	4.335747326152893
Encrypted:	false
SSDEEP:	384:iqFufRFTbJkMsW/VEr0BuXmWZeqgVySCPewSOXYBgjT1DhDwno4eN8bzzV0yR4:TufRFTwW/VIXmWZZgV54ezOXYQT1lDs6
MD5:	4123C8033C837C82BA36DF6AD23F11AB
SHA1:	B914999480D1AE702558C345BCD7AEB47660DEC3
SHA-256:	2230C9418FBC6CF49FA360E7F7D06AEB2BF5EF4DB2CE105EE0EFC5384ABEDBB1
SHA-512:	274D5D2F6B3A1090775FBD51671C93232A0A0A69F049C52902A04C6B9BC9BE1ACF3FA6A921704E840286894B7AA49D2DBF5F225DAA473EFD111B8AC47CB9D857
Malicious:	false
Preview:	._______________________________________________________________________________.... ....... ........ Canon imagePROGRAF.. ...... 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________.................. 1. .......... 2. ......... ............ 3. ..............., ........... . .............1. ........ -------------------------------------------------------------------............. ... ......... ... ......... ........ ........ ... ............. .......... Windows.....<........ .....>..Canon, ....... Canon . ........... imagePROGRAF ........ ......... ....... ..... ................... .....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Spanish.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	14603
Entropy (8bit):	4.587362213224268
Encrypted:	false
SSDEEP:	384:SDND2KKWFZQ54FBAZetU74BJURlrcabACtBkZeJa1iC6:wgZAjCtBosac
MD5:	D7A7C128D2A13B8A62FD2BCC0BC0EB69
SHA1:	3D13A1229F4F84A3CF647AFFD7DFB88D6611E5B0
SHA-256:	28BD4588BFB4FAF4C02208F3E52CACAE18552107A3860133D6FBAC155C76D5F8
SHA-512:	ED58A10761A3E28EDFB1C3239199E14B73CA2A67B5614BCEEC9B5765A1B9AC68A93284D28ECAD579E27ED76029222EFF30CAA0C980072939E89449D96E00F34F
Malicious:	false
Preview:	._______________________________________________________________________________.... Canon imagePROGRAF Controlador de Impresora.. versi.n 4.91.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________.....ndice.... 1. Introducci.n.. 2. Requisitos del sistema.. 3. Precauciones, limitaciones y restricciones......1. Introducci.n ---------------------------------------------------------------....Siga este procedimiento para instalar el controlador de impresora para ..aplicaciones de software Windows.....<Marcas registradas>..Canon, el logotipo de Canon e imagePROGRAF son marcas comerciales o marcas ..registradas de CANON INC...Microsoft es una marca comercial registrada de Microsoft Corporation...Windows es una marca comercial o marca comercial registrada de ..Microsoft Corporation, registrada en EE.UU. y/o en otros pa.ses...Windows Vista es una ma

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\aussdrv.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 90522 bytes, 1 file, at 0x2c +A "aussdrv.dll", number 1, 9 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	90522
Entropy (8bit):	7.9974478538975005
Encrypted:	true
SSDEEP:	1536:r0EqjNe79ZQw2Vv3jFNJ6v1MwA0cEHuhMDhdGjH27QnZUO/UlIYjI9eoMKgI+qrV:0e79T6ZN4KJWiMV0jWYUlImSevJqrV
MD5:	A3AFCBFEE843939E7F138CB6FF24937A
SHA1:	F8A039397FE54C0F499944CBDAAEABB08F91232B
SHA-256:	3EB8031D6F1596A426408DA5BC61795A3926DB3D48394AF6A5B18F79AF36923C
SHA-512:	98A35CAC8D25D77670F0D0B6745F714EBCB690B27F9A587E9A203B42CC12A6489E686975E331470509BE1AF7D92DE32FCBF4E735CCDACAC9D0C77B419293637F
Malicious:	true
Preview:	MSCF.....a......,...................H........,.........2@. .aussdrv.dll...i.)..[...&..(.."RP4....n...n..V+-..)xVN.S.rC6....Rr.....e....`._.).G.x.@ .dQi.4PY....y..n..8.D ..dd`%".`.......v6.....sNg.o.f.f.0g\|...i...0..P.E.e]....u....x......`4..V..`%Y./..p...VA...$.E5WUG.{o...{y....\s..R.&..../...$.D..B.j.U.).Z.........(...0V..(..k.4.J..D.)U+i...d...Wu.>^KZ...\|.Z."....2.....[^...o.._.n..e....>..........%...#.5a..V_....4...h.{..:...>..#....M....q...?r.n.........N.Z...%(J.x.......u...Q.1...>.fX.......6...R%.z..f.e..k.t\|.7/.......F....t..Z...2V].....wW.5....I.;...".H.w....7.\.Kl..Hq......m. ....4N-.qu......&.....?85.=..Z[.u.J.ur...7.....).K.N.}0G.).th..+.XR.VV..TA..f$3N.U._...y~.%.....um5.K^....J..U..K&b..^...le).C..K...u..u1...G>.F..Gz._........%..s1...}.y.t.]..y.d.v)...z.....by...C.b......S.ZS..o%$.m.rj.....`.l..-..Nf.dJ..k.b].......G3.....5H.....`]....jKg..S .......#*7.c./^.L.9...z..a@"J.I.\.[.0./L%X.].h.).^pW.mlM..x>^...\h.._#`u..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_glossyphotopaper170gsm.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 582358 bytes, 1 file, at 0x2c +A "cn_ipf770_series_glossyphotopaper170gsm.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	582358
Entropy (8bit):	7.996960805569354
Encrypted:	true
SSDEEP:	12288:hJ8r5xh2e3+CgJoGMi6aCl15Wdt+gxTnSpodk/g5J2OuPRQXKCPz:hJ4nX3NgJoc6aCLIdtHSpzY5NuyXKCPz
MD5:	171632A3EFDDC8037D4679F4E05C24C7
SHA1:	6AE73B7880854862E9A3B9C0D7AD7114F8F73EAB
SHA-256:	866034D1030AA16E31AA36E8FCFC1750C4AAAAD9EF7D4605E739539F80879223
SHA-512:	C599AB2170D5B28E3B1600A6BDCD51C04B6A3BF7C8ED897326CD342334A931C80550E2E4ADF59ABB9E5D426D2935073A6A15959806217C6DB2602925753CA4E8
Malicious:	true
Preview:	MSCF............,...................h........;.........D.. .cn_ipf770_series_glossyphotopaper170gsm.icc.\|....g..[.... .JU].P.....U..q?..;...Zk..k..Z..Zk..K.%.SR)m...mR.-.2...U.X.....?R.g..Pz.HE..%.\|........gQ'(;i/.....@{Q..4(L......O....-@.......PA..'.tB......%!..;....%.%.....!..a.........a?..B'.....mmOP......U7OD......G.."....A3.t.......2..Q...1C..]....b..C.......q3..@X.s....`FHB..q.s....E..D.L.?(...h.8...r..c..I9h....O..\.......V.....~$&.K....;........?...@..).$...P&R.F.fF.f.......'.G'gG.g.......(.H(hH.h.......).I)iI.i........JjJ.j.WeUue.u...................................................tsutvuwvxwyxzy{z\|{}\|~}.~....................1.QQ..2.66::>>BB.GJB.ORbVVZZ^^bbffjjnnrrvvzz~~.............................E....,.l,.l.-.4[K.].........M....5/....N.U.....n...]....60....e....L....m..........u.....}............/N.......'O....o.7......G......N.W......g.......w............./O.......OL.O......\.o_....................,.?[C?.C..>\|

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_glossyphotopaperhg170.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 581177 bytes, 1 file, at 0x2c +A "cn_ipf770_series_glossyphotopaperhg170.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	581177
Entropy (8bit):	7.997503799643727
Encrypted:	true
SSDEEP:	12288:UEIVc3t5jinKpgR0z6ZJlQOnIo7AxlzCCqj4QxIgy6o93VyS31NX:UEIS3LiKWKz6SOnIo4zDqcQ2P93Vy+1V
MD5:	5DBEB5B8254CE4D463A7B1165FFC0AE3
SHA1:	F174AD3F1E58CF807732E51A061E299739102D4A
SHA-256:	ED009A718960965CDB9ED1FD93EFD57C0DAA11F924A8512CFF96F0027CDE4D4C
SHA-512:	B23DA5B2927DFCD4156CF26A7D06F12B161C6404A1F7A005C45BC6ACDF1ED495250E73C2C068FA237F8E08594558DDFF13542A9F361DBBCC3AAA01B0BE19B13F
Malicious:	true
Preview:	MSCF....9.......,...................g........;.........D.. .cn_ipf770_series_glossyphotopaperhg170.icc..ED..l..[.... .UU....#..0...!.+]...vZk..k..Z..ZkQ.QE..h.J..R).PJ...H............'i.;.....!..w..%.qQ.}J....E.. ....I...I9M.eZ#T....4-......j...B..^]...4..yK...w.p..4Iy.ifgc.....P...-.-..yXOy5..<L...nNkK.j...Y.=..O.GU.A...!..d.......M.s..N.....o.X(...O...b..&.3~p.h.....L=.fP......:9r........D..M.J....I.D...e.Y......L.T.L..d.'.e.b.&..u..H...l.T......O....w.......@.".PP.P.......b1..4..p.."..Dd"..T*b...D.ED2E.df...t:..ddtt....................%%55.O.......................................................:...........................................~E..E.O.......?.$...J,.JK..KL..LM..MN..NO..OP..PQ..QR..RS..ST..TU..UV..VW..WX..XY..YZ..Z[.th.6..-..........{G.{_.__..t6mO..``uj.:.V.W`...uv._..vl-;..ga.ma.v.mo..wn.;..wo.w......xp.<...q.x7n....yr.</W.s.yw.?..zt.=O..u.z.n._..{v.=o..w.{.....\|x/>....y.\|7o...}z.>.W..{..}v......bb.bc..c~..99.Y9yY.y..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_glossyphotopaperhg255.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 580011 bytes, 1 file, at 0x2c +A "cn_ipf770_series_glossyphotopaperhg255.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	580011
Entropy (8bit):	7.996313613081114
Encrypted:	true
SSDEEP:	12288:8TCVtGCH8nqAPEMS1/oTL9OmTh6OB6Zo7Ri0GsUtmWTmKaEe1:8+VtGCH8nqAodoTAmtEZoATmZKad1
MD5:	ED9240BD74654F54DDDF63092E6E6444
SHA1:	98BA3A3F198909A8ECB900A0982BC787BF274049
SHA-256:	8F2F500F9EC20B0D0DA800E00ACE0D23E588ED255E106840940FDD13C2F638B2
SHA-512:	0BE54E5916761DD9C80EFAB9C75B54EC66EFC02ABCEFD3BC62AEC7A1A5D8BE920EAA775DD33CE26F29036C8F230F136947BADC335DD0087FAF3FF9A422FE8A4B
Malicious:	true
Preview:	MSCF............,...................g........;.........D.. .cn_ipf770_series_glossyphotopaperhg255.icc.....lj..[.... ..uU.P..#..D..{ ..].r....Zk..k..Z...k.TD..ZJ..R)..@..X+..D$UTp`...7x.7...T.A. .7.M......r'....E.=A`............S...F..X.d....".......j.....:x......M.......3.....juCe.oC.........$..4.....3..#..............N....C.....(..b......g..T.X.....#!... M?..D._4..RT.?O.9...\|.OUL..[...;..._B..._{.5.'/...dp.....t.xy.x.qq.E...M..J.rN2V..]...2.c.2......2.......{....t..?..N...0..h.....2.....D(..P.R..`0...........F8..q..............!.%!)%-)1-5195=9A=EAIEOI............[.\[]\^]_^`_a`bacbdcedfegfhgihjikjlkmlnmonpoqpN.9...::..;;..<<..==..>>..??..@@..AA..BB..CC_...11._\.ddlltt\|\|r.2.._.$%%ee....&&ff....''gg....((hh....))ii....*jj....++tkZ.........I........-m.4[kk[>m.Q.....u.Z.^.Y...u~.a....v.+[....i...v.mq..w.[..y...w.....x..\......x?n....y.\/_....y..?..z..]O.....z.n._..{..]o.....{......\|./^.........\|?o...}..^._....oo.o.....................#.'#+'/+3/73.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_photopaperplussemi-gloss.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 587774 bytes, 1 file, at 0x2c +A "cn_ipf770_series_photopaperplussemi-gloss.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	587774
Entropy (8bit):	7.9965522646368505
Encrypted:	true
SSDEEP:	12288:Jq3kDb6VghvhGMbKBhdjCT3sQzYR+WdwB2fIpqlSPVa/OHJPfVdzn:Jq3kDIgdxKL9CT3U8WDfI4sVaG1z
MD5:	4D20A17C7CD21891B36305ED6876CB56
SHA1:	C13CCE646480C5541C76BE46748762D02E887962
SHA-256:	5662C5300B4DFE5F11C71BA8EB5081B84A35B31DF877ABC0DD346B9E2C3BE837
SHA-512:	2AB55A355B32BB4A0707524E7313C838A47FC50FBB26D93783344B17A94A6896928EDE0AE80E25BAA70A92D387D8513511DDB512F6E8E0BAD5244152D97C1316
Malicious:	true
Preview:	MSCF............,...................j........;.........D.. .cn_ipf770_series_photopaperplussemi-gloss.icc.;.<.m..[.... E.uU.P.....@...-.t...;.......................m.m4f.0.*0.......9...w'$.)!..%.w.9(..(..=j/s..(_..u ..{.?.&.1.L&.JSG...IU.E........5.C...'..J./.o......\nlfm.H?.........W....v@;..O>=DF.....-..3.3$(?.O.c..i....?mX.........;.KZI[....2...._..G.h..w....-..........1i..'.fMA..W........\|.8,...n4.....U6B.'}..?.'........a.}}..o..+.H.."vJ&.....4...1:.9.Z.RJ.o.....?B......y...k....m...X....1...h0...@ ...........D(..P.R.....M..M...N..N...O..O...P..P...Q..Q.......iI.i.....-...%.5%E5UEeUue.u.................&.6&F6VFfV}f..................'.7'G7WGgWwg.w.................``....!!aaP.............................................................................................................................11qq....72........u.........7.}7.........../N.......'O....o.7......G......N.W......g.......w............./O........O;;......o..................M..G.KG.K

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_premiumglossypaper2-280.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 584569 bytes, 1 file, at 0x2c +A "cn_ipf770_series_premiumglossypaper2-280.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	584569
Entropy (8bit):	7.996754453306316
Encrypted:	true
SSDEEP:	12288:t31O5jcq8sJDTuRqBLzYqtaihJkRRcqL2eapXzHaHp:l1OdcqPJDyR6WRRRLhapXe
MD5:	79123C884B7D8078C48DACFE819D04C7
SHA1:	A734E596D0BC31CD7B6BF591A9F5AA8BBA61B5D5
SHA-256:	E51984E3D54C3356D6E7A7393B661070BF44F5B7886ACFF864BF07F732394366
SHA-512:	00C2EBCCDF0F4AE68AE619A2BD977B59012C582D6EDA330BE62ED24BD63225F6ACDF8823F36B2E732D7067F8A0DF947E007D6F71BBA8F2DFA512F17CDB9ED375
Malicious:	true
Preview:	MSCF....y.......,...................i........;.........D.. .cn_ipf770_series_premiumglossypaper2-280.icc...0.l..[.... ..U].P..#..0.../.....j..Zk..k..Z..Zk.."....h..4J).R"..Ej......n...N...L.J.....1......n/9.;A.I.E.(.b..R.n.M>...JTk.Z......P30T.#..+.....h....;... .I?.y...w..8q. <....D.ME.K........yy.\...]..Y..P.._.?....(Z.Z..Uk......,......b%D..[..I.........._.C.7.3..y9....y...#&%...'..z._n`....N&...=....h..$./.O..-}A/!3...6..;....R.:....H....{........A. . .@D...FQq...P(R...0..`F......O..O...P..P...Q..Q...R..R...S..S...T..T...U..U....+.K+kK.k...}u.}..........................................:.............................................#cccs.\|...................................%%--55==EEMMUU]]eemmuu}}................E.qqssuu.4.w..w...]..-...M......ja.5N.U..5...n.].....6..e..6.]...m...7...u..7....}...8......8.^..../....9O..+..9..;o....:...K..:.^.[.....;..k..;..{.....<.....<._../.....=O....=...o.....>..66?>.......>.Y.yY.y.......~.o..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_premiumsemiglossypaper2-280.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 584241 bytes, 1 file, at 0x2c +A "cn_ipf770_series_premiumsemiglossypaper2-280.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	584241
Entropy (8bit):	7.996544591651677
Encrypted:	true
SSDEEP:	12288:VL2V+9YEoHZDpx78VsGdYDZ4oEl2rzMA1Vt7yzxo:IV/HhT7EsGdY1E2rzntOzC
MD5:	3328D246FD3343BA718DC894DF95E8C2
SHA1:	F129D2E3C885627E4476891434951B0851B8A1DE
SHA-256:	D41E931A0058B125936E13CE2E57FA32D044F2A8FDC90CE9064F1FFE80419E21
SHA-512:	24CD0822728564D0AF13C3BB0F6865DEA3DC2F368F39778A5EA2140A3C37F69AE67F7F5584A23063D3D4EE3FF4BD2D527454C501B79648451F918F27F0379533
Malicious:	true
Preview:	MSCF....1.......,...................m........;.........D.. .cn_ipf770_series_premiumsemiglossypaper2-280.icc.6....k..[.... .U].P..#..0.../.....ek..Z..Zk..k..Z....4...@iR...@)..\.&..........I...;D(.B"JT..9..E.A.Es.&(9.(.zP.=...&.4#....Z..............N(.5^....\|E..O.n.a...MLMN7=$.D:$..........&cn-...~.m...........z...........HA.:.....g.gu8.....-+..\#.~.R.F~......+ ....R.Y.9...s.@..;+..8_.......O.{....7..;........c+......b^j.>FqB.#.....f.d.........1.@......w..A. . .@D...FQq...P(R...0..`F...O..M>>??@@AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWW.X,?-..-..../.-.....&.6&F6VFfVvf.v.................'.7'G7WGoW.........................$.,$4,<4D<LDTL\Tg\..........22RRrr.........33SSss..........44TTtt..........55UUuu..........66VVvv..................C..^^.^_.._...xM..&.....K..i...F.S...j.z.f.[k.....c...lM{..km......s...n.{..{o..........pN\|.&./.q...G..'...r.\|7g.s......G...tN}W..u.....g...v.}w..w.........xO~.'..y...G.....z.~.g..{.....66?>......d..YyO_^.f^nf.i._

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_satinphotopaper170gsm.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 582113 bytes, 1 file, at 0x2c +A "cn_ipf770_series_satinphotopaper170gsm.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	582113
Entropy (8bit):	7.996615657655328
Encrypted:	true
SSDEEP:	12288:XFViuLlWRZQSrFJ41edrkpoZQwwuokA+DRa5/PkdRBC+C2vVn:Xric+Q4JJdrk6wY5k5/MPBrvB
MD5:	26B4570C54E6F0E13529182CBC06E612
SHA1:	468CA7C197740DCB5448C80939FC0780EC48BE0A
SHA-256:	E3DEC3B29723D6E98EDDC7B905FBF008DA08C56C0376DA82FF9D3C51690ACCA1
SHA-512:	FB3430E99EE88ACA61790777A1F7B63B2422D53FD86700DA41D42FD660AB8A46DB5A733340BA706DA5CF1B0DC25A49BA26DAA001D8AABAF21C84D41AF37DA29B
Malicious:	true
Preview:	MSCF............,...................g........;.........D.. .cn_ipf770_series_satinphotopaper170gsm.icc.%.1?.j..[.... ..U].P.....U..w/.w.............34..v].]..l.......V.VDpv......7......\|.....]...".Qnhw(..&e......u@.i..6..I.)m.8b.)..'3A.(@.......PA..'.tB.............c...#.dY\O...O .... #....?J..0W...L....t...(.."..u.A....}.. .(...\|....xCY.........._{.....$.>y._b....!..eZ?.R..!D.:....&.....h.i9.8.....g%....,.-3..A>..e._.........1...g.....6.&..)..................+....0.a`..4..h.. ..DE"...^(`^b`dbfdhfjhljnlpnrptrvtxvzx\|z~\|.~............................................W.XWYXZY[Z\[]\^]_^`_a`bacbdcedfegfhgihjikjlkml..onpoqprqsrtsutvuwvxwyxzy{z\|{}\|~}.~..................""&&..M3..........))99IIYYiiyy....................::JJZZjjzz....................-+.V..........W..k.n..uv._..6l.;...g....m.6.]o..7n.;..wo.7.......8p.<...q.8.[7....9r.<+W.s.9w.;..:t.=K..u.:.^.[..;v.=k..w../....{..<x.>....y.<7_...=z.>.W..{..=w....>\|.?.........}..0..._........................*

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg170.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 581294 bytes, 1 file, at 0x2c +A "cn_ipf770_series_semi-glossyphotopaperhg170.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	581294
Entropy (8bit):	7.997303082375696
Encrypted:	true
SSDEEP:	12288:F9+5p+/839bDR2Af6xMJBWwa+aY2Ltud8tAW260rmgTkO6XOe9/o:FGy8tbgO6+aY2LXtADVmTBX7w
MD5:	590929C72EC69E386474F45DFF23A570
SHA1:	315DD4773CB9BB90163A4A58980F7C64FD52528D
SHA-256:	2ABEE508AAF92E4FD7CB71DFC23EB20D481465CD7DB7590E2A54FB008F265826
SHA-512:	24C25BC2E4EBA94ACA3C842FE27F829F7E469EB1F1C7E086738A0AE4CDAFA35DEB07653E844B10F9317BD57B11C20F78F76A86689F47BF95B23BD94E71FDA122
Malicious:	true
Preview:	MSCF............,...................l........;.........D.. .cn_ipf770_series_semi-glossyphotopaperhg170.icc..C.Z.l..[.... ..UU....#..0...!.+]...vZk..k..Z..ZkQ.QE..h.J..R).PJ...H.....2....~..D.n.DD.2!Q..{.[q...{Q/..%E.....}q...........#..-.. ......*.....z..W.w......./Y.]....}.%.%....BC.h.......P..xj....\.....3s.{r..........C.......QsU....?>...U3.....2..Qvs}...L.g<......S.....zU....e..l.s....1#...7..........N.&".^/.........y3.S.3..........;.....&.#u.....S1......=.....(...@..@....AABBCC(.B.0...0..h.. ..@D...P(R...0..a....F...p8........RR......SS......TT.....?........++_K.................##++33;;CCKKSS[[cckkss{{....t.................................$$,,44<<.G.......>.FG..GH..H....).++--//1133557799;;==??AACCEEGGIIKKMMOOQQSSUUWWYY[[]]__aacceeggiikkmm...\.h7WW7wW.w=.....}I.}.....>}Q......Z.^.Y.....~.a....=[..i......}q....[..y...........>\......?~.#...\3_.......C...>]S......~.c....]s............?^.......?......^._.....~x.............d..de..ef.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg255.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 580024 bytes, 1 file, at 0x2c +A "cn_ipf770_series_semi-glossyphotopaperhg255.icc", number 1, 21 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	580024
Entropy (8bit):	7.996282575761241
Encrypted:	true
SSDEEP:	12288:0GvRTCVtGCH8nqAPEMS1/oTL9OmTh6OB6Zo7Ri0GsUtmW1XsNX:0CR+VtGCH8nqAodoTAmtEZoATmqst
MD5:	0B8A0B1B4CFC13E0D11AF3484607E111
SHA1:	06DA72D34648386CF830A685C43521811B256100
SHA-256:	09941CDAFAC3EDC70B15E5B15BE1D6CBA022FBED101538F1C6B00CF28DC61FAC
SHA-512:	C9EDCA5E8B182EA730DDBFA88AA7001725EEA2F4047BEB2449B8D4BC7398ABCB8AFC516CCC311AB26DE75FF0B1223DDFDF2FE0F8FA90E663A92561B649F8619A
Malicious:	true
Preview:	MSCF............,...................l........;.........D.. .cn_ipf770_series_semi-glossyphotopaperhg255.icc..7Nnj..[.... ..uU.P..#..D..{ ..].r....Zk..k..Z...k.TD..ZJ..R)..@..X+..D$UTp`...7x.7...T.A. .7.M......r'....E.=A`............S...F..X.d....".......j.....:x......M......3.....juCe.oC.........$..4.....3..#..............N....C.....(..b......g..T.X.....#!... M?..D._4..RT.?O.9...\|.OUL..[...;...*_B..._{.5.'/...dp.....t.x........^D.....d%."c......!.8.(..+.!.....Ap...'....C...... .......x8..@ .A$..H.2..X,s.....<.=<>=?>4?.h....P..P...Q..Q...R..R...S..S...T..T.........+..9.............&.6&F6VFfVvf.v...................................................$.,$4,?4......>...FF..GG..!g%#b.RNVRZV^Zb^fbjfnjrnvrzv~z.~..........................E..........K...++=;....M..............N.U......n.]........e.....M...m.....u.......}............N../.....O..'.....7o........G....N.W........g.....w.............</O../......O........o..........0.p0.p.1.q1.q.2.r2.r

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw407.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 912357 bytes, 1 file, at 0x2c +A "cnw407.dll", number 1, 142 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	912357
Entropy (8bit):	7.999431060308052
Encrypted:	true
SSDEEP:	24576:jQfgmYLyyaEp5I4JyiU2kPGpSau1exH7BNB+aQaI:jQ4mYyEwjYO1exJlQD
MD5:	DB20EA96D4A3C961DEB55EED95E6AE78
SHA1:	7B15A1F83669CCA600BB654EA27128F5A4885C67
SHA-256:	80F932EECC789B76E061840B868EB03A8BDD9809874A6428DD9539673A21E96E
SHA-512:	0E1756E34B0F0E898E3E139D1A02712E644E8B2F1F140E4B37A09743120C97677385BB09BD24F1F9113AECFF18055B186CBDB5B3C68D81E6F4D7D6DDB2941DDC
Malicious:	true
Preview:	MSCF............,...................G.........F.......!E0y .cnw407.dll.M...Z...[...B .k...`r.E......o6..Lx....B\....o.6\|..f.6.6...G....HYR...IuQr.....TG....,.Ud#3W4...p..c....}....~E..B.].D.o.;.....=l6..u.6..,tM..Q..$..i.f...{.....G-(....C!....q.]....u......!........=~m.?..k3...Ns..w.....^..t-M-.u...-,.5BJ.a. P.Q.P. .P".......0.....E... AU......n.y].........@-...7#...>.9.n.5 \.C..}..X.......Y.o..5bSj.-0.Y.r.<.."..}/..E......-...%.iZk..Z..W~.;Z;m.[.w.._..(@.j....X.....g.u..........9... ........._..Y._..'Onf.....wX...K......Z...-.T..to.IU.\w.+).MJ.v......r....?L6#..t..(.=R.....{n(......7Cpb'....PD..wx.....$.T.D.u.O&M..x:.BRx.,.'..[W.v.........W.b2Bh...`..]>..v..d.H..j....;.....W..!..I&...P....i...Y7.$Q.Zhr5.l...\....K[....%.lb.....M.i......o.I(....!...vP.H.y'.&..w.p..P...;.w.A76....LSI%v...d.......".......D......d.....M..bxx.\|.E...3.)z....2..P.....!81.z.x.....E..f..IX....R.K...%1.L'...f..e...$.....c.!4IDq1B=

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw409.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 910565 bytes, 1 file, at 0x2c +A "cnw409.dll", number 1, 142 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	910565
Entropy (8bit):	7.999440724015825
Encrypted:	true
SSDEEP:	24576:FLef9yecdRV3p7gJ+pn3DMan6+LVAza1P7va7ENfA/xIKAk:liEr3F1zMGVAze7vacOaKAk
MD5:	95543C6F685B2841BB7F6E651C500985
SHA1:	6F72B8E5F9BE6CFA63FC9090CE72BE0934EFD442
SHA-256:	78C66E54ED7BF5DBEDF6FC42DCA29E2B6530AD8EF96ED830582D9E7504B5880D
SHA-512:	49587E114EFF6B4B08EA9DE689D4589647820737258EA4D6D95570DA920AFFF431B411F544262EAEBA6B672ED9A01B5E94EBED190DCEA6D1D0AECB8D5EA8CC93
Malicious:	true
Preview:	MSCF............,...................G.........F.......!E/y .cnw409.dll.M.6OX...[...A 9Ey..`r.E......o....3...a{A...<.;3..n3.$pf...<%...#..Q.Ri....Iu~u..%j).C.#*2.!+..;...?R....=^.~o.L"ydXI..[.%..i%.4z..1...74..q...qx.qk...qs.7...5.y......#d..7....+........qW.d.M.U.....f..p......w.....^..ttz.....m.n..O.f.......md..d..T&.H.S.A.......2".,1D`b..H-.e.?.QT...>.B...^......sB..i....:..l..n.mK.p.k"...:...QO..n....Rk .....V.v.fY.....a.c........w...c..F.X.U.....J9.....m..6..g1.....eG..\5....n.....:....O.U.G....QY......\|..".....=...3.N..\|...]...&w./W../aX..~.t.b2....UT.2..j0N1B....&.-mJ..!.Gd6$..xY.).F=T.....{w4.......P.E...CJ)q..^......2..w.l..'y..;.y..;.....v.^..r.q...L:.g@..,......2.)..Q.Y.[Jr.p.4~....M.yd....P......S....{4.... q..O6..O...kB....d....1..S..hi.'-!j..6.)....f.R.%..9.J.k-........6.!.....7.1.....ZF......N.M.DI.q.N(^..N7F."dn.s..o..$..t..!...;........S......T.t.6hr...#.."...=.D..o.!b.^.H.C3.oL&H..lM.Y.M:..PXi.:y......LJ.h...'-C."8.x...rrz.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw40a.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 912695 bytes, 1 file, at 0x2c +A "cnw40a.dll", number 1, 142 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	912695
Entropy (8bit):	7.999144252366757
Encrypted:	true
SSDEEP:	24576:Lf2mMzhPRwMjGzUqDrE6Rhu5fHY5XpxdgHwmlQ1DeRLwsU:DowIGNDrE6RuYrxdgHB28dwz
MD5:	E682DF162413CA4AC3B0E206DB700747
SHA1:	43D82B04AB244BE53A964574BC07309F851CD4AB
SHA-256:	26120611E86366C995E1C2FF6AF0FED454681A0C89C9644ABBCBF19189660D07
SHA-512:	7EB36C2E551B311E6B527AB310E750510EE0ED8A3A6800A825056F684F61B31D159C84264409D5C054614D0B71186160277B32209F6F87E02724871F33ADA551
Malicious:	true
Preview:	MSCF....7.......,...................G.........F.......!E1y .cnw40a.dll...$.....[...C .(...`..4.....w_..[.....F.oQ....J..........j;D..\|.Y.!4!N$&"..C.CD!...C"... ..Cu32vV.....~>.....<?.<ol.H.....j..&..$@9....\......H'...qv'...U....JV..w.....}.$o.\..I&.S.8...Z..2...H.......!.3..2.......r............s..v5.e.r...1k.B.Yk....%).aK ...~.!..!....j.D.KD...I........&&.Sf.)..(U..TQ.\|.vs...d...G.....,,Z+.rE..\.Y...u...F;f.cgu..g...)5..F...a..>....b.d.k./...d...^.....y.\|....5F.B.E..5@1...{.SY...z.M..Q....S......j.....o.?...>........\|.uh.+...._..k.U..c7j,....ha..i.'...5i.C.ESK......<..%..B.1.Iu.L../Y.\|..@.<j..H.6p"....cA.....q.~..F..U"......&6..$....I.8.......eR.xi.....R.3...).x....!......J~.#..Y.t....4i.8Bai.....n......W..g......a...F...X..C....%... cpLRf..55....kk<..........P.?.....ed'c..e.F.#8.P..H. .\...D....i$.!m.h..v...$..0..$...F.% .4.........n...#..G...qC..%.G..&...F.....jP.=..pX.=..;.`...\|h.%.4...$..e.TB.e4.!..*...$VX..K....@cx..........

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw40c.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 912931 bytes, 1 file, at 0x2c +A "cnw40c.dll", number 1, 142 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	912931
Entropy (8bit):	7.999162403474395
Encrypted:	true
SSDEEP:	24576:FXtDvOZMXv9tUsmB56zzH0KlZT6QDD+rsons3jbQk2QvF:fOiXvY/yzH0KlZBPUnojbZ2K
MD5:	6FB71B90912DEB7E521B43EC5CA0061A
SHA1:	7C874FAB0DF3709CFA59D2B404C66B718D800455
SHA-256:	720567EADEDFFEA864234C64C50148A5EE1B95CAF262BEE02D29608A67B76C0B
SHA-512:	493EBB004AF537A94DB80367A63E43DB1EB7CEE62550D4935F7F0B8B94F1414180904486E89F047F05144F7DACF99078BB8DE8CFCF7C841A144736A56D5CD0E8
Malicious:	true
Preview:	MSCF....#.......,...................G.........F.......!E0y .cnw40c.dll..v.J...[...B g....`r.E......o6..x.....g.{.....m..xfq.z.......t..T:..R].\.]T.U.Z~w.\.z...P..hd......J._.....w.....<.E..."D..o.]5....!f;..".$8......6....06.\|t....o.....Cr.z.D!IZ.r..U.s.tR+J.........;........~...V.sw.rw.97.../o...mk]c..f4..k.Hif......iD&D.R...Q....0....#........j%..i~.:+.m,.k.^.mo..__..=vx.yl...w.Xi...M..j.(:n...q.....J.pp.=5.V[.@.........uUSq.v...r[.~.Co{.j...[........L..._.\|..m.6..g8.k.NG.e7..X..m.....N...._.lk.}.K....\|.b\|..........}/...q.>qc\..m).....B.....^...6.a5... Ym...o........+....x....JeB"..b....].g..o@%r.;B2.Rw.)..<.bw.3...x.{.....v;A0..^{..&...;;xC..{.b.c...x.:.s,%..,@.d!dI.e4cD.+..2......jL.......;...D...N.N..(RL.-.)........j...D4r5.l......Py.b6u9,%... ..Q;...d....]...6...)S.P.C.no.%B.6.d..'p..]<...rgN)2...J..m...D<.;m6..........o..#.... x..7........]....O...<nH1%....KH\|.z.d.$..S..'...=.F!.R..E3.oL%J..lL.a....&...2u........JJ.h.....C..7.h...r.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw410.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 911981 bytes, 1 file, at 0x2c +A "cnw410.dll", number 1, 142 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	911981
Entropy (8bit):	7.999330301607015
Encrypted:	true
SSDEEP:	24576:UwFbU5ws5CE2z+gjqt+BHKmzrheY8KYvS:VF3Mvwq0BHKZY8lS
MD5:	BEF0DD472AC0FF1DAC8A5539B32322A2
SHA1:	C634169A9FC3FB4456627EF686343E7A99D4FAFB
SHA-256:	11F88CC8A81764F66EC73D77C2269A5D8CB7A4A0404953C332FE95F293D17235
SHA-512:	25F756E590F38C9014611C4FBE20479463A32FE95C5A508DE4540EE3BD4D850A1EE0F3DB36D25B172EF127D6D51CDAB1F7EA791043760AFB9BABFE4A5917C7E4
Malicious:	true
Preview:	MSCF....m.......,...................G.........F.......!E0y .cnw410.dll.........[...B ..y..`..C.....o_......hV\|.Z.....U...P..mK..!./.7~q.....d".!}C.!..:$i ....^.j.!...;........b..3..=..a....r>_..E.{o..vK....JQ..$.....Ub.....T...v.$R..O6p9......6..]..f... ..5..#.@fF......}.>.s.....W...z^kyo.o7w7\|].2.-ik...m.I.Yjb....0..,..`.d..b...@..... ..0%@.......O.....}&..$W].n.....([.P...P"U.Q.Gc...nf.,.JR.3..;V....].egX...m:.:gT.b+W.."..1..0~s..y..}...F.D.iD.i$.............5......C...y............dM.._...J.......>.].......o..._k>.........Ue....._..k.....Gl\t..ga...i.'...ti......B.c"C.... LB.H.....$..hn_...4.q.6y....7n.D".;....r..%....;V......F.0.y7 .p.oyL..m...[4d.d.^.....1..)f0.CR.a....0#B.<(.......GY....D,..i.p.C....nH..J\|.b+W\4..THD....D#nx.,j@.a.....%... c`LNf..66...Bll<.a....C...P.?.8@.Oe.N."....Gph.6$".....A....qT...H...A.7.d..H:....=h......`7F.L<f...7l...<<r....<x....7~0..95../.X.!B.r8.Ab.{D.@brrP......h...HD*.hI.".hqC$.d...I...=....9..POH.,l..#..p

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw411.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 908647 bytes, 1 file, at 0x2c +A "cnw411.dll", number 1, 141 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	908647
Entropy (8bit):	7.999518978942718
Encrypted:	true
SSDEEP:	24576:fHfSLMO/ciY1O2SokADLNeHvREe+xyaj9azIkTzLxiVD+6:fH6M6Y1O2S2UPye+tgMkNWD7
MD5:	C0EC4F6CADA136456EF84E1C7260E8BE
SHA1:	CEBF1BDEACF7860A3202010A2B4C6F5F2977B21E
SHA-256:	BD343C3074436B8B929B7E87FF81AAEE5EA9A534E5E994E7ABFCD0E333B63CF4
SHA-512:	5256DBB812567E29848CEB1CE996E039057E11A6875D0DF1C512ABB95669A1F46DE9DFE0BFF13D09A29CE80A3F5A16282806978743EE5179773EF69426D517A7
Malicious:	true
Preview:	MSCF....g.......,...................G.........F.......!E/y .cnw411.dll....I:...[...> .R.M.P..F......_6...,..}^.z..7..6.6..m..x..g...7.7.u...$rU..G.R..Q%...R}.n..d..F......s..=>.........I....[.9=..='w.........@..kv...,l. .b...]N.S.Po.iM...!w.G....r.F.@.s.....<.... 3#.e.v.u.}........l.yI..;..7...\.......U....-.af....X..\.!....@..H. ...I...fDtH.=...t..Y.U..Bm.E..sq.&...^b...?.a1}..f.6?.WV.........t..Ti ..q.....%...S.4Svb.......g.y...../6.\.l..m.-4M?.......N7...2V.w-;.P,J1'.,...c....g........=........I...-......=.....9.9.......?...'..>..?.[dQb..}.j...o"19..!...,.n.K......l7F..:..S.t..q{...........M.....<.D..n.!sJ.v.}..s. w........x..'........_.b....Y...K.-g@.%,.......2.)S.(#.L-.1.T4(.:..n.L.9..I.."<Q.M...QHa.i.9..n..%.y...$i6......].Hej.).-.ld........r6.).....&.Q1.J.j......!li.m4C.'o..n@....~..)e....27..%.6..x.t.I..vc.#..r7.9l...b.......)<.......g.)..8...i..!...8.!......Q...).s....E.lg#.L&...&....]J..d.)...<......XLD.r..D...H.......3.T

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw412.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 908147 bytes, 1 file, at 0x2c +A "cnw412.dll", number 1, 141 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	908147
Entropy (8bit):	7.999303291558254
Encrypted:	true
SSDEEP:	24576:FbEY64+NM1evpuPniYLYY0u0NroPQtaWh8Rk3jh9Vwm2/P:FIYeDmiYLYY0u0NhTh8Rch9H2/P
MD5:	40A6545321406EC5FE1C33853ECCA256
SHA1:	46C260012850E30A7199120DE2876A079C6BBEDD
SHA-256:	5CAA1AB979A116DB6226FEBECAE6C666DFBD04F65D7F36F32CCB4E8E207B2C56
SHA-512:	9D292153637AD9C8B63CB49E2DC30659AC81DA5D05B5EC1ECB0A53E4540ED027ED131312D8185B22BEDBB8B65C7EC77856954DC5919F063858ED6B9C709E1733
Malicious:	true
Preview:	MSCF....s.......,...................G.........F.......!E2y .cnw412.dll..s......[...> y..M.P..D.....w_..T......r...M..M..d..g.4.p.L...0............X.L7.;?......j.....;3..?........=.>.9..[..l.%.I........O.5+i.....P+.v[.b..;..k.wy(...wy.....x[...y.!..yc.?..$...jf....../.{.....q..d.o....57...<[r...5].&%.vK...aB".$U..QH...P........0.....ED.A....W./e{.v...Ds..i.....,.].{O..G...%zW..HG....N...z....ez.....3...-.....Vzg...k...}U0.9.I.c.k..]]...5..!.?#4..Yv.'..6g...l#....8..(.3....j....rw..........I0s......-.........}.~..^7..M.2O;..{Ue...P..V..?....].P..T..0O#..9i.E.EULJ.q....{...K,...c...:&..,C>.Fh...5nX.6m.L..<.....n..#..o..[V......H.P.y7$.0.y-...^..^.Jc.c..K....a..........Ht.122(.@.dY\..M.(.[e.O.......7r..<.......a...E."..F.b......H...iiH.!..ZT.C...."....3L....l..55"...y6(.."l;\..&..g...h.C.Q...g.Gb.<P@...~H.<..EP;q.X`.6h .....!....cQ...p....q.F...)....s....."..J....=......h..q...`..QC...G.$$....%&(...2.8=tFT..E.....$%....h0.2vq.2e.`"Be...C<.f.q99.."ss

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw416.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 912745 bytes, 1 file, at 0x2c +A "cnw416.dll", number 1, 142 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	912745
Entropy (8bit):	7.999200392005019
Encrypted:	true
SSDEEP:	12288:6MzjzkI2lmqHsUjerq5rDrq6ZDo60Pk/x7JDcLHvRhoQHinh4Ow2Mg2CGZjGUz5A:6Mzjb2ljvYOroyUvTXglMg25ZzE4eXeq
MD5:	5B69DC877E42EE1F4F5F4E16BF7D7BC3
SHA1:	84F4B9262A970FF0206F49B62CFF2C5923D008B7
SHA-256:	39BE597F7B81E4552E733AF10A2893DF045AA6B2624BE548858C44A75EAE6E53
SHA-512:	5668717DEE62A0E24DA2DC78E4BAAF8FCBDAEE695F24EE6925F06A22E920E22475F42BB7A4A324B8DB395C1C7E08567870C65CF950D0BE3849F037440DB8CB32
Malicious:	true
Preview:	MSCF....i.......,...................G.........F.......!E2y .cnw416.dll.w3F5\...[...C .....`r.E......o......\|.= ....o.......=,.m#q...m!qJ.E......~.Z.q..R..#.Ud2Cf3...p...L....=g..sN.\|.....]-M..{.I..L,.TN.".5.v.K.....b)..06..p.8.a]..................u..I....H......`..&........sW7.>o.......no..]..[...gP..].P.u...J!.$e"..$@.....,...m..U...$7...N.....Z.t..mr5\......c.G..U..<.j....Z...;..>Y.M..n...k..i.,......Y.:N....._M.1.U...{........~[..I.Uw...M.Y7...._B....d3..rV...V..V.c....^......<.....6.....'.z.AR.}............_.....>.c^.g.Y{gszw..T........Tb&....U+W-o+).KL..l..I.f9.....&..\..-...n..)......;......fHN.......Q.......b.n..Tb..o.N&M...w:...w...Gd;c...o.y...I>-h@.D+[..!4IDe+C.-.p.2X.2.`.5.....J....S..!..I&T..(.Tb5Y.h..m2.J...M.&.M..v:..Y[.&.E.-u...h..%B.;m4C$..j..'........?.....nC. 0y.n.3.....-..#...q#^.xo.$J.O.&.M.w:..w..K...NhI....K...........-'....\Q...pH...v..A.r8.`3....'. .=\D.....hI.+3..W*s.&,BI.l.I-.h.L(......-I....Bz.XG.M.a...O[OJi.=pF

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw419.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 913781 bytes, 1 file, at 0x2c +A "cnw419.dll", number 1, 142 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	913781
Entropy (8bit):	7.999178288678424
Encrypted:	true
SSDEEP:	24576:Tx2ynauKWG3I5ilmnDJfNbjK/6y08IksHKnxdex:TsWau3F5i4fJjK/6dbkNS
MD5:	4D5DE86C90CFCD98BCD9CAD24ACB6B02
SHA1:	D70E7F77F89FBEA656921E2EC27AB328FF5D7B0F
SHA-256:	6481355E7FFA6F4F771377CE5DE53DF179D7124055E7B2C58D0C8F24272642AB
SHA-512:	32C2D90588F9B0F2634C6A2A28218FC37D827663D0B551503F8CAFF056291FA95843FBAD31F384BB2C45D69C9A6867735FCB9A8D28B14C8D6434AA4BDF453E3C
Malicious:	true
Preview:	MSCF....u.......,...................G.........F.......!E2y .cnw419.dll...bj...[...B .....`r.E......o.......v..#..<...:..1../.8.......nB:G.Z..T...o..~~.\|...T.C.."....;8....73}...{f...dou............F9B7m .Z ..........d......!.$I...2.H.xnG.i.z..#q\....L...k..;ni.."......;8>..y...~._...s.v.w.9w..w.'wn..6...HI]...dn..Jf..1.Q."XQ.@..$.L".@R...,...Ge."...j$..g~.:).m..;n]../..W...c.mu...f.P{..'G....FC].O.uM....h.v.4P.]..t...#W..sn.l....XQ5..>.<./c...._h...Z......4k.........y.6.j....;e..bL1........v.Kw.s2........?.9.....]....?....G<g.\|.gCnV...PG.........v.._]..b......Y.HSC9\}..,.1B.rn[J2..'.....u.@Vy..Er..?.[...hc.!..6.)..<.em.......C.~6.J..N.L....!..'o.O.\P..B>.i...QU>=...K.`......VLf.M.9..Yy.'.......(..oc%m..h..D...N.N...D.&.Pt1.-.,..HS. 0I.M(.4.t........M.f-G.........;C4..l.c..'a........c3...c.!d).l2S....6..r.w..e...Y..iS. 0Q.O..6.t.......n3.#.... p..6...I.....[...O....7.......%.<.<B2..z.).I....O\PFB.z.A.....2...Je0B$.X.2.t...,.f.GZ)=.)... ...8..G.F..#.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnw804.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 908215 bytes, 1 file, at 0x2c +A "cnw804.dll", number 1, 140 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	908215
Entropy (8bit):	7.9993760915266
Encrypted:	true
SSDEEP:	12288:tLj3Pc1HvqPNHYk4BHx4xQPiydkZHhqKW/6I8tKtRJKyiW+WCjUUQgGhlu2Dp0z:xj3Pk7Bzha5r18tRvLCj4I2Dpm
MD5:	8363121DFBF204C0FAED459912419BD9
SHA1:	5A547D3B1CBE1ABA5B9723007369C32A3AF0FF25
SHA-256:	DC7464F7944A54282EFA2980971CAA3ECBD25B6068264D125E8012D7FE2D37A1
SHA-512:	966A9E355BD4A1E9DDF1A4274AD3AB6FCBF9655980B60878E60DC68D18D2117FF4CE3F783CD51496FACF7E1820DBBD8C4DCE9603563157469F6FB585DFD400E6
Malicious:	true
Preview:	MSCF............,...................G.........E.......!E1y .cnw804.dll...k.....[...= I1.M.P..D.....w_..R.....o..o...R..nm.s\|...S`...1i.w..>;s38..2...f..0...c....h....)..03.0}....,..3......m.N....m+.&.'..j.DKiQ.6.M...MK...J3.B ..-.dT.7o...2n..I...... '..$..g.\...@.F..f......<.v....W.....w;......sn.i....bU:.Hl.....,.@..TJ..PP).@.F.V. 0.X........GA.U#..G..D..)u..u..V..u..,7=.yx..R.+.F.#.j..l.Z=.M......Vgl.b..m..L..U...K6>-F.e...[..y.E..^O...X5R....E"Nk.c.\|.m.....G0..+P:.)............_......>$..0..?...+V#..v..K........?.....^.k.......}z......Dy"...>sKT_..O.L.8....P..9A..M.;.....DbX.N.@....^..e8'............j.a<v..X.6\|2..6..s...m.4.J..!...qC...r.Z.\|(...3-b...G.t......P..e.D..e......q.._........E $..5.PX.4p&...Mc.........@6..Q.,...."8..I:<.....DZ.....t.j.....#......r..<..x...:\..&..h..iX...Q...w...$v../lX..b.md...d.A.6m.4B.;..C..k.F%....L@.X..1...#.....H...9....7x.ap7o.h..rj.._............1c......LdT.E#,OF".].../0....X..3t!03f.`..f....y..p.ss0.!...

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ac.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 323401 bytes, 1 file, at 0x2c +RA "cnwa15ac.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	323401
Entropy (8bit):	7.999059662233479
Encrypted:	true
SSDEEP:	6144:LUqNtK1P+sRhmxZKN86ucGTeq2LMAyNU8oko2Aul8oPEgVfMbt1o:YEQx+sR4Zs86uc+v2ohoko2xyFgV0bLo
MD5:	084C2B8EDA78DF0AA23978DF5557BD68
SHA1:	C2EFD1DF787792FFD00587E0D96AADD42F173E61
SHA-256:	5A596FFDE52DB7F27139F5D2995EB9802775F8D3FDC6D00D65DB1F76361F0504
SHA-512:	AE5B68CCF5EF00736532E293E6641F1BDDF08796983CC61624935A3B5DFD28EAA38EE41C2E0D75BC5A45EB11F174602AC327A4DA4B964FA5768F83B4E38A5B4F
Malicious:	true
Preview:	MSCF....I.......,...................I.......;)........#E.p!.cnwa15ac.chm..L..`F..[...............,..]...............]..\..\...".(.....s..[..{.VA....#....'.`2N......q.w.....>..e....\1.L.0P.....@.M.\.$...E......c4`S.3.?0n.>.$......V......EI........a.U..F.@.......;.XX........C.o..a..o...E.\|....I......?;i}..R.\|-.......@........ ...$.....a...u../..9..-.)O..??@....9..i.:2......g..9. ).....m(.(..#."G.....N...4...Yp?..j.:r.....]....W.....\..f....._.........$._.=.A.E.H...L.k..~.!.Y..I..P.?.......R.>c...j.-.,....i.._...?....9.........7`.....dw7.V/...?...).18.._.J.+....]./..c.=.(..'......v.................3..ff........4.........59....Q.,.\.]^w.L....(!.... ...9........fSd......W..N................j.E!~..A8.#....+x'H!~..@G.~........4.4.+.?..%[.Z'~/.:..T.Y.....Z.......t..n..1?.\|..c.......2'..5.....=.{....O.X..!.....J.Ag.../. ..t..._...H.V.....aC(Gg.?.._.K!...g.^........B......'..T...i...+.f.............A....7.?....kH.W..._..r.P..[.......Q..?.....P*~..7k.}.......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15af.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 335995 bytes, 1 file, at 0x2c +RA "cnwa15af.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	335995
Entropy (8bit):	7.998987352916105
Encrypted:	true
SSDEEP:	6144:yyib1hSmpJANVAp7ztxrENVM6RXvqTJddLYaqgE9CrCwBhki:ezRkVAJrwNTlvqTJddLYt4Dh
MD5:	DCA19268DA94001789CBA9B0D343B45A
SHA1:	A6CAD14CEB7A713292E59C3C0FF3DC62F511D90C
SHA-256:	5A49457C24354D80C05A9A78BCAFABF9259F1B3A1DA4C772D39EF47BCD0F5972
SHA-512:	C84A7DC2FE3A50DED308A597F2A4E9CC3CFB1E280F6211D142F0F00ECAEB8C29EBF6A96D8E76597D8C7A2BEC6296B5258F806EBFE1290290738668C621F21AA3
Malicious:	true
Preview:	MSCF....{ ......,...................I........Y........#E.n!.cnwa15af.chm...k.^F..[.......................................".E$`V.......e.w3...m.6......'..).....'a`;;'...........1@.b,.........l......?..(........[ }..."t...0.\|.&coR..(.....{a....7{.tA..?}.^...s.g'.H...?..........._.d.k......W...l................. )..{.....O4k.H.-..ob...R.<S...R....."D...B......._............b....J.....?..hX?........,z..\|..MRGNQA..'..Q..PS.J..B.6.Sh../..J^.1._.......W5;....,(.....-..}..\|.tZ..OH........Ic.1._.j.-.,....i.._...?....s.k..s....0 ....,..n.._..............}.BI.!. .....<:.H........+.#..?..........SC.B.f..f<.....'.@./e_...A........R.0/./.q[......[.....N./......X....c.+...?g.......}.......`..b...?....d...i.....~......o.......b...s.@.?A`..!.'./...T..24.....t.?....%.8?.\|..e......35,v..t.....K.._CU.R...o.2.K(........>...."S.3.&...H.x#...B...C../E.z.C..?A................].tO.?...N.sa......2......;.l...o....U4...L.k....9.$...H.......?......:...._.?~.3.u.....-

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ag.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 337315 bytes, 1 file, at 0x2c +RA "cnwa15ag.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	337315
Entropy (8bit):	7.998921237943281
Encrypted:	true
SSDEEP:	6144:CvXGKl0MPibrPLOESIemdcwP57F+IuBOzG+RzcipVRH1KtJXc3xM:9Kl0MaHPjPemdcI4YzG+KkVqJEm
MD5:	FDF87ADE4BCD2152BCB1807FE5833DE5
SHA1:	C7921E6BD1CB008C205FEF2115D513324C607CF8
SHA-256:	C98EBA7CCC187964C3191DB1A9A49A4A3B41D8258ECDFAAF9E4DA2A268989F73
SHA-512:	458C7FD1106B9CA4A476088038A90638D21E278BF9EC7C26672ECFF19C37304ECDC1BC51AF910F53309A5268B7C77DE57314EE9B287D26C215B4E84B33B3255A
Malicious:	true
Preview:	MSCF.....%......,...................I........^........#E+o!.cnwa15ag.chm....9XF..[..... ...........w...............rw.wwww.w.."........}....!.........(.0l.................C..... ...3.g.S%..X @F..W."..h.......z.p.."..\|3..}....(J`..../.....?...@0......#.HX.....(..._._....._..}..............;.>........a..?.H.../i.o._.bm.xf%.....\|..>._./.tT.o.l.....1..oq..i.:2........tr.@Rl.._..E)AI1.G.........U.....C.N.....S....#.Yt.w....S....:'0..JO....b.f....U.....?..%..#"8.%....5.E%z....F.@M.H.3....0.......~.......u+....C................?.2..K..{c......@.oRccm.0..-O....!.0..T...?Q....m....?...............3.R....4K.....[2.Dw........U....?.).......Y....I....?.........V....?..._....s...H.._..?.. `...^..).92..2...B."3.+.... 1......<.o........B.c.?..n.J.1....?..q.j.....A.@..'...?...../C....[.s.3...:...!.....J!.......M.._./..l...W....H.%?...aET%.._.1@,.i...2..........mV..p..2[.?..@....?........\.o.g....y~........3dT0.c?M...(.I.......$........._Q:.......g...W.a........_

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ai.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 335675 bytes, 1 file, at 0x2c +RA "cnwa15ai.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	335675
Entropy (8bit):	7.998808670662929
Encrypted:	true
SSDEEP:	6144:p/sIHBe925ji0p5tHmSEJVfMv7B3HBj+i07b5OyY7txQ//eLuqbY+owZm0bdiK:VsIHBeMwJnnUd398dGtxi3+owZEK
MD5:	9132E1520E305F3249B82A086D890B1F
SHA1:	17E4DB9061933736BEE0EB077E8771094139742A
SHA-256:	7B282149B428EA202B8E4BF44E36BBCE0A4265F0500E0E58F13EC194A96CF16B
SHA-512:	19039F7B50ABF6D5A0012A42CA3978061A958B34176EB100ECB40398B8E8752D5CC8B6DDD5451836B9BC79680069E5E75C7BE8424D8587EECAB9A0552E5801FB
Malicious:	true
Preview:	MSCF....;.......,...................I........X........#E.o!.cnwa15ai.chm.#L..NF..[.....0.................].................$ .j.............y..EK..z..E.).j;j7..]..w~W.{....[FT...".....3J..yV53)!..+ .....2.0.."......"..yW.;.T.M..$#...i..{.`....". ..=i^2.f...q'.H.y...q.Y......S..0...o........'..I...O.....C.......?......O.K.G4-...j..k..2...LOKG.H........../.I#WDDH.Q.~"...J._h......))........%.N.....LE.....?....P..w.l.,...E.....2m.).....Q.b.^........_......Y...?.\|.7u ............L...!._e..d.....u..4F.....^O.=.....................Z.o...J..n.l/.....+.N.'....9...........%..8.g.rf..............33.0.....O,....)....^..........CL......Ow.H....b...3.<..2-...........A....w..8.0..._.XiP...Lp....1...g...<..~...#i.O.5..(...../t.....G.....x..i......1....3z5..aj.c#.._FAG.~.......{...3..O....g.f.._.8b...6.UZ..?.....b..........Q<~.O...$.<./.3../.n.@f...h?h..G?f.............'^.L./...........w.&.q..?....I........@O....6..p.............UX.._.....#b........p.O....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15aj.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 344943 bytes, 1 file, at 0x2c +RA "cnwa15aj.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	344943
Entropy (8bit):	7.99896393660871
Encrypted:	true
SSDEEP:	6144:L17QCUdmAcH5gvmpGLsGKjTbxt8GtncjImhZELYMlq/lQ1vwysXLDes6MGND:Z73AC5SUGLsGKDnBlq/K1jsXv6MGd
MD5:	118EA60F6B536AE5782F82BB92E5E5B2
SHA1:	6C09955A8B7C97053D1493E34F151F89D811541F
SHA-256:	883B065009771B869BA2977CEB057CA4EFBEF8962864C24DCECF4EBE1E5BFB26
SHA-512:	701ECDFC772CE35302885C91A4BD85D8B6F458A3C534793668B63C226D75D1928EED7FDF8A38E69A79997C6BB057CEDE1C26BE6FC8F7907E1CA7C16FA1EDEEBC
Malicious:	true
Preview:	MSCF....oC......,...................I........}........#EIm!.cnwa15aj.chm....5JF..[............... .................].......p..............wo..I{..6..DC.....-#.>.."...{....MQ.....(p...!.$..8.B....X .."....@.....Q...7..8x.._.s...T..J........e...?.....k......R..L....Mp..s..........?....]........w.^.........l..? ........K....?.,....?Xi./...K.%.-9)...?c ...[.\|.....Y....@..m.o)I. ..m.r.RQGPEL.Q.OJ..&E]._...Xl ..A.5I.9...@.b....W.....u...........B......_...U...~.g..$.vD.7.df..R.p..0....P.?....)...b..OU..>....L._I........Z.sskcs......K...N,m...?...@.nRbb.....M.P../.......+...........................3._V.. .....Wd..2-..KYK.\..W......R./7....Y...}.e.L............&U$.._...g...$b......A...P...$u..~....i..~...3....c......_e.E.......-...O._...9......Cg..%......Y..?..c\|..4%_le.P.a.N.......e..~...I.C..o..Xb..]?./....\|.../C_...s..ka.<.g..N.P.....P...X.X.~.....f..4."-..g`$.. e....S....f.._<$..z:./Pg......Zc.4\O...UB.~.O...t..3It.?..kt..b.E.m.z..g..*...OP......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ao.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 335721 bytes, 1 file, at 0x2c +RA "cnwa15ao.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	335721
Entropy (8bit):	7.99859875630728
Encrypted:	true
SSDEEP:	6144:73HV2OjtBQ1Fb6wmDrHxnSiShRd64pDHonbAme5OGr6a7ZSZUB/X6kGY:bHVDjXcb34bNTSDvDHmE5OGW/ZUMkGY
MD5:	ED5D7BBEA4F30CE7C93671CA66CDE5D1
SHA1:	6C4C0A4F3481B30ACB8D883BB7D6833811E7ED86
SHA-256:	64DC3E5D6A27CC1D54E96905B6FA804EBFCDDC4E2AABBAE6E29FC8247A86EA08
SHA-512:	D615FC5D5EC077E5FC80801D5B8E7C13D15DB104A3418A8F9CBD16D458D155F81270453A804FAEBDBBED14A2580D62AD3D4CD93A4B567F5C743F527151B56E20
Malicious:	true
Preview:	MSCF....i.......,...................I........X........#Eeq!.cnwa15ao.chm...M.`F..[.....p................................v.....4..4..0.r?.....n...._.w.>.#!..,.K^yO.f.y...`G"..6X.....B,`.%. .0.... ..."..@X.......`.`.q}.....v...D.....$..)."...Y.........<..!...P#..8=.C....#W......cw6........p........I/..O.....C.....,.?......;Al.?.. Z..A.i./.O.2O.FLGK......c....vD\..........=.........m)..)&.).G...v......"..`.@..!.9M!=K.M.N./......_..G.M1.........X...[E..9..[..n.,..,...!..1.......Nv.....3...........V.@Vrrbn`h..du.Kj..r....i.-......o.....GJ&xdnvcqV.[....t.7OF..f.K..............E........f=4..3.....lA...I&......@.R2.@.....j......s1.;_c.....e.....v..[.....t.....y..K....o......1.....<.~..@...Et...c.?....2.c.....f..[..$f...e:. &.._.a.nx2_.....f.^.~0.Y... i...,....5v;fi...qF~<j.j?.~..2..0=....$D%Jg...c...*.15....oQ7.........?L_..B...31q...C~.8f..?3..<f.._..2..e.f4.ay.............\....?......Y....Cf..Y...az0..YF........2.........z.a%...in.."5.......~%0.5....O.l.)\?..7....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ap.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 313797 bytes, 1 file, at 0x2c +RA "cnwa15ap.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	313797
Entropy (8bit):	7.998885990067384
Encrypted:	true
SSDEEP:	6144:PJbFpO5Zl6OFr0pivioZdwxp9rG9urPJgOqvvl30rT:JFalXgxoYxfr0u1lH/
MD5:	9E83A7BA81E69C1EF84682AD701CFFDE
SHA1:	92C67EC4D25FA0D6956F10B2AF21D3C0BD5613A6
SHA-256:	B7A8A9AEB54CF4A1CCEF43C44DF6385A19C210134844C7420DF1C559C98F6D8D
SHA-512:	BC524A7CF5F50DA4AD188E72C542FCE20389AE3CEB7B2DC058B58DB90628B3C34B899BC94F764359089C7DB5B4AB32884773522301666D84253E79AA57E642F2
Malicious:	true
Preview:	MSCF............,...................I.......r.........#E.n!.cnwa15ap.chm.Kyp.dF..[...................w.wwrw.................D..F...............sC... 2.ah.<...f;..w%..b....j..._....T..."...o.Dt..."......."..h......z.....+.]A..S.4y...1=A...........X..".......#.@`..... ..._._......NP..-?.....7..........+.K.......`.........'.u......J...1(......>Q.h..b....T..B..U.P..S{_..................d.D..<.O.S.....$.GL......i......oQT..S...?\.\..O.E....'f0C.........?.nW...aY...3..JW+^.5....C.g...?.?.I......Ojj.g...k....?L.?v...\|...............A...dW..6..*.....07.........S.=......=...........zt8......e:.X.....d\.\|.V..!..bW.-.pf..7..bPG......?..K......._.....?.y.........+....._...E...Uz?.....Y.si_._.;.#.....[...q..7..R..9...2...?../.]..3...~..n......./O@.....~.....@_.................Dw.e?f..o.E.g......8o.......?.....b\. .i..w...UV........m.`.2.....O.3.....e....V....."e..F..Bm-.......Q$.....?r..\.c.......C ......j.a...?...r...u.....................'.......(.......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15ar.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 329311 bytes, 1 file, at 0x2c +RA "cnwa15ar.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	329311
Entropy (8bit):	7.9989391626500375
Encrypted:	true
SSDEEP:	6144:cII+8U3BSRowhtf5B1m+RIN/hU7746TLaprr4hAGDh5faaUlN54wTKDXs:+h6Wo+D1mf8777KxmDG698
MD5:	5D8FC712D842449BE920533E9BED835A
SHA1:	EB41903BB0A34223FF3757222896553F924DD47B
SHA-256:	33F8BA6F11B90FEB4A92E655F48DCC569B11AFDDB53F7E7BB75DE75CB12AFA74
SHA-512:	C1B7E3938840B4DC600E2D2C79C701D285C44760C202E693D69656D5AE91C803B3D34B9BBD93C3A4473C5A157A3E29181EF4A3C57E69E5597AB22F29A92A0D91
Malicious:	true
Preview:	MSCF...._.......,...................I.......a@........#E.r!.cnwa15ar.chm..o.TF..[.....P...............wwwwwwwwwwqw.]......rwD..H.........c..!..NkC........d't...8.".....E.{..R.....D,....~...a.......... ...h........_........V.7.T4L..RGDQ....... ..S..........z.y....bN..D....j........H......?...P..t...T..........?..e../..b......D...a...._.....ZrR.7......o10..:....2....<H..R:.@/..............?..u......`i......$....t.......Mm+A..v....M.../....Xc/......z.j..Qf..YP.i;".#Z:;..g.^h.B-.........?.?..1._.j...-.,...._i..?.\|...Z..ssk.......7...n,....._......8).1..0_i7W(^.........W.....?w.]..p1PN.........~......33.0..r...y....S."<.Z.....:....G..yq.w..g.p......).c..h..........m.e..~._V..H.......B................I.Ha~.B.2....?.l.$......Q.........z_.......".......r.t.`^...z.G....g..?.8p....%...W.?.a..@:.O.4I.y..c6.a...........B..h.O......g..?.....\|C....r.2..._.M..~...+..6.w%..J./........./..s.v0.m.c..G.f@?...G....x.....4..a...~..?..?X./.....]"..4.........O......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15as.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 330539 bytes, 1 file, at 0x2c +RA "cnwa15as.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	330539
Entropy (8bit):	7.9988007810583515
Encrypted:	true
SSDEEP:	6144:X9Q3sn+HyjuK1pjSbbVr4sX+4oeYtqXol5AeqOY7/9mCWX3XeeVFihxslIq:mhyb1C8VA4vA1lRmCWXbiPslIq
MD5:	5C27D6E52F41C6743F554987CEA4F942
SHA1:	986BF7FB7D357AD131F0DB379AFEBF5CF33A11F9
SHA-256:	AB63F11AD9552B6CEC3D0446E50583E7E4C73E15D81AC6A2047A92D264CFDE95
SHA-512:	709D9E6F873C267C442A2A72F5D51BE2362FC18A5E830C0C129D632B97258D872A765BB65CAC89DD74204F5E637391DEA82409721AB84B60AB63564972007ED9
Malicious:	true
Preview:	MSCF....+.......,...................I........D........#EEo!.cnwa15as.chm...4pF..[..............................B.......]....pG5p........k.w..\|_oK,.u.-..)=.;...W........3.~c.....w..{l.M.... .1..N.XD.&U"...................V(.....m.\|'%1MQ..........n.......!...P#..8=.E....#S.........T..0......I..N.....=..T.p..?.....`}..{i....O...H5....b..oT.....&....$..............,."$.)y."o.../D..W...j.I..)`..0.vA...5..TT...q...z.J.... .E.0U93I9..?kSB3..z..g...X.O."...D...nX....dDg..F...^...+H....d.$.....Q..........{.K..*..g[....................A..[2.+{.'.u..b.....Y^..80..W.].O.."...,..).]...K4.....+4..T.4;.....L.....R.......`.2..........k?....?L....J....n....y...L...7..d9.h2..........:~.k.;=..1...~D.=..........O3l.(K./.f(.M..#......J..V.........l.).?._.g2.......o.S._.....i.<..S..3....`_X...~.`/....p..-./.3..ok>...q_......`1. ......4.&..........e.0.(....r...~...N....i.....-5.B.......#.'.w...x......C.....F.....%...m.....LDR......H....!{._a......:.f9.p..k.~[....?.m$..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwa15au.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 313797 bytes, 1 file, at 0x2c +RA "cnwa15au.chm", number 1, 11 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	313797
Entropy (8bit):	7.998885768087126
Encrypted:	true
SSDEEP:	6144:6JbFpO5Zl6OFr0pivioZdwxp9rG9urPJgOqvvl30rT:yFalXgxoYxfr0u1lH/
MD5:	E9B6253228B5980379720A983BF9C19C
SHA1:	B7436E1C7112F253436BAD0D16109BA68E30583D
SHA-256:	EDBEE0CD4B5BCC4F826B0C1373921DAAAD16097BACC5684D12ABD18B1B958685
SHA-512:	2E30F9C5E163E3D44B605B62631F8ED787A501D927771BA30771362CD837695601474045FA579FFB0BE155E10A84655C48C17EA634CC28AC5DFAE768DB94AB69
Malicious:	true
Preview:	MSCF............,...................I.......r.........#E.n!.cnwa15au.chm.Kyp.dF..[...................w.wwrw.................D..F...............sC... 2.ah.<...f;..w%..b....j..._....T..."...o.Dt..."......."..h......z.....+.]A..S.4y...1=A...........X..".......#.@`..... ..._._......NP..-?.....7..........+.K.......`.........'.u......J...1(......>Q.h..b....T..B..U.P..S{_..................d.D..<.O.S.....$.GL......i......oQT..S...?\.\..O.E....'f0C.........?.nW...aY...3..JW+^.5....C.g...?.?.I......Ojj.g...k....?L.?v...\|...............A...dW..6..*.....07.........S.=......=...........zt8......e:.X.....d\.\|.V..!..bW.-.pf..7..bPG......?..K......._.....?.y.........+....._...E...Uz?.....Y.si_._.;.#.....[...q..7..R..9...2...?../.]..3...~..n......./O@.....~.....@_.................Dw.e?f..o.E.g......8o.......?.....b\. .i..w...UV........m.`.2.....O.3.....e....V....."e..F..Bm-.......Q$.....?r..\.c.......C ......j.a...?...r...u.....................'.......(.......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwfcgco.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 360997 bytes, 1 file, at 0x2c +A "cnwfcgco.dll", number 1, 31 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	360997
Entropy (8bit):	7.99900564918932
Encrypted:	true
SSDEEP:	6144:fU96zmW30Pd6VlJ0rWjxBRkTRrXKEg7jjkOPR0OyYywVAQflQ+C4EuWu/:896zb0Vq7o4xB6drXbLARby7wV/dQb45
MD5:	0C1E3724737AA1BD56E658ABD0B52273
SHA1:	E32C789D34A7CB9549A91C240B681A05A78A2FE8
SHA-256:	5F9835143B5D423F528D7ABEA2BE2B92AC5C356C1A73A842FE51D7297D3DE17E
SHA-512:	706F7D0969B29A56A2C0EF4BAB38561455F4D9B9448151DC8B2A0CC9587599505FF1299156CE9E8599038FC25C09E63936284E4D0CBB0337BD03607E1D93492F
Malicious:	true
Preview:	MSCF....%.......,...................I........p........;?;I .cnwfcgco.dll.V^/.N(..[...%.`..."B.5..].{.^.mj....2.t..&....d_\....V.....r.&.Rc.[..#.. .........ZR....\...j.c.e."Dg5....}.......A...y..........M.9..-5...-..].T.3.......w.@.e..\-j.-.Y..oh..mP...4.fQ.(......*...............{...Z.Kl5\..c.XJ....dL..n.....B...$F... @@........!...c..@....@.$....0.l.'..!..4..`v.e..n$\3.."f.F.{...........^&..N.......g.......LiV.&..{y.6.w..].......io.6.........'.....5d^.g}...>..i/..".....n.=...v...e.Au.'\....t.!.B[.dg.kn.&.W207..;........Ik}.....\|....[.....i..c.R.cO....,.he. M.-......{W..l\k......w......k..;..... <..$.j-__[<....IO...^}uP..>..]{p.........bV>.......Y.G.yy..%\|p../...@....K...7......}...pNc..Y....N...,.'.%,Qy'L...P..u..a...i......I.DSJ.TY...P;.y...B......d.@...H.........EWR..5.....M..Kn..0..p.....o.v.:.T...........=.Z...G..n/.BG{..7z...4....._.y...E.(k.6....._o_0-J.......bj...U....A+..8..C...hN,X...r.........M<...W.....m}.A.,j.5..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwfdpkj.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 34551 bytes, 1 file, at 0x2c +A "cnwfdpkj.dll", number 1, 3 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	34551
Entropy (8bit):	7.99407122039516
Encrypted:	true
SSDEEP:	768:H+8jiZAkWRGwwHBldfYxT/v3q6afRBWF7Ukt:H7irWRGwwpYxbfq64RY1Ug
MD5:	58B43DA2B9ADFD291B335B98C89C6AB5
SHA1:	B4FCE314801C3A933FF378A6E910F7777D876E73
SHA-256:	34B2A5414FBE4E7F031510D1B1BB202B11E1C54B9F885F51A5786B9F0AF7D30A
SHA-512:	00E1080A0FE7577CB6A8408D7B937447FB6AE60C629E5304322E42671234A5F6354FB0B899BE5D453AF5F034361756642D72AE762807B1FEF19B74DD1590CDFF
Malicious:	true
Preview:	MSCF............,...................I........z........5B.y .cnwfdpkj.dll.W.X..@..[........"Sp$..n...V..^.T.A...DVL;...z..........-...(..=..7`c..l=~..0..cSe(..7.....G.c .QA.A........?..~z..{.ov..>{.#....-.......V.Z.$...:l..0.R..wH.U...'..'...2...Fuj..A.jHU.eV.8..+........U..@.C{.s....t...U.l.W.B@H..#..#:!...\|....Kt.Y.wC..4v.4.S........2W.p.{.....V.F.X.S).c...'..P..q....S...).m.:'..n%.m..*.J...r./~#.d..:...@..(2qtb....\|..n.t..<..[.....K...n...o.v...F.r..M4$.6.._...Q..N......./...R.L........$...._.fu.k9.#.%..z..'.-\.e.........Qp-a.g..lP.W3..w.c.I.9...+V....Ja2..6.m.m@.O......`....6._.[Q.....]..00P.\|..+X..Tg=Z.!...q..b...A..m..2.;_r....=j.B...Y...h.w........q.....n..n.l..(....'..p..B..o.%..\|...f.......FqlC..j.....g..~7X...........n.oj7N7(.m.........?.jtb.mjL(.2..n.n.o.7..$7\....#..{....X7f7.7..K.5J....m..hm..\|.8o.......Z..$nzJ..$.R.06..koG7N7.7......\|..i.I..7.u.c..~..k..}.0M.JGW4'.?P.r...A/...n..?.To......4o.7.7f..;J}.....0...l.n.........I<5

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwfdpkk.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 34551 bytes, 1 file, at 0x2c +A "cnwfdpkk.dll", number 1, 3 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	34551
Entropy (8bit):	7.99407122039516
Encrypted:	true
SSDEEP:	768:O+8jiZAkWRGwwHBldfYxT/v3q6afRBWF7Ukt:O7irWRGwwpYxbfq64RY1Ug
MD5:	08A6EAA28409CDFCECFA28290798374B
SHA1:	8CEB03328A8192A072F80BE69DCFBB475BD71118
SHA-256:	26647CDFBDAAFA00CD6EB8DFD287044096153A005DE424685A1A804BA6E534A7
SHA-512:	0AFC25A1CC91B7DD8112030A1374659D73BFAF9189CE9C5247EA7737431E155A39B385C4248F0159A675C34591E9B569B3E4DED31813A26AA1E258C1FB91B0B6
Malicious:	true
Preview:	MSCF............,...................I........z........5B.y .cnwfdpkk.dll.W.X..@..[........"Sp$..n...V..^.T.A...DVL;...z..........-...(..=..7`c..l=~..0..cSe(..7.....G.c .QA.A........?..~z..{.ov..>{.#....-.......V.Z.$...:l..0.R..wH.U...'..'...2...Fuj..A.jHU.eV.8..+........U..@.C{.s....t...U.l.W.B@H..#..#:!...\|....Kt.Y.wC..4v.4.S........2W.p.{.....V.F.X.S).c...'..P..q....S...).m.:'..n%.m..*.J...r./~#.d..:...@..(2qtb....\|..n.t..<..[.....K...n...o.v...F.r..M4$.6.._...Q..N......./...R.L........$...._.fu.k9.#.%..z..'.-\.e.........Qp-a.g..lP.W3..w.c.I.9...+V....Ja2..6.m.m@.O......`....6._.[Q.....]..00P.\|..+X..Tg=Z.!...q..b...A..m..2.;_r....=j.B...Y...h.w........q.....n..n.l..(....'..p..B..o.%..\|...f.......FqlC..j.....g..~7X...........n.oj7N7(.m.........?.jtb.mjL(.2..n.n.o.7..$7\....#..{....X7f7.7..K.5J....m..hm..\|.8o.......Z..$nzJ..$.R.06..koG7N7.7......\|..i.I..7.u.c..~..k..}.0M.JGW4'.?P.r...A/...n..?.To......4o.7.7f..;J}.....0...l.n.........I<5

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwilm64.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 6835 bytes, 1 file, at 0x2c +A "cnwilm64.dll", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	6835
Entropy (8bit):	7.969164321837386
Encrypted:	false
SSDEEP:	96:bZZxn1/0Upa3/Nf+ooQ9sppvFMcgPxVMROVmb0WeK9rX/00U0O9OoMZLIrxKIAzE:DT0d3YooispNF3eYykrFwoE8YHwRdxpm
MD5:	D12EB87551C2FCEBDE1633796384452D
SHA1:	AEBD81DF0DD5C2806B8ED9013EE54F12881BE7D9
SHA-256:	52DE0EABD29F8392D3EF1DC38C2D4CC14EEC07271C1B24D25186D8A2B7391456
SHA-512:	A046F8EAA00405239190993902E05DCA7B5C9090E893687F05DAA242DD1A863C17738D5DC4F90424E334D392327F2B25F8064F94F8B34B6B593F1F3ED2607C58
Malicious:	false
Preview:	MSCF............,...................I........B........q3.N .cnwilm64.dll.x..Ab..B[.... . q...S.$".p...o.T.J^......J...K...h...7..tE..._dt.m.~.`\|..3...=3.D..7...p.DL8....A<,.<..`d..f.......;on..l.P..K.ft...I...]B...vv;..R{.R.+...%K...]-Joe.Xh#....A.B$..F.J.N..$.........!".....L&.m..."...."...=0....=....\.O.E..^B~..^\|...M.z....u7..-.......Y8...[4.-.....".^.E.'..b.3poV(<.)..S...z..;........+.}..x.Y9..X...)..F..>.....3..z=U.fN...T...ZP.....c...^.}N.QO.n...n..A.....r.8.r..,...A..'...a.....z...J.]8.g\Sf.....0Wz...7.zr..1.S.4....{.......fqN..z..Km.5.zY.... ...Ut.....].]./..\...us.w..S}....0...9u(..HV3...;.:..U.:Gv.u...1....!..tv`..^.rH.\|..........nTa..w........Z...'...n'uB.}...U;.8+.....X..Xu,..6....p......la.n.iaiq..6.k.....S.V.I.....X.;.U?.E8...=`.2.c1...s..ZE.C...@X.d.....N.#...b..M..3.....1'.......X..s,T..%.PZ..n.YE4../+./../.83.9e.Q...l.F..t..&...d...a....[......cp..@"B .P.9....?8>+!$.8.kkF...".g.L[....U.v.}&....5...._@..Hq.h...*T+....Z.@K.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwiosif.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 39919 bytes, 1 file, at 0x2c +A "cnwiosif.dll", number 1, 3 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	39919
Entropy (8bit):	7.995172655425348
Encrypted:	true
SSDEEP:	768:4tLFBSmldEFKN8H4Zzyjw6fzkbUlCbO/zYadRdsT2oe2peuZ4BIsL:dWdKKTZFYAIyEzVKTVpeuU1L
MD5:	14D87B03C0DD38C9BDC110F9E3EF5D38
SHA1:	2FE2D1A3BCFC4807744572EE01AF7E41F3BC0A8D
SHA-256:	6D79067D7F7805AD5DC70DB0736C3A734F2162CCE8A02B8C62623C3D2D53A1F8
SHA-512:	B09727ADD21C97FEDD394A8B9468444642E9780339A25A36EA3BD4EE747599F14A196162CEB1D8B1BE572B8CEBA395524D0426D3719E9F5A1354505F1AE19ACF
Malicious:	true
Preview:	MSCF...........,...................I........h........T@.R .cnwiosif.dll...ma.8..[......l...d.5..o.......S.,.c4.#6.z...l..o.w.D.N....r......9.w..8p...6Tm.....THgC.Tk@^T.#2pe...................139w..[..&h.%I....md.aBm.u.$R.6.$...M..*C..`UY...P$U.2.#.d....Z..4!. ..CEPT@.......9.2r,]....p.._G.:.....u...}`D.......Tg`T..%.j....g.,...A~.E.W.iS....v...6{.k_...M...^q7..-.7..r...&....M..............9{g{.c....t[.......{.s.Uw....ME......e.`..e..c...P+IMK.O..~mA(...t..""...({...8..~...Y..g.U..../.j]:W..BT-!...q..2...Q../.....`\|..B...s.j.3n..+..v?.J..,..{...l.H.`jt..h.e....qw...nI..]..-..R.#_.5.%Cs.su....5..=...]..).}>m`..c...[..T-xbUJ....B..t.SgD(...3vi.6\|...\|jz.....+.):S8...[..v5...y$.........W`.i.Qy......DS...../.N.i....^.....:...%jG..a.=9...u,..1..+.b..NNf.M.\wIY."....j.\|.#...&.~..4.3...8rO..G-..!...[.....L....O.._..17....wJ.?....cy...w...0m..#+...T2"...H<.E.........s...H.4.,.j.......$.5..A..:..g.l.....'R(..C......%.&..\|..DG..9h...t...........

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwiwebi.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 38279 bytes, 1 file, at 0x2c +A "cnwiwebi.dll", number 1, 3 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	38279
Entropy (8bit):	7.994871343375653
Encrypted:	true
SSDEEP:	768:5ojnBsJuH/G32/g22eVzj66YHjbl7dB4BFu3Su9BjoHo0ixPCbgs0:+jnWeGmI22uzj6lHl7dss3X9BjiHWPCa
MD5:	D094BFAFE746ECD816965ADEDE1593CE
SHA1:	C7EC4EA61BC6B6E50B447748904A5E5AED909EBA
SHA-256:	24FEF3C30B6A26C13A72C63D6E28521FEC52A402E0DDC7958158B05A2AAE0DC4
SHA-512:	55D8FC7BF274C032D3F6634A15BDE89C3772971060185528ED2386B22256EEB654AE65BB5298FAC01901775B9CF2DEA8EA1E40816B0D56B0646291007C6B341F
Malicious:	true
Preview:	MSCF............,...................I........f........MB.q .cnwiwebi.dll...E+BB..[.....`w.."cp$..^.....o.UB..DS0....{..;...D.a...((r.?....66....<`..@.a.S.@.v...w.8........U......>...t...y3.....273&-..NRZ.B...t.d..P-........m..Y.TR....B.h9....w..\8.......#.$.....D3TCT.....Lz[....m.V....h................=..PW..C.@../Y.2...^..4Z......jC..jTv[R........w.....Ev......z.vl.E.1.%1.?.14......S\|......'..M....uK..o.:....M...i..........q.,.0T.jWf.U.g...-...sP.j.Rr.4......%\|./..h.?8Fvb........_..W.h....v...'Y...4.}../...T...zg...9..A...."h.vE...PN;>....7u2..B.l]1...H....q.q}x..eHk..wf..K....3..b.KA$..UI..`jY..p.;{.F:.pZZ...S..^....Kb...m.>s...[.l....E..)..H&........0-Z.l....Nu1P7sQ5.e;.`...........N.....rn../....v....+..m.. .&.....=.s.........tM.g...u.D..u....k..i..uR.;..'cxD...<El."..=....z[...-...M.........\..V,.u/.qV.DA.p.y~q))..}...>K{k<}.c.....W..< B@..<P...K-.&B!+g..f.E...l...l6........./zd{.......E..+.L,W.u=...I.]..:;.F.....?.@8.$a

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwm.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 640923 bytes, 1 file, at 0x2c +A "cnwm.dll", number 1, 54 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	640923
Entropy (8bit):	7.999361611162643
Encrypted:	true
SSDEEP:	12288:iHLz63MoEtfISPyj/LQ1T4FzFR94iaoxO+h/rlYUm3apwCBGDPLwFFz2G:iSMoKGj/LQOM+hN2EwmAasG
MD5:	472EA3B2EAB61D49BCD01983BC8B551B
SHA1:	11366FC4AA704FE9C841BE224050FB2B37C4445B
SHA-256:	67C4CCFD1EBA0EDD64D971CA70FB60D1345AC921BFCF9CB6D511DE6FE6CC0D6C
SHA-512:	EFA860A1212BC6A13C030C66F68E11E470BF2F971D2D95CC715A9F2DE7B80C300F862643FB4C5CB696736808DEB84A1869F06975C52C7358150E2EAA87D73451
Malicious:	true
Preview:	MSCF............,...................E...6.............!E+y .cnwm.dll..K../..[.... ..uM....$1.P...^.....1.....]..]._..W.Wg.N..\|..c..1.A..,..0......o.....ff.......o>~..mw....../.p.].yH.Iw.v[.[{.&k.n7.HEc...Z....H....:..T..`..H.1..Y.pb....' ......Q.A.......<#..#.:..#.N.;....+...B.......@;....o..rxW..\.\|I..5-4....$..l.0l[lQ1[f.......`.T......c?L...+.Z..M......~.Fp...._......g.+...7>E..>.....N,_.......Ja.....+./....?x.7.}..@.B.(...:....a....pU......%..C.........K(....$..>...(Z[..c....u...J.x..TF.B..I....2.7o..6...cBI.f....-.&G.yh.9.$"......_.u.2.k......+8 &j.\|..8s."...M.g....zJ5.x...R^8K...l.s......+;.....lz.....m....j9dLP.B....5......B^..{....^.P.....P........o.@..mv. d.J5...... .B^..u..A@.),W.....A..X..o.8C...8.......J... .anyAy....8t.d..-.cf...P.....\|...5..W............].x6......,.$.`........F..5l..qC...8...6P0.^.)T@......5..nC...]..P.@...+@f...k...;.....A$..+$c.@...n..!..p9....A).T.....j....P!<:..R....=...L.,..x2.p..U.B\@V.\|..7..] o`y

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwmui.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 1036321 bytes, 1 file, at 0x2c +A "cnwmui.dll", number 1, 112 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	1036321
Entropy (8bit):	7.99938918868728
Encrypted:	true
SSDEEP:	24576:tFYxlvCYSEG9N4VBsns0sh3psL5FXga1/nb++EJZT:vYxtCGY6Bsns0UZM5tgD+kZT
MD5:	A46D9319E4487DB257FA7E37AC9FE82E
SHA1:	59F4F0653A96A113450E6BF49CCC268E8EDE7726
SHA-256:	E365C7C547EC87577B0C63401466BBA47FC0889EB3A180B82E54C1F7907229EE
SHA-512:	B9FA02355B4F23D5FF896103BB4FDE1A9EC765FC7EB27B08E07ED489DD319DCC44D84F6642C7F713CA6FE0B49B6D496A20C60286347953E1D66BC46C434DEA1E
Malicious:	true
Preview:	MSCF....!.......,...................G...p.....7.......!E.y .cnwmui.dll...r.\|...[...2 .;uM....%..P.............!.m..l.m..k..m.,.....b...!..!.G..B:.\...........t02BxEp......;..{....C.'L...$...c..../..#.....T...>>.Z:...,.._[...y..d]F0........5..m.....d........!.8.98c.'.Ow.L....{...#.E@@.#..........#.....(.d7..P..sD.(..`I...i.Q.:.j"K.J..>....$...@.2).8...)..f.Y..?.....@pj.6...us.b......Us.p.......e.3.1....k.y......\..,.o%...A.1.1.-=.=..o..........._.{6...]...p.?.P-.{..a..(..&...f\|.%.....\...D?.B.~.....C...(..?.7..w'.?...Olg..}.K...2._.9..........`.4$......86.q...4%X.9...\|....8&....{.>.Ll..>[....;_..$...>}..Vq<..m......L&..&...f..Z[i.b..Y_h.+...9H..........3.....y.O1......\|.Y0.X...Q....\|...D.t....V..._Z.9m..#"........2f..g..8.VZ......f9.:.,hs1.GQ.xf...t...;.....R.A.:.y....Mn.Xp.i.p.....]...EVs`.y.T..\|......C..i.X.l...Z.....M.7.O...)U.x.m...9..gw.`.h?x.At\NB.....c..Z0..H...H".8......g2...h.?Z&..@......Xt...!.e.H8..Q.... .i..r.,:...'...^5.E.c.N

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwp0rsw.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 420171 bytes, 1 file, at 0x2c +A "cnwp0rsw.dll", number 1, 39 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	420171
Entropy (8bit):	7.998817623110585
Encrypted:	true
SSDEEP:	6144:794Fm07VB1OfiJk5/mtP+wJT0xhwaZOG6f/yus2ChbO0QRlqrCcyJ5et6wULu1ko:KF97nS1I2q0RZOGqyus2lqqq3q67IyN
MD5:	F3EFAB378E81AF9ED29DE9FD3FB10E7D
SHA1:	7278EC1309931747364F9A342CE914FFADC295ED
SHA-256:	1FBBD542BCB84D62CA84447C43A51DBD54A52F104DD848FFAFB5EB5867D1F6FB
SHA-512:	D2236D6EC8F1C1F8A69A9EED2FC92462E3589C48CBE1D4D512AB5A14C12774FDF5B6CEBC644845BB217A8BA380FFAC14D6DEB68BFD6F233C6DDD31DBD8433261
Malicious:	true
Preview:	MSCF....Ki......,...................I...'....p........tAb. .cnwp0rsw.dll..k.....[.... KV...P..C".V...o.m..!..Y~.Q..3..Ub..f...m....a.H`@8"...&HT..........j..j.I.UF.x.....].........3...w.....LHm.P...'M@m.:.#}n...=..&..{;.4.b..=.t..:.....M.,]..l?...Y.Ul.............m.[...Y.u.......A...@A_.t....8S..J..c>>.t. ....Xsgw....#.y/....4g.j.P%:.'..d.....8S].......B.q;..G{-.}..6..z......_.....G.\|.Qx...`<...6.=...9..S.'..`....v8......~.v...-o[...\|....}.5..u..-.U.'%.#~.1.P......;YF.N]...UZ1....##..2b..'.....0>....X+...6.w..4..L'..w.2<d=....g......>....J.....[~.U.".KG..H.!.a.....*..x....6+$.~6..9.`&.I.^?.c..'.'.%..IMI.<.e........M......p=.....6.y.oz.}?='BJ.J..`X.......].X.Zg~q..AU..r[Uw1z@'(y@....!..F!B..C.3...x.. d_.}..B..~F.@z...F..L.[:.{\|..<(S...0...dg:9.#..{.x....R..w..7..Y\|.@{..T..1H.V..:.ceOOs...>. .F.V.c.<}..X/m...S...Cq....CGJ}L.........y...T.d..(oH..../7..u......<........oI ..~q......ya...5.p.}........{9.\|Z..\|w..,+...%..[z

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvprev.ex_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 507273 bytes, 1 file, at 0x2c +A "cnwvprev.exe", number 1, 56 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	507273
Entropy (8bit):	7.998583602740771
Encrypted:	true
SSDEEP:	12288:EMykYrFde3AhuZCJDiDBRMqleto2CNG0tEbMVGN2Vc5g4J2p8IxWe:FBquZEDiDTMwlioVU5rgp8Ixj
MD5:	C2FADDCFC1ADB7CCD68AF5A84519AE91
SHA1:	7C898BCD7ACD32FB7F24E7AB558073507386FD21
SHA-256:	0790A2622434A58038C384A5D1EB4CDF5546DA189DC06B9024A02353619DCDE2
SHA-512:	3E0A7930A5F8D74714159E8381D97D9D76FD47EFAB6516473E000D50079E6E81173E8954811108AB60638C2CD5F11DA57C9D324E4C4D53BE4A38C4247821A2BD
Malicious:	true
Preview:	MSCF............,...................I...8...8..........D.. .cnwvprev.exe..S.2.-..[...H.......`5..o.{{..V.{....7j. .#j.^. ....n;......77..qw..........T.ZR........V+..2.........~......;.{y.v.s....9.!...%...%..P$...[m.....U.6K..KT.v.P6...8R.6K1.+LY.TK.Q...\./P..Hm....U....a....{..../.{..mn.2_r.].......K#Y....mTS...m`.B.MB..M.` ....Cx. ..^..H...)?.__"U.8.c`.....u...A`.d.ip9:.\Uj.L#v3....CM.t..."\|/t....d.......?....k..r...F.-[.3...=u......S{jo.o..}...iT.O'i_/[.cu..c..-.]....h9...;j2..x........OB....$1.=AzG..`~P_...... .g,.R..Y..L%X...D.d_vA..hT..<...j@........2..D._~:....y...a..S.A;..q.../...B.."......9.C...n.3}#.O{.1sZ;.vm.....W.5...a.....gSl.Q"K@.d"9.......\...7.pJ.t3.hT..M...<x.3..t.g(>.v.7..l...u...]g...VY.F. ..R.lX..lofd....k..k6.....x......w.E.c.n.a..#...`s...{I/.Qw...yA..C..!.Du&.H.c8..k...Mls&/c.M..3..."..W....L...n..e2..\=VV..h....."[Mza...F..e....lK............36.y.h...w..7.k.L....e+...i<x...t..._.&ZaW.vK...S...`.A....:.i..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr407.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224745 bytes, 1 file, at 0x2c +A "cnwvr407.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224745
Entropy (8bit):	7.994559200820794
Encrypted:	true
SSDEEP:	6144:qgrHbLl/LfWkkmDtcs6i8Sw3QMvryKhT6cie8n:pr7LhzjTYSqT6cF8n
MD5:	1C6562E1005455721AC14823E0B3A07F
SHA1:	410BD1EA0357C3A65B7254E0D787210490B9B6CD
SHA-256:	00CE119BCDD6D83006BD0E1F56CFFD870EE63582EFD782E9A167D8C39C5BA9B8
SHA-512:	FADB5EA8B4FF1D094B585254EC834475425108E6026AD54B170A316FD1975795CEF3D51CC6EBE8494FBEE42AE64048FA4DBA766ECBD8D647A6171934783AF3C2
Malicious:	true
Preview:	MSCF.....m......,...................I...H.....#........D.. .cnwvr407.dll...w.;..[...(..s....`E..o.......{..\..g..s.{.{{...Asr4...j[.O.yQ..ll..m6f.?.Tl.c...B....y.8.R5E.Tf"3.f......?.g.da..w{.v...3s......{.`.7.Rl....B...`.e .%...R.#J.d..OL..P%..L..R..T.b....T@..p@j..........{...w...f._'....ji.....R.&d......Tf.Da..@". q>.."P..0.........g.]d.]#......E..b....._^.R,...i..P..[rG...)...E.=..1Q...{R.K..H.7t..._..PW...R....n)..s..X....n'....z..O/../f.s....).s...Y{....i...x.);.'.A...a.~....).../K.{..RF2%.Cz5.....3..go...m..BMy.W....m....u8..5......t..:..%..2.&.$.4......q......V.N.....~..........!j...E......X...c.\|..\.ZK...B.v.P......WZ....M...%,xQJKR...K..g.....X}7.....O.......w...GA.r...^aU...Q....C..Tz9....\t.....$..7h.@..v-f6fKM^q#K.$>..;...1...X..f..6...._.S.....H*<.T)/..#...O..iD.......cP7yzh,........S.QHL-..f./..)......ofUEd..n5...U......8..[......;v....57..J......d.0.g..P..m.L#..t.....U.q...N..1..;..7..2...n.$z. ..j."I...J.R.;..E.n._.s

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr409.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224413 bytes, 1 file, at 0x2c +A "cnwvr409.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224413
Entropy (8bit):	7.995643534390587
Encrypted:	true
SSDEEP:	3072:keK6ixVvZQ0aX6vKjpfWcpNIfbtlfC9doJgBLG6nhNbrpUlTYmZJ1dhIA9dQ/dbC:kciA6vKjpx/cM9DBLGCzbUX1d+IedC
MD5:	223F7F5E3F78FBC464229411B76CD583
SHA1:	0EB9451F6A6C3698FDB10AB5F0606B140A783951
SHA-256:	070360C0D275B8FD2F310BBB64DC23464C43645422D7F8BF8782C539F2C01FEE
SHA-512:	AE218B9ED4C0D9994DF38CF28166240A8BA2405379A2C74B24E1BAD4989279481399AD67AD4FE11276EA6DB3975DEC0B3BFDF7AFA7185649765A535C771C29B9
Malicious:	true
Preview:	MSCF.....l......,...................I...H.....#........D.. .cnwvr409.dll.Z....;..[...(..c....`E..o....]....K$..8.q......^......M...Z..S.^..\|..66...l.........).Cf.3.xT...d..L........,.Y.....9.......9,...6..M.V.6v.]...l.,d.$....DI.l[..)i.....3....8J..bT..p@j..@..........{...wf._....'j...i..R.&....d..T...af.D". @>..qP.."...0..........`gt:....@D.}S..zn..#yMB]$....g.{U..Fn.-uv.J......J..HU...z]:+1.v.7X.M.....G..L....?Sn.as....eZg0.geZ.}..v.>.3...E.+..'.4..0..y...x.f.4f......A.w.....e%x.P.`.......ga..+u...z..h..w_.:.g..I6o.^.E..p+.q.].j.L...n.....].1.g..i5.-..(..'w.........v.[.Wr.,.............qK...n@..E.......;...^.T..^f5d...YJ..7M.M.%4xqJKS.S...M..h..r.w......C......T......:.)w%{.......[3.P....Eits@.E..h.u]l.aI.j.4....\......V..K./4xL\|{d8}.F.g..4...+._t.-...P.FU........K..gEk...._L5w{i.........S..lm..../..iY......pd]Ed.......S...../..:.4.....u.'brgj......5./..i.a..t..Z.M..A...B...9vG..S.m.:.Ns.nyY..oG..].....u/.P..Wu.KzslFT........v...

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr40a.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224619 bytes, 1 file, at 0x2c +A "cnwvr40a.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224619
Entropy (8bit):	7.994420023156288
Encrypted:	true
SSDEEP:	6144:vVQLZpOjAw/EvWJ/pljaStJg0z4G08BCm8HKr:dqALcv2BBtJT+8Bmqr
MD5:	E804E3C9885B202BDC5187FEE678F623
SHA1:	49410610EC9A458F25F025D43C9DC3D5FB8171BF
SHA-256:	590C9648C9ED493E5F3A55315966ABE914B9B432B0CA580AD7527A0CD0FD1D85
SHA-512:	A952C46BB13118E87EAAA2EE3C3B4BB5D88ED477226C6E86E57DAF5E6E6FCF2D4822192CC3A75A08B8A4B59E225B904F05F341555AC1406559F562D289DF8049
Malicious:	true
Preview:	MSCF....km......,...................I...H.....#........D.. .cnwvr40a.dll...a..;..[...(.@s....`E..o.......{..\....Q.].^...A\.....o.o]=..E-..lc....lQ.......3d.=..H...P]................y{..sv....9......}...o...jjw.&.R...A.JRM(..F...e..:b.../)V.b..(......(.....R$.DDuTV..~....3.27w.?ys.qULS...5..D4$3.L"...3. ...................].._@,;#.26....`..^..f..G....eI...O$...{G..;...N..{....T..#.v.RZ..F.......B...&.......FvK....}.R.v.x=...`R......b..]..`..?9.<?..7.N>..kO...;x...4.....{A.DH9...^..lk.5.+...u.0gz....O{..]h.....;..{..}x.......)./.M.....ec.....I.M(..A..>}.O\.cU...~........p...a\|..2H6.q.Z..}.....v0X............]...............xSK.T..^....4..Y/..q..w.n..\|....x..[.....G..z....c.rU.jX..br7...... .t...\|3.e5.Id.q..n.4Z~....F...\|.6IN/{w8{.c.=_...m.n.W_....;(._...r.T^..SP..G U...n..3f......nt..YS....=.%..Z.'..3.MgO2.+R.%\|.....J......kt.....p.91$.......f'B.k, u.n1.A./......a.Y....YA...F...2.....+...qS.N...twbQ...`?...c...P..D..P=..'.K%..f~w}.i.=}.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr40c.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224653 bytes, 1 file, at 0x2c +A "cnwvr40c.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224653
Entropy (8bit):	7.994897223286202
Encrypted:	true
SSDEEP:	3072:QFQPJTLyKSc1A63tH6vEPN6HuzjiPWkldSXT47WUKuRBdics9NRmJu:QFsQKS8A63tHBPvz/wos7JScs9NUg
MD5:	4ECEFADDE4F0B0B46533E50C0185CE88
SHA1:	0A087D9432C5F0B95050E1690CD2E0A3680E7D14
SHA-256:	EF872AC8DDC3E1017845F40F745ECF75E538AD8BF8F8D513B3CA80AECB6038F0
SHA-512:	E5CBA57B2DFD312CA17F9BB0F6FFDF8622EC1CE893E8E054E3970FEB7FABAF64AD64AEC3C5ED50BF68A477EE0B29F932B9E6FDA165C85E57FB5570C878B80E70
Malicious:	true
Preview:	MSCF.....m......,...................I...H.....#........D.. .cnwvr40c.dll......;..[...(.0b....`E..o.......{..\....Q.].^...A\.....o.o]=..E-..lc....lQ.......3d.=..H...P..............%...s...=9....n{.....d...fK.....M......l...PIE.(..e+R<1.SB..+.1mcK..Sq.aq..R..m....."":+.{?......s...\|......nj..HH"....&..@P.A..._.......~.@...\|..J.... ...u..t..H.}@/.j3..#l..y.J.$j.....BE......Hyn..{..H...E..D..;.J)-Uy#...MFZCF~.mCK}.h.zK...#...?..c.];R.....m.).}z.\|{1...]~.K...R....g...Na....I..<~.........."..../..6.K......O.3..a.........t..+..{..}x.......)./.M.._d.Z1.k..x..(I.M..>A..\}cO..U...~....p..a...2\|6.qHZ....}.;.........\.ZK...B.v.P......WZ....M.M.%,xQJKR...K..g.......=.Z..!\o.j..w...GA.r....aU...M.....C..dz9....\..p....%.^.A.....k2.2[...Y.$...9.......4\|1K-.}..^..}....ERa9.Oy. .AT.{..W%Z.%Z:......Cf...N.......Bdj.7e=..H....{.z;.#+/t..M...........F.N.........V9.....'..ifm?..$g.5/O.i.`.l&..w...S.M.:.Pw.m.Y..sG....).\B.^L....B..*....../...1].....0..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr410.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224633 bytes, 1 file, at 0x2c +A "cnwvr410.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224633
Entropy (8bit):	7.994822061894576
Encrypted:	true
SSDEEP:	6144:olZpE9uP/TVsD+s7DDw1sLls2s7HPAXtx4n8m2ZGGMOhB:oH6kSDzc1sLlsxoMn8mzGnhB
MD5:	20E265DEEB8F7A54097E44D8443EE814
SHA1:	86F0D47ECFF2F06C68296AFBE673C55FBA08B501
SHA-256:	B3CF0E300F8C259B2EEDDF3A2E3D64C5E6B43338630DF01194EB7077EF95EAE7
SHA-512:	5A15DE929AC922A33B44981CEF4A4A9D86205C089894BB5D471B6D8230EDEBD2FABE40CB428714BCDC4F5342D1050E2B04A1C483980199E988F6DC7F9AAB5DB5
Malicious:	true
Preview:	MSCF....ym......,...................I...H.....#........D.. .cnwvr410.dll......;..[...(.@t....`E..o.......{..\....Q.].^...A\.....o.o]=..E-..lc....lQ.......3d.=..H...P..............%...s...=9....n{.....d...fK.....M......l...PI..(..e+R<1.SB..+.1mcK..Sq.iq..R..m....."":+.{?......s...\|......nj..HH"....&..@P.A..._.......~.@...\|..J.... ...u..t..H.}@/.j3..#l..y.J.$j.....BE......Hyn..{..H...E..D..;.J)-Uy#...MFZCF~.mCK}.h.zK...#...?..c.];R.....m.).}z.\|{1...]~.K...R....g...Na....I..<~......U.=.."..../..6.K......O.3..a...........y.7....o....u...5......t.Z..1wk..(I.M..>A..\}cO..U...~....p..a...2\|6.qHZ....}.0.v.X............]............S..x.K^T...4.........wqn.....\|....[x....G......z...w...>T...Y5..m.L...s.@...(..8"..K..t....+e.dfe...,7..I.z..s.....I..h.c.[h.r....A9.......rL...@8......K..qK.u07&v....j.0..),)4.....9o.{..=../Y.....vZUFV_._S..]..../....%...;.j7c..[t...r...p}N.....~&.H..j^.....4.LM..?.X..t..........q...S....B/.$.Z.U=..*Q'^4s.c.....K`

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr411.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224469 bytes, 1 file, at 0x2c +A "cnwvr411.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224469
Entropy (8bit):	7.994764511837537
Encrypted:	true
SSDEEP:	6144:8kgpPQrh2+VwsW+RWB9lnhinUCdTMo8if3mnS:8XpQrhRwsW+QLboJ13mnS
MD5:	0964788B8301892254EE918D62DCFC07
SHA1:	75E997D51314522E4BF9A95A3F6633D2160E5503
SHA-256:	D0DE8DDC5CA27AFF2B854F8A83DD429C494DF8F1B0DC6A08A1AA6CADC675643E
SHA-512:	A95E013143E6F86F84D61A99A8DFA4A26DB8EB40ADDF9DC5C9BC76E8BA7498A28E4C2D538EFC233D85F44CC552BBB4E18534A96107E05F60931CCD13B50489B4
Malicious:	true
Preview:	MSCF.....l......,...................I...H.....#........D.. .cnwvr411.dll.-f...;..[...(..a....`E..o........CrG.w.G=^....^..M..Z.....S\|^..6..6l...........f)3Cx...TY..........?.....M7Y.ys..}.9.s.\|.Y0.l...d]....v.I.Tm.T...h.%....C.lY.(.bJ....b..(......(.....R$.DDuTV..~....3.27w.?ys.qULS...5..D4$3.L"...3. ...................].._@,;#."6...H.}@/.Y3..#j....J.$j.....BM......Iyn..{..I...M..D..;.J.-Uy'...M.Z.M?h.R_.......n.A.Z.,uig...]^..6..O/../f.q...........,..t.i...{.^....7..q..r.1..J..0..Px.v.'..X!.U...L.3....m.........X..{..]x.......)./.M4..O..-1.o....)..(..'w...8.....v._.Uu.....{.......tG..k.F......!pj..lk-..u....AXS.`op..j}~.T......U..5..,8daz.X.....x............N.Z....N=.O...{.C5..US.}[v.T.L...T:..2...\.D{.....W ........$.X.gb....w...>....vhhcr.....9..@.....L..r@...@$.....q;..0K&u.7.v....j)0)..,.4..9...o={..Y../..v.U.VZ.FS_._...]/............6;.j[c...t...r}..p.N..&.X...^..f..4.L...M?.X......t.......q...S......./.$AZ.U...=Q.^*s'S4..K..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr412.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224749 bytes, 1 file, at 0x2c +A "cnwvr412.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224749
Entropy (8bit):	7.992980392451281
Encrypted:	true
SSDEEP:	6144:UlxSzw/fcYbGoNmDWy3ho7ZgAYB8r57souJ:mSzefcYbl8P3ho7ZgAYK1QJ
MD5:	1CD3E198E90417D879C3492D6F3198D2
SHA1:	5452B72B180B634662982B8AA149E89A7072A6BB
SHA-256:	5D2829198F1C6555194C85CCFCEC18040C93CAF68010D80DABBD9F226E1A7F7E
SHA-512:	B2AB42E39948F8B429F72536CBDE01E902C30CC1031BF307CFC6A813F4AF9F6E88F651CC0EC16A07E3A6EF31D86C24DA4FC3CEF58361A6B240D8AE307F586160
Malicious:	true
Preview:	MSCF.....m......,...................I...H.....#........D.. .cnwvr412.dll.Vw#..;..[...(.@c....`E..o....]....K$..8.q.s.{.{{...Asr4...j[.O.yQ..ll..m6f.?.Tl.c...B....y.8.t5...Y......?.....I...w...9.......9-...6..M.T[m...P...AY.I.ET...!...S.,%.I1gzm.K1.cq.iS..Rq.....m..".*".:?+.{....s..\|.......j..nH..H."&...P.A@.._.......~.@...\|......J..... ..xy....@D.}3/.zn..#y.J.$....j.{E..F.-.y.H{.....H..HE....;]:#1.yM.Z.M.(..._..R....?.n.a.....u.g0.ke..6^..3}.Og.q/..+.'.4..0..y..{x.i..f........7..v..".I......u/B.n..`..J..l+.G...g.2...N..6$.W....m........5......tM.(........Y....\..^........M[JX..;.-Z.......W.N?.].t.j.en6....X",..!p.^.h]..[j^./.....+.U............%.R..c.%.W..Bwqn.....u.O....j..w ..GA.n....dE.%.nV....1Ci2..@@.f..a.YqX..m...`...;..%(...%`...M......O:...;.!.....w...k......S1....(j.........m.:.,...^Z..=.p...$.....[[.,.{....ZFdA...k..U.Yj..MmC..o.z...._..5.w..^..E..L..R1.8..EY.M9l!..`.+PiA"...SH1A^g.4..bUk.)n..v../.;....L..b.7b.....z5G..W..D5.i..Q.o..-n.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr416.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224701 bytes, 1 file, at 0x2c +A "cnwvr416.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224701
Entropy (8bit):	7.995094781630282
Encrypted:	true
SSDEEP:	6144:MvrSx4kGJvV3LysQcv2FwNNrRCKm8glwrtagG:MvrZkGZV+sQcOqNNZe7
MD5:	ED48538A2F020E7E2A434FBF738ADF70
SHA1:	1BDE5DBB83099D92FF9D6F56D95E3FF10E8F5421
SHA-256:	B9676C732095DE01AEF2E45F9C225A554D3107C2CEB3606D2FF31292B1A220C4
SHA-512:	355C5799AAF0A238625211F13895CD8C8A569579C8727E87E17663CF55F0360F94EFC56587DEB15BA46E19F63770767F2F2E08BCED127F317DB43B057FBAF141
Malicious:	true
Preview:	MSCF.....m......,...................I...H.....#........D.. .cnwvr416.dll..C.t.;..[...(..c....`E..o....]....K$..8.q.s.{.{{...Asr4...j[.O.yQ..ll..m6f.?.Tl.c...B....y.8.R5E.TW"3.g........,.,...n.....f.wc..o.lp.d)...]v.I.T....m.T...h.%S...N.f).K.>.i[[.T...L..T.......J.."".2.({3....3.s?./.w.~.....f..h"..f...P.A@..]...........: .Cp?Iu.Q....3......_.....k.?D..\|1.W....^.TQe.H7....)...z.....Hu....='e.Io$.;..S.I.%...k@[W....W.-"h;....N...Jk.....i......t.....pwz.Jmz.u...}.6..e..$Mwd..".q..B..(..Rt^..l...^...e...8f..B...L.........\|{..x....)./.M.....s.a[K..MdI:hC/..._...{.-........KU..+....'.C2..C..tn.}.F..Ep..?..:.w.."..x.u...wqR..O&..oai....UB....,=[.u...y..lo...jp...#..S.R?..3..s.l.^+.(!V}.(vog..J.....J.r..5;Pz...o.]...d..Y.-.y..D...,h..^..p........i.n.W_......_...r.D^..SO..G U...m..1f......jt..US....=@%...'Y.3\|Mko2..R.%\.....J.\.j..kt.....p.8/$.......&'B.g.u.j1.A./......YtQ....Y.L..B........+...qS.....tu^1~..`?...b..SP..$..AJ.=:.%.J#n.b~s\|.a.=

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr419.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224991 bytes, 1 file, at 0x2c +A "cnwvr419.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224991
Entropy (8bit):	7.994507903631948
Encrypted:	true
SSDEEP:	6144:r+fL1xPiCdgEzCJ2Bn0ULzY91PFRKVhOjjb:+PiZEzC210UPI1dRm8b
MD5:	988F58A583F8EC4D71AA953C334AE281
SHA1:	2BBB28477BD264D3D0AD2239B3D567E69935FA7D
SHA-256:	ED24A419681BB915FA9B932F40E4546B1CA1C2C89865AFE4CEFCD6E2D2EC2A97
SHA-512:	9499265B8B812F4D8FE1405F8B322588601B243E976720ADBAC7A273DDF4EFBA2D7C4794D5A7A608A2DB4D5BEE8CBB2A8EB210E48373699F4C7AE25A6CDD6B61
Malicious:	true
Preview:	MSCF.....n......,...................I...H.....#........D.. .cnwvr419.dll..d5..;..[...(.pg....`E..o....].....R.9.A.......^......M...Z..S.\...6.ml6...m..1uqu!RX..g...".....3.......\|....yw..s...}.9..sY\|.l0.d....]v.I.T....m.T...h.%.$..OL..P%..--...Q.MQK.TL..H.....Q....Y..3s3..3..{.]..U.kZqU..+..D$Q..."..(..H. ....G.....p?.\|z(..b.....AW.....Dr.6.X..l>..,.J.v.....#;...Q.wvz..od._...K......R......v..TT.6.....7t.....(.\...B.3..../...>.....3.....h...y,..v.kw..{.^.=.S......B.(.b..K...T>.%.?z....L.3.......6..........y_...W......wq..s.5.......<..AH.h.7..._..>..5....;.-\.......VW</.d..w.5..{.>.c.........%.uD..-5o`.A."m..}..r.~.T..T...U...F..Am.....Po..z.Y.....Z+.V\|..Q....o........(.........B...1.#.....g#vYpX..m..M._...3K3%,/..%`..........G....+Y.......w..Tm.>....[!...x.j...#<....-.:.,.......q....4....SK.$I.....JfdA...g[.T.Yi..UmA..n.v....?..3.w..~..E.wU.q[i.S....,...K....(.....?).....]...5N.7..IeAw...../v..p1..-.ZzD.......[...4.N.(...w.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnwvr804.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 224503 bytes, 1 file, at 0x2c +A "cnwvr804.dll", number 1, 72 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	224503
Entropy (8bit):	7.992078485472579
Encrypted:	true
SSDEEP:	6144:WjmCUioiWkFsTFj7plDnFMqt9680l7DATaD3p7j/G/qM:gNvoiOTFjNVKqt9TS2qpXG/j
MD5:	4798139BC9FCF24E66CF3B3B187462D2
SHA1:	73CD8B41D47E1500BF6A843D408E6D6AA75DA9DB
SHA-256:	A5772A38909881B9A4FB7E1ECDC4B24D4A97FB9817CFFFA23BAB58B0210834AC
SHA-512:	1763014FD3C23F20F6CF37ED8453259612776D66F47380C1BD0B6F7316448B1D3DA08C3C67D4E9B8F49E19C0592D04861E33729A4D4CC98ABDE74454CB18338C
Malicious:	true
Preview:	MSCF.....l......,...................I...H.....#........D.. .cnwvr804.dll...`.;..[...(. t....`E..o.......{..\.q...............W.z..8....fm6..F.;....Y.....3"U+.2...0.........K7..9.....f.y7=.f.\|..zo.l....B... .e .%...R.#J.d..OL..P%....J.8.8Ji...4.....".B.+.{......n}.o.9gf.+W..y....H.....$.` .. ...................R.... ....l.?.....^..f..G..:.eI...O$U..\|G..;...N.7\|..w.d..#.v.rZ..Fn........A..:&.......FwK....}.R.v.y=...aRH.....R.]]..`..?7.:?..5ON^..jO...;p...2\....[~..r(^......Nk$W">dZ.>`..?#...`.Jo....>......_8.yF.......q..].K..>..u..o...I.gB3...?....1...E........).?....E....]w....H..E..._%.....-Do..5.`m!....n}}.L......T..5..,8dYj......z......hp.u...~.Q....o........V...X..j....A...3.......k...W%.^.A.....k.[.......Y.$A..................Mw......p.R.........A..=.....g..Q.....c.....Bs.K!M.C.1.k....cuV..K.&.M...F....h/.M........%....\|..59.i]e..V....9....)'m..f$?../g.3.O4.L...;.~.bEi\%n..f..oN;..>lL9.Z.7b....j5W..7..D.x..N..o../m..0

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnww77jm.ci_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 4171289 bytes, 1 file, at 0x2c +A "cnww77jm.cip", number 1, 150 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	4171289
Entropy (8bit):	7.99738783351954
Encrypted:	true
SSDEEP:	98304:+4Jt4a4WRuPu08mwkWXYK5tffWTJvaNmVRnvFZGnjFklrM:+4h1JowkWZtfeTJv/5vFEZt
MD5:	9BD211F50DBA6D46B66DC62B805BC5C7
SHA1:	9302049FEEE297B20C0EF8AAB7FAA6E1823061A4
SHA-256:	5E8A8A81FEA2644D865E223C54583F47392CBB127D9371D244163B4F4F1DC581
SHA-512:	14C0E8B6FAAF38EC6A9A8A13E491CFE24F4584994CC4BE996B7CCCF39A127EF8B486F803969C0E09674F504DFEC54156F04DBCC920CA7ED93AB781036E9964CA
Malicious:	true
Preview:	MSCF......?.....,...................I.........J........DK. .cnww77jm.cip...{0:...[...5 .4q......R.P..%<.P..Z....."-..i.h-......N)...k.ZG..Z.-.\|..P..........+..o.j.;n@$. VX........./...rb...]aP.qC. .($?...C.. Q..e..Me.......:..6...0.B............m..X.@..4%.....k...v.}/..%..@........m@.......;....b...../......~@O......E.....hhH..hI((...}...$.%..?../F....zjB][.#QD....\.....I...U.{...........\|......}_p.?.........-.'._...o.R$...U..LCU.........\|........_aR...I.......x...F=6..^..-W....Wk..{.7....~A.....j.......w.G...........@..j......G.k..Q.......VKZ.].7q.....8...41q..._......n..~..........#.;..7...Y7S]..?._..?.i..7.n&.........\|..M.....a.....=.....[\|......Q.._.._..+N.....'?..dI-_...v..Z..............MJ....(....._.s...o......?~..p~./.V.!.=0.........x..W..........}}_...\...3..s....7.>:.W]..#....D..@........\|..??]....G..N.p..3`......a...........r..F...6...^...r...........r.....1..5bBJ0....F.n.._........8.......@&..b..~X.._..W.hzQ.......?f...Yqcw...wO

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnww77jm.up_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 11721 bytes, 1 file, at 0x2c +A "cnww77jm.upd", number 1, 2 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	11721
Entropy (8bit):	7.97797130872485
Encrypted:	false
SSDEEP:	192:deYUK4xroCrC79Az1k7do+XXYEflfTC166lIUkta2J6oulMJ6MHKSbtAN:dhpunreAJkWaXBfVTC16YetaBoul1ac
MD5:	6EACA5BDD538A350846235F9E3C49CB4
SHA1:	8849322836C6A358E0F0B4D36AAA7D0D4FAE4CA7
SHA-256:	AE7D1F37582CE190883D298F356CD604A12DC4757217D20219159C91E4B4DFDB
SHA-512:	3AC7ED0FC7DB581ADDE3CD48FA769A6F85E3E7FB701EAD0ED90041BEBE9977C917087C06405ED3289EAAE1AB808BB182D7B680644197769FDA06D0FBF2900645
Malicious:	false
Preview:	MSCF.....-......,...................I.................!E3y .cnww77jm.upd..p..."..[..........c`5..O......k...v..T......$m.^nvmo..L.{...R..XH.}.^.N.N...B"..H.'HH ....`f..F....^..:.;}_.K.$...:.i=.P..c..;^w.l.I).%I6.m.n.G..m...aD.`...Y....H.4rUzz.I...I#Y,.....h......{..../.Ye..hD.. R..#.(...'@h..'.......s.Fj..b..i..L".O.,....[.}M...........)K...&@^.2.3.....K.P.g~.q>SG.9.h.5.........e......[..J.g....g.n.Zg4..V..]..>.<:;..V..U...i..}....a.....s8W.g.sc..c.].upzt\BC+...P+.=2.....EC^)@..-...~...H...jg.;...u...(...s`...V<.....+.M=.Z.nv[.(E........[`ed..........9;....N.,.,#.".....=.........l...l..#....}VB....b.z.F...T..nq$.9..b.jb..Q$D.4<.Q9.l.UnJ....!".vm#e.........X....t..~..n.~..P;XxRX...l...rS.0..\|a.<7d.13\|.!m2...g..WW...W..{2.....i.w`.[..n.P.A...L....f..-0...+.k..ZU+...e..x..C.....F@.V.WL....-.m....5..:).{R.v...[.\|.!.nu.;...8..M...R....3x..69WN...4../Y.k...B-......\...&..w..)rF....=s..{..=.......e..3E.'5.p!C./...7.d..*...... ..........

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnww77jm.xp_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 2177 bytes, 1 file, at 0x2c +A "cnww77jm.xpd", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	2177
Entropy (8bit):	7.8576511698680065
Encrypted:	false
SSDEEP:	48:a0AkirwluAwlzNU0zD6ZR8GZYexEgCxWtwOUal:LkrwsNjRmEGZY9RAqOZl
MD5:	290C8B0054B409543266D2E2B5FD6C98
SHA1:	04154D746D4C797D32AFCB37D78CB081886B0DD6
SHA-256:	8A56ED4681186B66646189B5565E8BB629E9846E8A6B19D61ACEC4B5A146B897
SHA-512:	4240714D08E4FABF870A5431B25443174FA212A2E3647FB3E746592C583AC656D26C429E36221CF1D3665FD54236B4379E0CDEA9232242AE2837388FD0BAA0F1
Malicious:	false
Preview:	MSCF............,...................I........B........!E3y .cnww77jm.xpd....M0..B[........C..4.`^V.k/..D.U.R....{.r.....mm._.XW...2!N`.......W.`?..........+3...:..~..j.K.H...P....%....Ul.%s...,....t.@.$.84.8..b-1...xl.... ....@.....fj.....r..^.@...F...h......a........3q......~o.5-9}..\|T^c..._..{..y.<.f...m.zc..~\......>c...=O..A.c.....g..2...r...o...{`r.{.......?..~.=.y.[>.A..\_..xv..Z.....7...0.C......>....y..{...9-3q..v..R^;.WJ;....11111111111111111111.3m./...op.k.^....0.?.....n...y..0...y...3.....'..Y....y.?.j....}.`~.}.P.}}......}..........(.c../N.W3=...iw~.`......l....n.....q..[.6,:7..j.e)..7..;...A.ln.Cj.~.Yn.Y....._.w.......7o.<...h.}_...M.u....+>0...X....3....b..^D.........x....v.....u.0....sx.".`...-....._.N.x.2.6p...7..!...L..p.....a.11x.2W6K..N.;.ke7.k.$..o./....p..J...AB....rC..D........G..v.AtE....G....T..;..."...;..v..... .o<.rJ...b..Ey..p...h.,.l..).....~yT.T.}..'....H.....2.....@.>.d....:.....'_QI....X..T.....,\|

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnww77km.up_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 11721 bytes, 1 file, at 0x2c +A "cnww77km.upd", number 1, 2 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	11721
Entropy (8bit):	7.977997787273408
Encrypted:	false
SSDEEP:	192:yeYUK4xroCrC79Az1k7do+XXYEflfTC166lIUkta2J6oulMJ6MHKSbtAN:yhpunreAJkWaXBfVTC16YetaBoul1ac
MD5:	BBA618ECD81F80819ECFA1ED66BB81B8
SHA1:	DB30E796554C21288769F258F22EE9AC9DFAE223
SHA-256:	C5A612C49C3FA6A9BFF00BF95548A5C74266477AAA33DB3244FB4EF1E2683BD7
SHA-512:	3C01951A19D18B69D14FB593AD2DF980DCACAFF916BAB9C19F236806C03179AD8A703BBC9F83660401B48CFE9181C671A76A4B4D861B4323486871CD07C619FF
Malicious:	false
Preview:	MSCF.....-......,...................I.................!E3y .cnww77km.upd..p..."..[..........c`5..O......k...v..T......$m.^nvmo..L.{...R..XH.}.^.N.N...B"..H.'HH ....`f..F....^..:.;}_.K.$...:.i=.P..c..;^w.l.I).%I6.m.n.G..m...aD.`...Y....H.4rUzz.I...I#Y,.....h......{..../.Ye..hD.. R..#.(...'@h..'.......s.Fj..b..i..L".O.,....[.}M...........)K...&@^.2.3.....K.P.g~.q>SG.9.h.5.........e......[..J.g....g.n.Zg4..V..]..>.<:;..V..U...i..}....a.....s8W.g.sc..c.].upzt\BC+...P+.=2.....EC^)@..-...~...H...jg.;...u...(...s`...V<.....+.M=.Z.nv[.(E........[`ed..........9;....N.,.,#.".....=.........l...l..#....}VB....b.z.F...T..nq$.9..b.jb..Q$D.4<.Q9.l.UnJ....!".vm#e.........X....t..~..n.~..P;XxRX...l...rS.0..\|a.<7d.13\|.!m2...g..WW...W..{2.....i.w`.[..n.P.A...L....f..-0...+.k..ZU+...e..x..C.....F@.V.WL....-.m....5..:).{R.v...[.\|.!.nu.;...8..M...R....3x..69WN...4../Y.k...B-......\...&..w..)rF....=s..{..=.......e..3E.'5.p!C./...7.d..*...... ..........

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnww77km.xp_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 2177 bytes, 1 file, at 0x2c +A "cnww77km.xpd", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	2177
Entropy (8bit):	7.881117589987384
Encrypted:	false
SSDEEP:	48:pV4mrdvIUxJt8RJNungmnjw0D8IPqgTBy/i09cPZoRjr:pV4mSyj8R7uguJD8lgTYr2ZO
MD5:	4E07CF0509BD61744845745CA95546E2
SHA1:	EC2C7BBA155E7AC9CF235F924F24020057FCC84C
SHA-256:	3923A4295E622132B997DF7B4C7419C9A1AB9F2A1EE91BA46446B79218F47E40
SHA-512:	B723EF670FB9840E544D9F27A7CC68F7C0864E5A946AE95B990A920B5AF3B15D624505BC790B41DA22BDE92845F0E56981E611522FDD9A79C9C1BEB3222A952F
Malicious:	false
Preview:	MSCF............,...................I........B........!E3y .cnww77km.xpd.i...0..B[........C.tD.pMV...Wu.U.R..w...bw..e...n...\}$c.d..A..<..@._.B.....$...f.........vOq.t..k".#....wzq..Kk....(..P@XB.{.O{..N...C.@.P..8...q.."...............L...%.aB...K...a;.H\|1..m......l..;!z.C.=&j..0!. ....%.......v./.E...1L......4.i.zc..^\.....}.^....sc$N{.5#k......V;..^..c.s..............\|....#.tv.....K}......_.7~..<.o.c.....=L.OhE....l.\|#-..W..i.2I.1....&.i..6mM...im.6.Mi......5_....~.\....x7..............5/o.....O............]c....z.{.e.m._.....9..Hi...8v..C..A..>.n.{3...........u..wax.........]m.,.v..Qa.......k.H.os..s...=...y........w......}..... -.........x...19..L.&T*.@...i.....?...wva.+..._.._.O...._..B^..D...../#a7.....+.q..."'.cu.p..C.Q....Y.....).+.?K.fY..#N=y..^..C$kTJE..."....SJ.w..e.' .g <.p.....+R.h<...`hr<.......t.E....h]...X+..U......K.o..9p.T-((.....@tb.J..]m.yRqR^..tZI.."..<.3.X"E.........8..v$.XEa.{.'.^y.Qa$.;t..q

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnxp0log.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 801 bytes, 1 file, at 0x2c +A "cnxp0log.dll", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	801
Entropy (8bit):	7.4949502381644075
Encrypted:	false
SSDEEP:	24:wvuCqv5xQecaBo56BZBykF0YQV+b2GNm6p4C:+unAD2s63c3eJPpj
MD5:	1372239623819D8F8F6A4B914B417563
SHA1:	E2CF1759CBE4092316D1125CBD8C0AAB1F3BC418
SHA-256:	B7833F24F452C2235F23C536D86A929A1BA3A9DE95CCD050A3F73BAB969654B1
SHA-512:	1719A608D125388E599E4E629E06514DDE1D2AEEB6E904FAB3C81C18113F4115C46E02E09B58DD294AF56D4962533490075552122E3B12211469DD09FD107A6F
Malicious:	false
Preview:	MSCF....!.......,...................I.................A/.X .cnxp0log.dll..J.u....[.... ..UU.R..#..P@...Q^.< ."O......j.tI...e.$v.V...l.xFP ...@.x...Ay...GA^.A....@...;...j..u...k(jc....P.f[c.h..f..n{...............`...-..yx..&.T...L./I.....pv.,xv.A%.].a....!......kZ&.X.bS...x......yFi,...X..V.L...../..j...T.kv.yj..6f.u.1..~..Imw...\|^.U..f...P.....,.....x..&....}........1l_..;.!L.}>...N...Bh.....u.$......{..V.....P..v....&.?s..61..^K.rv....C....d3.L."U....N.....g.x.b.B-L.0..[!..6...S.....M.rf.pj...`&8. ......D.8.].zG.0._\..V.e.S.....vd.9u.4Zn.y.W.k....j[.q..f%K[..X.3...>...B_..j#ltL.b..... ....e:....M.F=e6....).................1....AK......y.h..bO.....A..8{h.+.....&.uQ"."..hx..`5..j..N..L..p..6..0..s$......u...d.A..8...G...../..^.3.K...^C.XI...k..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cnzsrgbc.ic_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 4521 bytes, 1 file, at 0x2c +A "cnzsrgbc.icc", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	4521
Entropy (8bit):	7.940636569659662
Encrypted:	false
SSDEEP:	96:KX78ss3y9jpgH47zUSh/2cSk76T6OXbDneTwIe6C8xFVIX/x:KL8ss3EC4/pp2cr/OrDn2U8HVYx
MD5:	4D16508F38B0F855E613752B3EDE9321
SHA1:	21B4225BA0B599DCEADD0344F90D163049C175E1
SHA-256:	12FA79752C1BD0AEE11F8615E9516AE469D94850CED7F30DB93D98CAAE54CF28
SHA-512:	7CA7A1926CE3FD412BB1B08F6AF951A31CEBBAE7B2F2FF130BF6552875EA0B2403AD4B1E989D33A875186B06DE475AFD6CABEAF31574B5468273B88D5491F69C
Malicious:	false
Preview:	MSCF............,...................I........%........i6.. .cnzsrgbc.icc.1...X..%[......\..!.P4.._..{....l.0.l.......m.v..n......ws.n............B..".(HSR.$J... B.`5..p.....y...T...7@.....RE.X..w.x.R....I=....4Mz...HLc...r....C........+.~.....+.....EL.+...^..u.......8y.F...\|....d.,2}*...).@.P.D.\....F#. .".........._. .<.).!O.v..`..1..."e...p6.~.3......o2.s.S....J`...Y8..~..1..~.B&.r.&._...I..@G..8.$.$..)..%...\.0...Oo..LZ...ROJ.o..yI.r....S.L...c6<.9.?...4C..B.tTa\|.KDI..{.CH....6...H..q8@..B.V.\|..B...t......L....T.1. -.K.n.../.Q...(....: 2@e.....<....5`j.........-0.`S...p..G.TM...0..5.c.JW.c......7.nA........ .X=.:.{@{.v....2.m.R.W!4.`?.>......"...,.9P.....I..`..L.I......e......S.`A..J.D..-.-.-.-..L/......... .`3Aa...x..4 eh.a.....0...a.....A.a..C....P<.xA.A.a.!.a...........n.WCT....K........gDi.kD..71;.V1...-..b]1..X.,....n....1.c...c.1.....x.<p......%qIb0.Q...m........d.djdtdy.>db......L.&..de.e...eLe...z.\&,........5.y7s.8f.3.Lv..3;]=.-.s..=.....3.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10dw1.ex_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 367883 bytes, 1 file, at 0x2c +A "cpc10dw1.exe", number 1, 31 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	367883
Entropy (8bit):	7.999053707556759
Encrypted:	true
SSDEEP:	6144:XZ+5GkIsHgxEhtY5wnIFgWTWfxNr/cPz+Jm5PJXTLSrFt2Qr8cE5vaSdONL:Xm9xgMw6zKz+I5PJXnORr05p8NL
MD5:	6E57CDA745EB5248E3BE9CE34AD50A61
SHA1:	3F342FA80C8B039981BA9535E76B67BF0C3C2D96
SHA-256:	F8254F9CE4160575DFA40EDB4BA19A00E38788D75F205A4BC19196CAC25F0687
SHA-512:	70F4E02F0EC86750BFE6CDEDBF7BFFF652D4286F51F621FB97F4EF005DB705783D03C0C7950BA2D092DF0E1A74D1E1B0642F23DACAD38D5F83569085AF974AC3
Malicious:	true
Preview:	MSCF............,...................I.......8j.........C.( .cpc10dw1.exe..A[..=..[...8.@..."R`4..m....w.+S.....di..].CW..f.w.r$.....r...K=.s"..._@x/......".jV.Z.RX...k.wL..............V.....o...<....13f&.y}.-.n.R....,...h.&Q.]...KQOwK..j1ei.Y.)N1m...b....a......G1-.F.....1"0.......=.9.o..[..5.Y...uyy.UU........ .d@Dj$.AX.....A(..B...#...Q..=..1.?).o...@.m..A...."Z'..V.L.9.eIWs..eNT..=F{.T6...n...._\|...\|........O..f.Q.'~.../f..[...Wg......QG7u..l..p.P.......9.......;....8....~...mY.Z.Y...n....-......x..}UhO....p....e,.j.W..6..Yh...Y._.A..h.7..i....G.g.....D...<...3....p....q...'\[Y7.U"....H.KJ.%..R.N.K.S.>.sbF.R.wt.+2.......g.@Dd:.{..(.4....a.........NI....#...e.o..{,.j..{{NYT...o......2......Jv.[.-Q...#n.VMX...&PDH.O...H.O...A6..q..o.V.?.h'.. z...]...9..."ym.^........ij~...."..[...rH....kW..2..?......h...i..#....d...`.kb.j.x..S.]...AI......_=.&.L}...`...8....PP...G7..".,...-...6........7..(.V.....l8......I...nO.nw6.7.UWw...K..N.\|L....{

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10ew1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 342443 bytes, 1 file, at 0x2c +A "cpc10ew1.dll", number 1, 38 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	342443
Entropy (8bit):	7.999097165786661
Encrypted:	true
SSDEEP:	6144:Z6NvODZiSbGEQvAMPs9NGaByTYlC8o7ILWxDRuhltSfgmntHKketHRXHHh:0NojsAMPs2lTYKxDatKHKf3h
MD5:	0DC0A7289EC8847FFA38C333DD20369B
SHA1:	406BF55050D99E0DC8383D3613FFA00094745FF9
SHA-256:	CA26FCA41A293AED57E659505A6FEB48F26AB73BD544DAE1878D20889D3BBACD
SHA-512:	699A666A2E23FC9E212CD06EBAA5009471617EA2F5342DA7ACC35EBA0FD87234F69FA9CBC1841FCACD08F3A38207DD8E80EFAEA6FBDB75CB264822563D3419AB
Malicious:	true
Preview:	MSCF.....9......,...................I...&..............C.( .cpc10ew1.dll....!.,..[...I.0.....`5..o.....{......CC1.n...c,{.P...M.=..,j..#w~...uw....$...i...N._.l..d.VV"Cp6.p.........).....}....9f.9.T..7Y5..R.l..C[.Em4%.6U.5Q....j..\....R.K.I.j..-.."+....nTA-. 43UDpUv......y\|w.....[......y./y>3.....-.F.T:.&i..7N!.. .c%...Bb@P ...^....."..@/..P..Z$.8..}I3..0..h....e:$6m;B...U`.6..lqW..[....]#.M..w.H3..FpU....6..f..Hs....A...#~.q.$...\|....A...n..FX%......Y.u;=c\|..iz\|}..[8qJ...=V.Hs..g.fA.~^NQo. .....v..i....d....B..dz.z.+..........Z..{....T>..../.....^...F............%.....q.VO.R...w>....."...Gkk..s.qC.Kd./....v.5o....F..hv,.L..S$.a.^.\|.}...,6...\:'..^&..`.. .6Q..u.4...w.....-.s...\.[...,....:.....02..#..La .....F4.U....-..0.5.....t.......J=...#.P.30...j..FT.&gV.r.J...li.6F....(.........jk.Ff........w....>...n.y;z.P.\...Q..j..O...M.-._...N4..Zo..^}.......x..V..i_Q...D......P(f.j..f.....+...j..*....V[.NV^[W.N....O..T..&.FnO....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10qw1.ex_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 404403 bytes, 1 file, at 0x2c +A "cpc10qw1.exe", number 1, 45 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	404403
Entropy (8bit):	7.999069698774446
Encrypted:	true
SSDEEP:	6144:AgR2/E7XbhOCjwp+6RqgBtn93i4lfmAWuYrXFqWidsZVSEBE9sWr/kyDwCC6fqp:Pi+jergyt93iZ/VroFmVNQs6MyDA6fqp
MD5:	8D8744C7D911BC8C0944A924FFB80A75
SHA1:	F46CBDDCB17B6EF342E7D30CDDD226D61AD3AA91
SHA-256:	3BB99E154DBFAD5184CACA4AA479A15DAF7B6E5053EFD105FCED9535CEE580AB
SHA-512:	1C7D950A89E0C8D7F54EA5AEC5386BDACEA753826F7D7046CA5DA62F1F108FAC8AB704673A18B49B0A33100AA77A5F046B385A069E04DC54C38EC5AFE63F6095
Malicious:	true
Preview:	MSCF.....+......,...................I...-...8$.........C.( .cpc10qw1.exe...b..4..[...A.......`5..o.......0.4.C1.f...j.^7....bR.......~w.'.]].r..qjP..Q?....gs8.PM...Ld.......}..._6.w..s..9.f.y.y...{..u.vC,T..@.6....Q(H.Y .m...C\.Z..b.....l...H..Q...Lp........".+? ~.........s.../g...s....JX.n.RG..0..`E.nS...@&...Z@.$.MCZUL%.$...-.ma..@....R..............[....K.I.rm5.2.,....Mey.7..Fxn...o.%..../{.._.'.....n..zG.."R.2..N...r.....fI<.A..4.D:.....R......J...m.p.."...x?..n.>.......UT..r...q...e.Z.p.!....Y/tQ...D2......9..G....r..4.........UQ..P..o.Itf.~.B...xZ..J.5K....Z.....-2.{.-U...../.".'u....UK...-...eH..v..k...HUG...[..u#;...[.v..SU........u.K..{....L.d..5{...[....q..EZ..>--.D..Q..........B9.K:NI7VE...k..r.b........It..T:Q4@..........:G..("..\n.,.G...c...bcqQ....YZ.....9.~hKX.3.....P8......V.m...3-....{.X..9&.6q.X..M6}....2....ds,1.j.9.b.,.......Y..;..._..F.j..t...3.m..Ny.c.OyX.U..[...&Jcc(F......=........^HD.>nL.VR.>.\|abaH.... ..<

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10sw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 124957 bytes, 1 file, at 0x2c +A "cpc10sw1.dll", number 1, 9 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	124957
Entropy (8bit):	7.991805857970294
Encrypted:	true
SSDEEP:	3072:hmzduic+g746qVZ1zNpITJp9l0W+5Rsj44B:hyUic2vreTJjlLsN4B
MD5:	8E3FE3222F1A553AA784005C0081D615
SHA1:	BE0DDB2FF1DC0448C129B52CF2078ED83EAC125F
SHA-256:	419AF380E08233A27F8DCEE8F5C5584030E91D39FBA200BF13DCA6E05AE357D5
SHA-512:	2E1B028B88E5CFD148AA7CCA6961B66EE963CCC92F4F7B53929EFF3C9ED5DEC9ACAC0A82A2F9A0B7E32486FAA1101BE9162D69A7189DCF29086238451236F7C8
Malicious:	true
Preview:	MSCF............,...................I........z.........C.( .cpc10sw1.dll.<l..b8..[.....@......5..]....V.V.SB.24M.....c..).E..+..EMX...N..;........._k.A%.[...pd......w.o.~..{.!9.w..w...Y....T..7....U.8.,...\|.......Nz.jI..'..r.Pe...=.-.....-..2@...,...Y!.......X....3..\|..w..Lg9o...w.y$Fr.-.cU....B...(......qM@....i.f.X..B.../.t...m.mu.i.9M{3..SF..~.PA^O.S..{Z.>Sn...7.n."..O...ieu.GU.Y....q.......kT=M.}S...S..d.:,{.......j..r.o../.}z.....4..7u.....l..;I...F3.S[%..hU....=...=.T..N....J&......!...m.'.K..I.'.E....UAP...]:....oE(.0.....T...j.t..#......IZ.w..;.....'. X.....lEl..%.x....%.aO..o.....--Sk..o.b...{.s........_...D....,.;..K......g.j.n.5.2...d.d.fB.......j.k.nSC...65...i.IS.U.PSP5.4......XSs..i.i.i.mr6y..7E.gi.VMOMMM......P......(.J.rj.j.jJkjk.f:......)..M.Q.p..........$.D.Q.#i.$.$..D...QnA5y5.5V7...L......^..L.4.4.6..%5.7....VMbM.Ml..M..M#L*..MnMBMI...S.V.tT.:......tmB4.7.....S..XSZIv.:.....K.m..i.4@.i..6I..5.<.ZM.MRMN...&...

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc10vw1.ex_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 319873 bytes, 1 file, at 0x2c +A "cpc10vw1.exe", number 1, 28 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	319873
Entropy (8bit):	7.999108462059133
Encrypted:	true
SSDEEP:	6144:BAMiNeVuvMFOUGtoZdAMaewZMXCqe8ognL0xCq2iemxI6eqV4V/h82+Fy71l6hV:BAM2euMFZnSewz+oggC9idxIOV4hYFCc
MD5:	D4E385CC477310460ABE9E3DBEA14412
SHA1:	3B855CC198E0DBA7E1CAB6480D3793548133A42C
SHA-256:	AA9E88B454E812FFD69982A3F40C7D4D25842F7B6F99382A989FB4FFEE1F1155
SHA-512:	B17D136C8683D1C1748C472D07437952CB8244B5109F38934CFB6BB4D7395559B73F1E457607E8EAC69241B8A670B18CF14FDADB6587004E62509305A8DA845D
Malicious:	true
Preview:	MSCF............,...................I.......8..........C.( .cpc10vw1.exe...M.>0..[...4.P6....`5..o.....{...a!h..b..z..X..CWgrf.r:c..V.x}....w..;;..q.9.j.D.w..=J...".3......~...\|.....w..9...9....]..{/...$.-.jZ..n.R$@.....n.P.....#[....0dGB.....k.[.T$...`Z......""..G,....97.s....wy%/U.U].].IU.......A...$6.0.Mi...l.IC6.~.(TT{~J/Id...&...O..\|..`...."-.........\(.1....X..f..j..8.....z.7..........=.F.7..neZ$..o....)R...S.>.Z..uO._..n.Uw..A..Z.=.N.U.\|....{z.W..O._Z..i......j.U..N.5.uV....x.nd...I..L.(b-.\|bAB\|l...X".Fc..=......g.H..H....=.O......l&...:D..aM...:.`y$.}VZ......p..8)........v...V..Ul..2w....Z.....[t..W...i....X@..JZS$.7c...KQ7X[$.\Z.Z...3..>.+BK..z......G.H..T....)..u..i;.u,.!.JinG+.mKJ.....1s"&_@..b(s.L.)"..6....T.......Al..%.q.NV...^R..........Uw.....;.-q#.;.nAm9q..+.}.2...j.gpr.`N.Ar.....E......v)Q.E...6...\.I.i..K.......=..B]1.W.Y..y....}...}JH.I.3(....+..?!.v.mA.G_.1..i...6]1..V.C....PNM"..6){....K.H% 1.....@.'0...;...B2....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1csw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 21031 bytes, 1 file, at 0x2c +A "cpc1csw1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	21031
Entropy (8bit):	7.991134530547848
Encrypted:	true
SSDEEP:	384:Rj2fp1QwKuSjd3dsWZAtGNeA/9tA5c7JKZN/He0YMf+aUZ58ETZOKD2W:RafHQcSjd3iWuc304JSJHeMf+a055OKh
MD5:	DEB143D9EDD461B4BF6324A6B68FE4FC
SHA1:	E8ADAE502CA747510752ABB2E0EF9A0085677666
SHA-256:	72F26A2C7F5444B302A051DC77DF73F048B3AE565707C12016DACCA922DAA3B6
SHA-512:	3CAFEE5E565F7FE0DD236423DDC4C84ED3DBF3ABBDA3304CCC3BC15B3C8C318303362013B47C9B7CA70F18F9269F10D5988A3E6B07B6D94A8869D1C965A3F986
Malicious:	true
Preview:	MSCF....'R......,...................I.......<n........)6m. .cpc1csw1.chm...1..Q<n[..................]..........]..........w..wD..........^.^.(..&\&\AH.B..f.e6.....{./.-..{.C./\..c.(B\...s........hf..f.....`../._./CN.PFCO.........fN.@...... G.....X............./.....Ol....Z.7.....jB.......7.......oG.V..fY. +.....].%1#.......`...H.)./.c........z.\|.........P....&...W$D..9.....i....#.................1..#..O...jh.j)...~\|..H#,FCpbIee].jD...y.#.T.......C......LM.....}.w..#.......~........_...A@........b...9w...s...:..O........._MD.......mH.....M...I..b.S.s.Zx..........b.r[y"#..z...73f..O..\|....Z..?o.B.#._.....ILw...._.sE.......aWC.....\|.Q.K..X..K..fL.U...:..V....@..F.s..D...../.I........{.1S!A.....V.....9.p...~.R!p..;....5."..8....y..u./#B.?...{....$..?.c..Z.. .:~}8..~...T.!....@...f......:.>...%......&..b#~M...y?9.?....../.w...b.7..........\.P........3........v....o.<./.g.4....S..FI......>...~.w}.....3L../V..k..[_.~....@}..c3...H..7.7...?.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1csw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 59227 bytes, 1 file, at 0x2c +A "cpc1csw1.dll", number 1, 18 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	59227
Entropy (8bit):	7.993349640289956
Encrypted:	true
SSDEEP:	1536:A7BDF4TrPJpFRwV6ZQTzYmz+I5sxHtz1BG8W:AYrhp0V6ZwzYk3WvzTQ
MD5:	D6B5103C60E4297E7C5C8B9A2FE2CAAE
SHA1:	61DDCCF54BB2E07C5CBDD69F181974C16CC59608
SHA-256:	617171DB19BBF681618C74887C3E9E867815D1A503E19DD2C4C63D78E82B2E08
SHA-512:	CEE87DE6149F0357901C4A74AABA08E9D16AC2313B0E03D14D0966405DFE742706AF26249E0244A64D97ED85C9B727B763BBC6CE804E7314DBCF7EDF2B691E45
Malicious:	true
Preview:	MSCF....[.......,...................I.................,CnG .cpc1csw1.dll.=$f..'..[.... ......2.5#.p....[.e..ZoClk.ni.......pe....7.q[%.u}...e.o7....u.0..q...q.I.\|.,.8..Q...M./0\|!w....&......;00......~..{."...j]..f.4.Q....J....<..MK...6G...H,MnV2...-..Ip..AAm..n-K8 \!....?.@............{.c..\|.._ED..[..........f.L.\|....."6..l.4.G.._..0.....w.X0j..))...rd....>..b....pg.\|...+.;.o..C&......l..q...c.o...J...wm...q...N.s1...r\(.a.91...`.6.G...Y...3..Jt........S:..\...'....A!.... 6<.G.z.<..Q.K...o..X...d.).#.AQJ{.....{.AT5.........0mi..g.Z.s...y...m.ree..<...o....s&".GG''...(4H...V...\|ZH.8>"J.,..1.`t..O..2..(5ha.o.G......!......',.........R.B#.0.~.X b33@c.....^....q....8.?s.e.3r.O..Jt....B$.SN...DjT.'..`...jh.6...E.G....I..!n.p.An...x.H.B/.XA.V../ L.._......nt\|b.`\|.............u#...v.Ga.O.....Q...@....... .pA.``.!.!.'f0.!....!$Q.....E.....0b.L2.q77:>..7#DA...........p...P.Ao.lb.H......\|cF.<..<......$...>`2..78..Ay7BH.A1....... .py@&Q.?.&...#...

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1dew1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 21185 bytes, 1 file, at 0x2c +A "cpc1dew1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	21185
Entropy (8bit):	7.989133098150109
Encrypted:	false
SSDEEP:	384:6ESjV8RE5TNqPlQENa85+EHJp8XZ87zAGRTuaTqLhz2lJ2LqPCykUK8L7Fx:6zE1SENa8AEHJpy6bQaTqLN2luOVkUtz
MD5:	D42F318289E7E4F1658948981732FF11
SHA1:	7CBC33D7072FCFFE6B0246DBDC91377ACC9E2B5A
SHA-256:	76D197529C2203C010BD951F18EC27262FA2BB7F19147544B5DBBB18F35DA48D
SHA-512:	8FCC1EE3DA700BF927E9D44C278C3D02D79D51F854D7F2313EEB332F271CAC9A3644FCAB5D128E21CBD64DF1D3ADD0D557F4D37C6ADA0C8B931035C369F02C8C
Malicious:	false
Preview:	MSCF.....R......,...................I........n.........5 . .cpc1dew1.chm..n..pR.n[.....0........................\...w..w..`wH.U..@.....3.\|jPs.@.e.Z.H&..w0L.-.z.7.'e@=.'.%..E..t.LKEt..t"@K.L6.\..t....#.P5.C..V.9<....::...}.M!.I..........La...O<D^@....Cf&.H.8...e...!.....L..C}b@.?.e.../O.r.......$....@..~.....2.K...?.1....._..%#.......xX.yAB....:.....T%..M..s.._))...&.)H.C....~.X...06..p..r.Bz...w1...QT.K~..s.......%..j..Vm......(..b...TDW..6...3.......N=IAO....._..P..J..MNM.....YV.95...A................<27;.8...P..SAdq.d.gR.+.o...`..... ..S...-.......D.......6..1.7~.z;.....U......r`..?Kc~.W0xf.....5.... ..v&.b0...............t.1..p......}..h....P~.8...Q.\|C.M./CT....W.F.v.T./>......_....$..B1L..........mlM...L.%.;.C..[~..t...?_...c..D...1G..6..l.H ..d....Q?9\wH_...V.~...:~.9.......U.}.`..S..........S./.2...0.q .D6I>..7`\.K.O.r..........h.J...e%.?..Vw..?.m...C_.4.s!.dI?.1e. ...K..F...._%....r...E......PF..i-R.@...KN..f.u.Y.#...}0F.+sF[.C...#....2.";.9.~p

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1dew1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 60795 bytes, 1 file, at 0x2c +A "cpc1dew1.dll", number 1, 19 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	60795
Entropy (8bit):	7.99375421523368
Encrypted:	true
SSDEEP:	1536:y0p6iUpnz0SyeuJsbSVo/lSMVh8494+4t3:y0p61pYu6s+VSh8w45
MD5:	7B291B90D76806BFA1BC8B5801868493
SHA1:	9134DA1205D5C2BD48E6CF1171AEDCD05FFEB28F
SHA-256:	50B8BF0AC806D8932F443490086FFB5C78745797EF25E87916B22F43EA53E5FC
SHA-512:	D91A97AA3068E3578C6D0EDAB291D7FA50A5AF2B67648C92802FD9D3F686272DD1CACB564A5733678681E1C8881C4D535375667AF9BC588E28E1F07CF6256A4A
Malicious:	true
Preview:	MSCF....{.......,...................I........4........,ChG .cpc1dew1.dll.!$...'..[.... y.....3.%#.p.....U..]..jM].....\|....e.Ta6.iY/.+..7...P(..CJ..\.Y...i..%YN.v..B.......K..f.....{............>..~..p..vT.....l@..\|..:...hWs.:{..K[m...u.v....Nw.l........'..'.0.,..CN.. !...N....".(..2.........=S.H.P...P...8...h..\|...A...+\.L<#..i........\....5l.gc.rd..1..+.Up.>..?.UUx.Y.'.U...qWQ..\..+..X..N..q.....\|.....:[.Q.c.rqs].a...=..2.......Cs.rn\|.u......1.....U...Xj.i.......x.y...U.3.......,s...47.....e..Rn..9..QEG\|A.j..\|.!.1.P..#9..}.........G.ms.....)..W.j]..9.......)U.q..'"...'(.HF.R.`Ft\P.8X...<..^`.8=4.....(Qd..&b....<lH..E#B&...0P....O.....Q.X.}!.GH!`.g.h..........q..&...3..~g....._..K...%G..It.M...9t.....!#..thn.._.XD......0.0..M..4..g...a.!."..X!.v..H...0x`8.q70>."...x.p.Pa......yzC.E...4.D...@...{.C.s..C.....+<..`.D ....g. .......R0...b.F .D".....{\|....},".R.".x.~.*,HD..pC.E~..41D#......!#.....C......8....x...M'(.......1:......G.c........<..'z...

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1esw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 20921 bytes, 1 file, at 0x2c +A "cpc1esw1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	20921
Entropy (8bit):	7.98801521425368
Encrypted:	false
SSDEEP:	384:ff+4AkYfqFSUbFULW77eM3+v9JRO8OrMpQazIUXq3AJVxc3Uw7yCZVEs5blB:HIjqZ2S7Juv9JU9Mp78nA7xc3KCEs5xB
MD5:	C43FBC4BCD87C09CAE556BBCF05E552C
SHA1:	CD48F569CB352E41A8751B9348CC99AE368F1A8B
SHA-256:	3254F0DB1835AB76BD2F8F9A96C15912FECBD6E455855B644DE08E837375CB5F
SHA-512:	11A766E9C2F060127C8FBA34C3FFA4BF4351EF9EE0A7ED4D6B5A0A027084833D8EFF48A2CBA65DBC9F8499B28ACD37D1FA59CE1FCD0A5555BAA10D582AB32950
Malicious:	false
Preview:	MSCF.....Q......,...................I........m.........5.. .cpc1esw1.chm.m`}.hQ.m[..... ......... .........W.wwwwvw...%....wwp...Q........<......F.".2..E...g...X.l.....Z.....<..%B<..<.b....w.......hH..f........\|~..F.m..e...00...[.....?..n..w.v..............._..9....!.......<.......oGu!..?....o..?.?.....f..X.%....?*/...Rh..AW....Y.,............5Q..?....J.)...h0.L2...@....%!>..%..Q.ML@F.........I.?./.b..O....C3?q.....S.?...p..BX........Y..xb.G.........S....I.PQ.....y.s.-'.1...:.~.4......O.x..?!U.......?.9{...k...p...":........T...r........d&"..$ty.}..{..... ........\V.......H.....k... ......9.../..1.........z2z..(?<..sS..B..T.R"....r..A..`...}...>.....v....>...W........K_.2O.._.......&.......57....ph......y.._Q.O.....}._.`.....8./.N....C~.o/".....7l.......l.-?....K.}F.}).(..U.],.....'....w...$....a.I....!.M....!...Z....X.~..p.......%.w......t..w....Wh.&....%>_D.Pc?.E.._........].}.F.oF..c.R4.....N..f.u..S......O...mFZ.B...#....2..7...~a..X1

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1esw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 60583 bytes, 1 file, at 0x2c +A "cpc1esw1.dll", number 1, 19 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	60583
Entropy (8bit):	7.994041442672645
Encrypted:	true
SSDEEP:	1536:aFCmFiBWgnZQ+9mmmzUvJFfdlnp4bf/BTuJNgWQ:6iBWB+9n86Ffdl2IJiF
MD5:	89ADF84E4287B5B3192B274E47605512
SHA1:	E580694673E633F4BA9E6A0E1424E197B2E5688F
SHA-256:	FD2ED44D6FA4CE8CD902423CC9C7FC12548BFEDB3C6C025F132E841723BEAE63
SHA-512:	D9F7DDB4C386457D16B09BD0969C65B46A840D7626D79D5F721B9418A75B80FA29666E9A2FB0B12F6696AC159CA1413A023685D05734A3395B604036BE5B299A
Malicious:	true
Preview:	MSCF............,...................I........4........,CkG .cpc1esw1.dll...z..'..[.... ......3.%#.p....oW.y.l....0&.V..........l.^..v.oS.8..Hf.q.@.s.gm..._k...!..d...R.m=.......)oaZ..QG...f..F......G...)y.8..n`..b...7...Vi..;....n....!..%v.x..... ..m...TK'.WP.XT.M..4OI..D...F.....j.....o.R.. H h.A.&.3Q.,......<...iN.!.(.1.m.Z..L9.k.^......:....l..qF..7.....3^{.w...o{......=..z...h....../..}....a..,q.?.].=......G..%.\....W:.....pL.U.5..krIu.WK;...#5..V9.>.....:...?...9.h........~.G..D..W.bR.....]. E.u"...Q..w.!...".R.=..h...[.#......^.k....IY..C.....#......)Y...=`.../. ...$&..G.''...!...Q..v............Q#...&.G'..t..Q)J..]....P....q.(..Db...<<.Y..........j..qK[./...JU.).&W..\|.N...:\|!..vf........w...0...1dH.66:@..66FL...J[......<"D^z...&.....(..E.RN..6j..E.=/...7 &..7?5'.....(\|.......Z.. ...a..BA.B.N.Q.!@.... .%$".-..#...H0..#........ ......<j{.h../....ucSCb.Gp....!...w..;;x...#..FDab..>.2......Qp..SI .....F....t..H......<<.....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1frw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 20717 bytes, 1 file, at 0x2c +A "cpc1frw1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	20717
Entropy (8bit):	7.989550267418251
Encrypted:	false
SSDEEP:	384:owPWWBHcDNwrlJ5QsH1KYYZGzB3bGjcqCiSxZ2ik66ogfPTWHJ39ngxhpriAu8xA:fJWwDPVKYYobGGdl0PTWHLgxjEkbAusb
MD5:	5072BB858D3CF10E5373D353C82C6FA6
SHA1:	CB52473749D5C02B286699EB96DDD8B4D8B8B1E8
SHA-256:	FAA72DB770C5C6D64312D6C8504D779771E61A2BC07521F1D76478AA6862CC3B
SHA-512:	C6EFA5D0C7F555BBE23749905FEDBA641457BE694A008370BDEEEBD33C88274B672BA4C4908132F9D52B6FB7D2F6401F6D85B785EDD0DFD11872230D2BA2C5EE
Malicious:	false
Preview:	MSCF.....P......,...................I.......$m.........5[. .cpc1frw1.chm.m...P$m[.....@...........w.bw.]..w.wwrw..w.w........b E$.`..........\|_..6.#\.p.".H..fn...+n.96._..PH....G3.^...Iy..0.yT...{....$.@4.Cd..H.z>.b..>6X..rZ.2.z..\..........n?..x.w.......!..............r.....1.O..........PWh.....?........?.Y.0.d..Ke........H!4.....'W.,.F"TAAE.Nl.L....T...'.uz.r.Z2x"...y...#.R..@I..Es....Q.?...{-...Or..0....K.Ob!..?...?)h....<.I},.C#bFep]Jje...%(.'L......y.;.,.....M..L..}.w.[....Ov...9.t.[..[.......?.R.]..\..?.Pg.P?an.a.gP.).s...]...N...O...-..:~......B.............i........).l.../......<....R....?Z...o.b.#._....X.w.,..t.).........H..._.q...N..%......g5..p..R.q.Y...........t..f.w_.........q.A.....V.......{.........m.b%.....&qH?.l...~C........f.......m.....G.....a.h...Z..]<.-v..E.w"4..h.N..p?...?.~.%.t.'.K.&Kt......p....c...7..0.}.(..._.J.U.....p.N`.C.......h.C.?I...G....[T.......................~'7..2....~......z_3....;..D.S./a......$.........

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1frw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 60507 bytes, 1 file, at 0x2c +A "cpc1frw1.dll", number 1, 19 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	60507
Entropy (8bit):	7.993253265145762
Encrypted:	true
SSDEEP:	1536:vHrPH5B3jZxwuve/XIp+AdxqvkaOItxvIhKoo48b5gxb:vzZ1e/mJxqTLoo3up
MD5:	1DAB58B623AAE1D09D2F12CAB5D7BBF4
SHA1:	74DA646D8DC006938A745A2D3A5194C68EAEA198
SHA-256:	9AD1BD3478B9594F69639AF7CB6955BE63ED66A010D3A253DBFAE969B47F1B74
SHA-512:	C9C4655FEDF5F5D11F0A4D3954EBC74605EA60FDFFA99FE6374B2E30A16552A13F7146D179871BD9D9399692F31A61D3D1F06090D71930B00BD18561696B97FE
Malicious:	true
Preview:	MSCF....[.......,...................I........2........,CbG .cpc1frw1.dll..F.1.'..[.... ......3.%#.p.....U.......t..?+.._..\|.1...7..%K%.....@(..o..Pu.B.[.\|z.G+...!.'d}..~j..Gt..g....0-.}.#%..C.63w``.............].\|D....%....hB.E.7......^.jsK...u...79M...&..8.\p..d.>..d.....H"}....4.WUvP.E.w...{..a.... .i.........W...-...e...r4.}F...fg..3.C}..l{..E..ocIU.2..YKv..c..x....=..7%...1.].+~.....<...f..........._=..D..._.k..lx.l.d....x.5..B0..8T..0.6O......N9......~...:6.X.8..j...O?^?.t........Kc.]O_G.....^...mU......."NB.T5......o:.j....vD../:@[.4b..;..`.....V..P..-.....q.w..3\N.d...D...!!...X........$..G...C.....c....r..".f61v.y.. 19=..X..9`.P.rzp>..'.....z....c.a..h.$>0..%....b..L.7.gLb...$.....\|..%..N:9$...J..D'T.....`h.6f.......E................ ..v.n..Xa.Zh......%L...........(....[@8n.p....!."....B.}x..b.>.a.:.H......"..C......0B.A\|..).(..C.#..h... ..H..."......!!.)..G..~4,.\|...p...zC.E..#6.D....1....c]...C.....08j....X...O(D.F.) 0........F.F..$D...d..}...nJ

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1itw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 20741 bytes, 1 file, at 0x2c +A "cpc1itw1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	20741
Entropy (8bit):	7.989023096467219
Encrypted:	false
SSDEEP:	384:OglV8jftXf22V66fHF5Q+iPPq43+WeJsu2fx0yHBCxDI24z:Oglkfj7KpP8auyx0yHk02Y
MD5:	79FB1BF504170A709AAE0EA2A6AEAB08
SHA1:	9DB70657C3ABBA40174956D9C22F94C5083F9044
SHA-256:	8244536F1573F5EEB607AEDE7267BDAF92EFB72AC9D31FD967136EFA6F358456
SHA-512:	B1AF4CBAEF39C0BE48BD0E4C76D54ED3494C9F8C028D6FDEC35DD857C884A92C8233CA16DC6553ED6E91ED97AAE257D58C40284BAFB5B823E1D7109BDA6867F2
Malicious:	false
Preview:	MSCF.....Q......,...................I.......>m.........5.. .cpc1itw1.chm..l-..P>m[...................]...............w..q........... ....D...7...P{0.kC.y2o....a...k`H......@.Iy....)........hH..f........\|~....m..e...00...\..T.....?A.n..w.v.............../.....?....y....c......h..!.._.?..7.....W..?!Y.0.d.{.%....2..t...D. ..n..,..@X........m..5Q..?....J.)...h0.b....A..<.JB{..K.-.....O.l.!...I.?.f1+P..b..O.!Z..?O.h.)..~{..I!,FCpbJee].j<..ep(.'.........;......PQ.....}.w.[O....vh..7i:..m.-...........m..m..[(....0.......E....:..........\.rJ..G......hbQS.s.Z................$F..E..m..3L..g.+{@.Hd,ip.hA....e...7..h............J[..+.;........g.?b.].V........7......~o......,_.2[9...E..~.........e.2~..gx..b........?..h....g.........).;.q"V..@......?$.....w...Q....}.p....-..C............C~48Gl._...GI.....+....?.5\..K.i..r.0 .......+.....bS.P.......s.1......D) ...........[e..1../3'. .?.f..K0.........eVU.>....Y^....U.f....~.).lP...X....(.............

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1itw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 60319 bytes, 1 file, at 0x2c +A "cpc1itw1.dll", number 1, 19 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	60319
Entropy (8bit):	7.994193186709418
Encrypted:	true
SSDEEP:	1536:A0qmu4gLhvH7xwY259NNufB11x5AMbIMVTPRWsGJJkBmu:AmmLBH7I59TufB9Bx/OkBJ
MD5:	03585467A2FAF8591E6706224F2BD0E3
SHA1:	64D62EED0D893F14829B18A3DBB9957112C6A5A5
SHA-256:	7EE1B651DB67C7A02A77377B1DABD7A260B90D1BBD96DB44BB844870D5390090
SHA-512:	D5BC826CDFCA15327A1C3778867BB3F8A1D9C698999097B50B030FAC9A98EEC3D089DE55416248A0B51A120D1C0264A9495D6EA5FD98AB6705FBA2272173DD12
Malicious:	true
Preview:	MSCF............,...................I........,........,CeG .cpc1itw1.dll..#.H.'..[.... ....3.%#.p....oW.yR......Z._..P.o1.5....zp].9...P(..o..Zq...Z..tI..%_w!.n/\|z.}.l.4..l.7..oa..}@.......;00...q..~..{.]...r...V#.%k.....8.vo.A7...um.s9^....Jr..M....]$....9It6"....Ab.@.$H....@..U...B....~..\|...K/v!.......).*Y.........(.."3..f..."./..W.f...s./0.}uK...ay..b.........q.+.q.6..5..a..\|....7....o.0"......../oz`...L......x...q...\..b.9...6........7..t.H\|48....K.rcN...>.n...3....V.?i..C~..u=>.8..5........9p.Q.F.....:.F)N.an...v...E#H.K.l;.F.Q......#..W.......Kc[.`(g...........#.)"...U,#G... ..G$F...%&. .G'....!.....t......c....(...MTP..'..R..(.,#.....,H..'.......7Q<`IL......!...f.n...:.G.Q'.$zuH.....sl.C..m..................1MX..O3.s.a.!....a.w`..H.....0..>.NO....."._,....<-...7.$at7.Z...A.N(2.........M....X...`. `..&.....<c.!..y.at..,...D4..%.P...........b.y...Gs.....G...7$Z...B.N4...P....0d.a..=. ....Q.#...........px...a..0..+`.D..h@.4..K&@....".z

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1jpw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 25613 bytes, 1 file, at 0x2c +A "cpc1jpw1.chm", number 1, 2 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	25613
Entropy (8bit):	7.990835689229193
Encrypted:	true
SSDEEP:	384:V9HhRdBpkzFOAPZiNG/KII6MJMEGPFG8GW+nIcI7ylW7Nz7suYd8AdHR6EaMwlbW:PJBp+U+Q8YnW02z7lYdDxMhMwlb3dK7
MD5:	B26BF8C2D47385E64A79F88FCFC855CF
SHA1:	00F1FBD52DA58DFF16F4660B8F10F2FB5484BBD2
SHA-256:	64528E6F2BA1868705800D55C64B3D4CC88A51ED69F9714A87C1FD98D65F8120
SHA-512:	2223B720E4FCB7EAFB82388A12FE9B944F5806AC35EF82B8871761130FAF5DB6E05832E7AD413B190217E244BF825C400439656B1A1F108E8347B60579F62184
Malicious:	true
Preview:	MSCF.....d......,...................I.......p..........B.( .cpc1jpw1.chm..4..c..[................................].]ww..wwww.p.......0.g7#.@..Ed...d..E.E..Efs.5ZT.z.!@..\|K8...^..1...aU..I.....1.....w{1s8.`......._.%.k...4E0`...`.h...."J. ..z.d=....\|.......K.ec`.....Uf?./..........4......C.d....a...._.p..O5..H.....$..T..P.GM.L.._.....A..y"JB."&.7`..T..BO.....QM%I.9.L....#P...............P...v.B....g.....(P?f..31_.h..&Z....-_=X..+....D.dFg......?..p..O._I..."...l..E.tu7..6.6...n..........p....\......?.T.W.vO&.....J.L....i...}.....n.H.!2.O....F.C.?{. %.....A).@....q9a...q/.`...........Z.[..V.i@.......?[...w..9..w..z.x$.?1k..g.G..?.7~...XW.....@..ly.:.~....j .....2E.&../.Lqm....&..2.._.f...+...c#.?e.d...dMsi.p...0....?.y..d...1H....g._..!V.._G......_.{.........c.gx. ...~9:.7...[."...`..C....~..O.z..~EP.....).vo3...?%.N....?.......[+..[.-...f._.".;.k...1(Eh..S...C..4....XRA../...L......2K......a..!.hOC.............Qo(\|.~...!...9k..Q."..L...c.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1jpw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 59305 bytes, 1 file, at 0x2c +A "cpc1jpw1.dll", number 1, 18 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	59305
Entropy (8bit):	7.993398914394858
Encrypted:	true
SSDEEP:	1536:eJp/YqY5PMj7gxKm9hChbtphZ/9eptfaxnow6nk:ekF5mEtsh2ptyv
MD5:	BF4392DECEBB74AF9144EB29E8595FE1
SHA1:	49D4BD0BC2382258D97C1F8AEF12A6354F46B419
SHA-256:	3E2F611B9A794100277CD782B0BA217F344F486A104949A3A64B4A887B5BA89A
SHA-512:	35E1D166D2F06F0F224F2A9F782E3893441D8B597AEB2151B25F6F77DBC2EA467325AFE39A8F799EA980EAE3E57C15AD36EE43F8C2B029DC9C27C6634B786D30
Malicious:	true
Preview:	MSCF............,...................I..................B.( .cpc1jpw1.dll._8..'..[.... ....3.%#.p.....U....m`...._..P./1.K..M.z.R.9yC2...$..8........_../.Bv..;6...^B..lN....~.Z@...........=........ur.v...6..i....GC.L..9(...T+.j.;.s\|K.....Q.9....t&h#d.....e.5!'....}.."....T$PWDv........a.r..0.....C.8$.!.H3.MN..^'.uP.A.k.F .@b}...}..=..S.-Q...y.g\|...............;.>....p..........w.w...h.~...]p..\|d......L...w..o..X.T.X....w>P./.3.W..:........Vm>...s..D..(.:.e.$..,...~.~9....\|.....<.....9...mthH.......St..:.).T.F....Ry...S.vM....$..J..Eh..q?.p.........V.....u.5sf.Ix.....x..RS...&d......08p.L..}..`(a88@F..?.S..p.P....?48..H%D....1@...P)H....J"G.....0X..,$..).....T<.q....9.....U..8..g[}..Nuji.....(R...F0....@1C.....v/.@..m<P..m.G#..n....=.6.^..,..._H............(...p..U.......$....%...S.".?.1.b.?......#.......P..,(.!b.... ..f.HA...X..V..I0..#....s.C..tu...2@H..*..}.L..-....v.EA.$@.....0.....c^...C...../LT..1..X..R3.{c#...G{...X..$.....".yp:

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1krw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 22229 bytes, 1 file, at 0x2c +A "cpc1krw1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	22229
Entropy (8bit):	7.989898491364522
Encrypted:	false
SSDEEP:	384:/dr4v6TvUelqS9GlZtQb+g9jLN1scbi+0fBn88vnEVwZ5H4XheFqDF7XJaXMa2a5:lr4wUeAlZnghXB90fB88vEVU5H4xeFmq
MD5:	11A59185975E62241E7286F9EB3912DC
SHA1:	CB263A8BA80BA9E056C67C444872CBC2C92F2D76
SHA-256:	A73B5609FFCD45091B24E598C00079A8995E8887CD3AEBF2153054E7ED52CECC
SHA-512:	7D20F234A55C8E52B4D9EE6F7919041690EDE0AF39774FF5CF264E57CC88A75F4FA30F2157A8E263E3F62E94599463FE54FC2B539807214EBE121980145B51B3
Malicious:	false
Preview:	MSCF.....V......,...................I........r........6.Y .cpc1krw1.chm..A"5.V.r[......,........"..E..............p......ww.w3.VD.....F..X.d.c@...[.I.jQ...s..h..o....s]...E.o8..N\|..........2..IN.........!.!....}@............T...?.wy....D.w.{.T......H...27...........a.._.sQ..........?.....@_................_.....<..w.h.{;.B.....5..).&...U....`.....)30.F..........P.OQKFPD...t......B\.JC~..h..(.&. .W......Oz..8......Ob0.`..Y..O)h.........BP...Y....\.\|.~.6u..0...._\.B$.DTZ>Tpp`l^f.......q......5-.......=....1.:;76..P-.?.oQbb..R.$1.K..?..^H...G\|..-...R.8.......50....~..W...\|~& ..'$.....~.......hs..B.W....d..e`+d...E......f.....;..Rc..+.I...."..y7qV.....b.....8.N.9M.Ox...M?........Q....M...(..-L.,....?.[.3.o.~.a.D.... ...(.(S....eA..~c.[.?.A....K.........>.t.h.._...x........\|?.E.....#.../b9h....9...9=....d...../C.}..A.._......z.p."........\..1.G.R.S.kOlp.a'.S..L.H..w.......`m........ueV......#..0.=..f..c.z.....2.=.>...3->*Pf_.k.=../.6.0....he."..7.&..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1krw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 59733 bytes, 1 file, at 0x2c +A "cpc1krw1.dll", number 1, 18 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	59733
Entropy (8bit):	7.992623847323333
Encrypted:	true
SSDEEP:	1536:zj2ayPqZRbq7XXxF6S+9g2W+6PlVyvycypxygFcu:zHzRbsXL6Scg2WtPjcUxhFN
MD5:	8A876D560D5DEF1EE5ED14B4E85D477F
SHA1:	E5FC939CFB45E66CCBDE95E71C192548F77B33F1
SHA-256:	2B4A7F2FBFF8A3349E2C541F50D2250AB0C8893577CB4CBFB101211B0664100A
SHA-512:	54CB061797968F25F7B5D7E6D6685E0E50222553D6DED89E08D0B5BDE756FE6ABF4E249DB6AB9E2F8D9860E5B11778702DF11ECFB9BB14A75353DE77B749923D
Malicious:	true
Preview:	MSCF....U.......,...................I.................,CqG .cpc1krw1.dll.....'..[.... ....2.5#.p....[.e..ZoClk.o.j....\..CZ3....H.Qj[.....6..-y....Kn.SQN..M....(G.u.}..f...HC..$.!w....S.x................=_.....@..F.K.....8.6o.E7...J..\..cm.J..&\..m$...Ah.d..E.>m......H...}......;..".......;L..m.............)..R.\|s..:(.......3G....../V...w....s.0'..)..c..X...3f..Yp...g..d.N?f....%G.p.;..na.x.8..N..g........m-...od.\....\|......j..i...,........:...@........9:I...:...L.....'.....!....%O=..m.?.....[m.Q..Tz....R.PP.Q.....oNF..;R,QGw)l....Z<R..4\|H..\w..g{%.]%.......[6.F/.r..H&K.S..p.F.BY).Ur#.K0...%)....B....S..ex...K...BB.'...4...(...$.y\.1.@"..S..\|.....R$../<.......@...L.B//z....Fk.g..... .e.S...U.{.N.E..:.D&...Q..OP...T...B.......Q..<.....n.8..[.O.."J.$O..%+.d..@&..X,.L....EnX@.".%XLU2#.%.....n.(..[/2S..d.S..OBH..O....Fq........i.(1f2.PP8>..PPDJ..Q..$F..Z.EQQ &e.QQ02..[.NT.....Gx1U.Q...^X.@..(....-..)....)...H..[,4<9.<..b.8.%.R$.$....S..\|....QT

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1ruw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 20955 bytes, 1 file, at 0x2c +A "cpc1ruw1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	20955
Entropy (8bit):	7.990002880793497
Encrypted:	true
SSDEEP:	384:in2ncznbZF0vWNhk/Z7fRIpyTHIA7R0IpMs58H6Ch7tO2ZjVCnPOXfAINQqt35:ingsF0vWLgvH40MYgO2ZjCP6oY95
MD5:	E5F4C25D0E2E5FA5D886EC41C4C73399
SHA1:	018345047B6CA3727F5BF505B1D8D88E6DAF1B76
SHA-256:	82A749DF7A90CDBB801A61EE0D3955A16EEDEA5E7A6D1FF4240071A1EC6F8117
SHA-512:	0A4852B606477EB23AF68B5E26B324056E175D8F057164BCAE379794B4CADCC43DFCFCD691F810CA87AC62439600751790F6DE97D14F83B06A7C8DBFA3DA283E
Malicious:	true
Preview:	MSCF.....Q......,...................I........n........6lk .cpc1ruw1.chm......Q.n[.........................................@.H..............Q.l....F2..=..5.k..m...........\..B.8O......@8........6a.l..0A...lk....oENNO.B......e.U.h..<.. .z.lG.pH......w.?_.....r..s.F..........G.?..j............o..........Y.4.`..;&B.......4. z...,^..X..B.........E\|......O...$...T.4..8..F..J...R...fx?.'.%....E........./G........#......R........W..p..$$.VD...F..o,..z?%.#..}..V...".....n.jnd^.\.......f...7i:.mlM......@P...........~.s.......dpH..............L_...k...D..<..$$xy.}..{....A..;...,5..@...x.....k3..~s........9.../..1.........e....\|...45....... /.....%..../......g...._.l..,...!.p}Y..,....../.....O.K_..!...Z.#._s\|.:.C...........PB...u.H.o...vb1._.p.S..C.0./~.o..~.X..3...A...?l.-..K......F(}.8.'.........'w._..._.?..$}..q.....nJ....4s'.k.mkq`...K.A.?.J..aw.......%P..nH.........'J\>5.....E......2[...i..V..a.Q...}..H..f.u_.A......n.)kFX.?..*..j..E#l..\...A..P..o.......a

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1ruw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 60847 bytes, 1 file, at 0x2c +A "cpc1ruw1.dll", number 1, 19 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	60847
Entropy (8bit):	7.993582826937295
Encrypted:	true
SSDEEP:	1536:TRGgcEPZDCaw4/5rDUlWSd04GjRUj4pPBsC18TFcN:4gc6hzxDOdkR3pKC0FcN
MD5:	ECED9AF9BFA38911706BC23BE7332F7D
SHA1:	AF59A0AA74E4FAE81705ED2C6A0BE85B36523BD7
SHA-256:	B480883856DF367976C55F1D320A2935DC3D66CE07DB3CA2EBE7918E56CAB005
SHA-512:	DDBE003DB229E309338FD1C82F9B334D28FA7D947369375E1162B1DE7EB2A0C9B419E9331A7E0689BE3263374B9F5BD3A840779A02ADDF67E090CA4ACDAF3D16
Malicious:	true
Preview:	MSCF............,...................I........,........,CtG .cpc1ruw1.dll.U. 0.'..[.... ......3.%#.p....oW.y....3......}..l@J..-.%7-..u.s..v..Io7.)..r8.k.Oo...d.{d..,...6.I..Y...la...Q..............#..u0...p.....d.k...\..s.S..h.9.....:.....g.]%.9.\..m$.F8A..d......N..C!.. .......Q..CQ.\..j.}.#.J.:......q....I.$...... ....Fc.b..@.~~.....3=..Q..\|X.."7...!d.\1.#./........o..}....."....c......f...Q......{.~1.y............$.Qj.=..../...C..;.....<.NV.c....QPO......+.z..<.....g...\..y....C.z\|<t.HmmiM.....b.s.3....P-m+.x..RS.p.R.`;w}nGB.%..C..R#.)[....<..jy. L=!?w.;.l.S..28.".pp...d.H..f.......1...q\.A.......~......O....~....JxH..0d..<..Q.....T.D....#.pd..,$..(....0....8..\|......a...9...[}..Nuji...Z.5.\|".*.A.RS....3xpGx.o...$%...7`..Bnn..b.x....!.....+......_T.......B.n`.0E.}.#n..H....c..wx.G......Q.....S...@. . .....`.!`!C(.8...:.E".@x.b..,...FHQ.&.x.............x...Gt....h.$\....b..<...B.oa.8E..1...(...a.A..&....(...c.....@E.....%V.....!.....NP..#....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1usw1.ch_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 20721 bytes, 1 file, at 0x2c +A "cpc1usw1.chm", number 1, 1 datablock, 0xf03 compression
Category:	dropped
Size (bytes):	20721
Entropy (8bit):	7.988711179786876
Encrypted:	false
SSDEEP:	384:E/LeZc2MqHgOHXqXmzTr5sPhWpS7xxWTCI7w7:kLdwHgOHa2T6wpS7xxWTCI7w7
MD5:	BAC1D12EE6072FFD34CAEFCFBCBEDACC
SHA1:	51EA2E7E8BDF66642ECA7F9C2E892EE6A6BC1918
SHA-256:	79DEC1B5394142ADDB312CE25DEEB129F8E01E664E673C3855257E1E6DB51B9B
SHA-512:	04610837B0CDF1A1DBB5FD2813F4BD5434F777AF554FB1124C44338B449D41746DD44DA83FADE55DAD8F5A8EFF651EE17BA87EACCCCA093767CFBF265A381AB4
Malicious:	false
Preview:	MSCF.....P......,...................I........l........K?.( .cpc1usw1.chm..j...P.l[..... ........./.UUm...Q.......j................@.H............8 L....J&`.n....o.2wV....X.^..D....q.... <!.%$.?.<......(..!w.02$N..)..../.....4...@........q......#...D%..,c....w.K_._.....8.T....`~._.....W.t...N_@......y..............R..W..x..GJFA.e........K.........h?.)....z...........M....CTS4.G?..3.....{./..#......../.r..'....o..i.?..zT......v..BX.........*.......I.'....y.3...9..DE...u.o..o...?.O..?..5.4.....cD.....N....kT../.y.......#T~..\|.........\|.^..Z.r..~.?w...........'.........Q........"..X........V2.F.z..X.X.........}+.c...A...~...?..f.e.......#..../....)V_.W^........K../N.l.K..0.L.K..1(.a.K.~..[..o./..2w.._.?.....&.!&6.......6..O...rh...?V..:...?"7...n...'.>61............7~q....FQ.wi..w........ua.......Z..s..;..?E....w......3...g...~.G........w...C..{?._..o.._..}d.Um..6.PG .7.}..N.j..'-.......!...E^.........2.{?....U._=......?.....o..{..\|u.....2..../......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\cpc1usw1.dl_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 59933 bytes, 1 file, at 0x2c +A "cpc1usw1.dll", number 1, 19 datablocks, 0xf03 compression
Category:	dropped
Size (bytes):	59933
Entropy (8bit):	7.994361327898447
Encrypted:	true
SSDEEP:	1536:tEiOncmr5WXfHyKDtTgIBiXdPlM2VZmzKOci+L1:tEnVWvHllBiX/LWzKObC
MD5:	200DA159386E325053B4A2F65CCFE4F8
SHA1:	BADCE439EC0204D196C2E7DFCAE27E753F576284
SHA-256:	ED0ED3CF2A694AF7C4360913CADB894B2DCC89CFEAE703719A6AEAC62BF3108A
SHA-512:	5F0CC536116F6D94AB93C47CCA0F0CFA1351A1851DF7029746A5D601B84D267D7167B027438597CCAE0647F6D0B0CCC0DE3C517CA518C4A493642D5C877822DC
Malicious:	true
Preview:	MSCF............,...................I........".........C.( .cpc1usw1.dll...Z.'..[.... ......2.5#.p....k.j..P[..-]..?....l..Z3....H.Qj[.....,.....\|]..XC.O.p..HN...........xn._.....%...M..33hE......~.....}.....r..Qwn&P...t.[....[I...3..no...TE..fY.B...K'...-8He..k..E!.. .......Q..........?.-.!............TH............h\..#L$.i..z9.;9...l.o%..2.....^..?..qbG..._......g.Y[...;>p....y.~q..^..C^....L..^.....eb&...$%.z..c_.:xG._`'..G...W.[.L.7......S...mS$.m_t...q...\..3....?.m..u....:R.Z..gSt..4.\|.)W.xG.E.<.>.)f.........,.m..).K..`v.g..,V.\..0.w..q.=..M)x...@..8q.BCd4!n..g..c...........#.E...(...xb.<....f..................0.A.......6C.$......<n...............2L.....J~Z.rUU...V.$(x!.Q....f.07...~..H....p!C.......!x..y.L..Ha.R...&.D..}......".)...0dF.~.?....+(!.77...bo?x..b.@.Q... ........ ..T..`0.!..B.g$P....`\| R`..4B.I,..#....\|}.F.)...<dQ.O.a.y..@.,H..K/.T..OB1.80F.b!p...... .0aD...........!...px...ag.H..)P.D..X.L..M'2.......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\CHECKSUM

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2310
Entropy (8bit):	5.222986584446144
Encrypted:	false
SSDEEP:	48:yH2qf2gybykkzplp7vhywieneleGewBe9ecGfexePaes:yH2qftyfCVvek
MD5:	457FB300CB956C6DCDAB8DFB6163514A
SHA1:	9B03F553EB8720D9EE13BC64F30CFA88C29E7B6B
SHA-256:	266EC8777C33647F14CAA79CBD9F59C0106EB1D61724BFAA9F4A41A5C2E1C169
SHA-512:	F07432BB590105CC15256F6300EE2DDAFF1A6BC3E95CCC01D93780567438BBE9E05499CE7092E773E3E31DB6AB4C94F9D076F6822E178612A2D18CC4BBDCFC07
Malicious:	false
Preview:	CHECKSUM.--------------------------------..Data/UninstFiles.ini.0ef1a18517d5e71b570aafd0ab865d2a..Data/cnwiicef.exe.5db3a7c727ec6f96ffe8143f51050e4b..Data/cnwiidci.exe.112d16f4953028396bb688c92245fe80..Data/getinfo.ini.6323691f8cc8ae9109c77821432ad37a..Data/instpack.dll.13e42311a567ed4b6ec9a2353c52eb21..Data/reg.cbfd831195c9945c6781dfad928e5488..Data1.cab.0c3efd4ff34272d31246c84de34faeb3..Data2.cab.fc1647a245517ec4fb2d9e6a819f73e9..MUI.dll.6cc88e59c0d504a7f07baaaad334c78d..Readme_Chinese_Simplified.txt.c22f53722c3983ab43aaeade1985b27d..Readme_English.txt.368fbbd6a5687f37732fe076c59d09d0..Readme_French.txt.1d8492f4c1b886298c82ba839e949855..Readme_German.txt.185d4be988c4d909b81230a44c9b7772..Readme_Italian.txt.af3ab2001ae1868f298e0955739899e9..Readme_Japanese.txt.5484bbba0a02c485e4dcfebae1e05a8c..Readme_Korean.txt.259198514273f116215247577c102c56..Readme_Portuguese.txt.09fc1910a8ce3d070dbf69814cc72b64..Readme_Russian.txt.e36dc6c5ac8b8e90fb63a5fd35b899cc..Readme_Spanish.txt.7ab7c5982b35e2

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data1.cab

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, many, 744649 bytes, 21 files, at 0x2c +A "CN\setuprsc.dll" +A "CN\uinstrsc.dll", number 1, 98 datablocks, 0x1503 compression
Category:	dropped
Size (bytes):	744649
Entropy (8bit):	7.9989879161525925
Encrypted:	true
SSDEEP:	12288:H0ouUPH6+VobG3dFqR35sC5p4yIyWDmn0VkWgxo8L1H2EVLKkwO5:HsQVvD4tpJWPoouWOLK72
MD5:	0C3EFD4FF34272D31246C84DE34FAEB3
SHA1:	597734B432786E53C306CBA0DD43F25B7616D2D5
SHA-256:	19704FC83E46C6456D18BFD941334D85F0943F09D1F85EBA8F1EC171EA47FCC5
SHA-512:	8EB78D6CCE93EBA6B2EACA8B3D076B1F0FCFD34419F9D50EA8B17A1A82C6FFBBCBE088BA8F71AC9A4AB94662FB688B0A729F503B9E6D2A0ADEB47000260651C9
Malicious:	true
Preview:	MSCF.....\......,.......................b.............7D.i .CN\setuprsc.dll...........7D.i .CN\uinstrsc.dll...........7D.i .DE\setuprsc.dll...........7D.i .DE\uinstrsc.dll...........7D.i .ES\setuprsc.dll...........7D.i .ES\uinstrsc.dll...........7D.i .FR\setuprsc.dll...........7D.i .FR\uinstrsc.dll...........7D.i .IT\setuprsc.dll......D....7D.i .IT\uinstrsc.dll......D....7D.i .JP\setuprsc.dll......:....7D.i .JP\uinstrsc.dll......4....7D.i .KR\setuprsc.dll...........7D.i .KR\uinstrsc.dll......(....7D.i .PT\setuprsc.dll......>....7D.i .PT\uinstrsc.dll......>....7D.i .RU\setuprsc.dll......R....7D.i .RU\uinstrsc.dll......P....7D.i .US\setuprsc.dll......`....7D.i .US\uinstrsc.dll..N...`....7D.i .uninst.exe...."6..[.... ..q..0..5!.....O#..<..Hbe........\|.6......1nX."..t...S....B.(.^........"..{....I...w6`..)..Dm:...d.F.@.a.. ..X"...Z~b..7...SY..}.Jj..R.Z........m%.``.q....... ....g..}............#.2u...m.................l..../.".....Z.....H(.$...%w...I..$<.x7..../(..6.T*.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data2.cab

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, many, 7140158 bytes, 95 files, at 0x2c +A "Canon CIW Extension.dll" +A "cnpdsdk.dll", number 1, 1409 datablocks, 0x1503 compression
Category:	dropped
Size (bytes):	7140158
Entropy (8bit):	7.99841266270066
Encrypted:	true
SSDEEP:	196608:qKmm5OsZNniJIj8iLhhD0Ye0AH5LK/wHiBH6I0p:q6OsjUIQiLXgYe0AH5W/wC4b
MD5:	FC1647A245517EC4FB2D9E6A819F73E9
SHA1:	DCDFBEB1316EBBE349AA524B7D68F8ADAD421153
SHA-256:	8A65A730A04BEEDB4D15FA9165F70594A6D8939198D1C1D822003899CB185D3D
SHA-512:	4A87D0E2790ECA674234EAC8C0084DB5E3FD58640E316A9A32CB5F5878A99BFAD8ADBA6A283CEF5790FCDCAB8366344BFEAB13258918D7136759B3B109BEF3F1
Malicious:	true
Preview:	MSCF....>.l.....,..........._..........................3.p .Canon CIW Extension.dll............9.V .cnpdsdk.dll.;p...`....*4.V .cptk.dll.P...;."...%C{M .iPRLyot.exe......~6...1C.. .iPRLyot407.dll......^V...1C.. .iPRLyot409.dll.......v...1C.. .iPRLyot40a.dll...........1C.. .iPRLyot40c.dll..........1C.. .iPRLyot410.dll...........1C.. .iPRLyot411.dll...........1C.. .iPRLyot412.dll......^....1C.. .iPRLyot416.dll......>5...1C.. .iPRLyot419.dll.......U...1C.. .iPRLyot804.dll.8.....t...!E.u .iRCort.exe......\|.....D.. .iRCort407.dll...........D.. .iRCort409.dll...........D.. .iRCort40a.dll...........D.. .iRCort40c.dll...........D.. .iRCort410.dll...........D.. .iRCort411.dll...........D.. .iRCort412.dll......\|.....D.. .iRCort416.dll...........D.. .iRCort419.dll...........D.. .iRCort804.dll.P....\|....%C.M .iRCortStartUp.exe..0.........1.\ .LFCMP14nu.DLL......;.....1.m .lfeps14nu.dll......K.....1.m .lffax14nu.dll............1.n .lftif14nu.dll......{.....1.m .LTCLR14nu.dll....... ....1.l

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\UninstFiles.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	6280
Entropy (8bit):	5.102652514350941
Encrypted:	false
SSDEEP:	192:1ydqXctKLgRuvkF/bPARqLsN2XdrnIZiDE1Oflxx2vENiLAJ7Zx2botiHUJXc0b+:QdAl
MD5:	0EF1A18517D5E71B570AAFD0AB865D2A
SHA1:	088DB4117C580A29926ABBD7A8FF57C5FB613986
SHA-256:	17F1C325113564B9137C809CF765614C5FF0DEA349EFD1B042DF5633A1653B12
SHA-512:	B05EDC41B6B6E4DA2BC3A918F4CA2FD032B17D3EADC9686304532CDE360AAB63B6026590DF0C95BF437F0289FD271FF65BD5B2AA60CCD05D05AEA7E7F78DA5CD
Malicious:	false
Preview:	Canon CIW Extension.dll..cnpdsdk.dll..cnwiosif.dll..cptk.dll..iPRLyot.exe..iPRLyot407.chm..iPRLyot407.dll..iPRLyot409.chm..iPRLyot409.dll..iPRLyot40A.chm..iPRLyot40a.dll..iPRLyot40C.chm..iPRLyot40c.dll..iPRLyot410.chm..iPRLyot410.dll..iPRLyot411.chm..iPRLyot411.dll..iPRLyot412.chm..iPRLyot412.dll..iPRLyot416.chm..iPRLyot416.dll..iPRLyot419.chm..iPRLyot419.dll..iPRLyot804.chm..iPRLyot804.dll..iRCort.exe..iRCort407.chm..iRCort407.dll..iRCort409.chm..iRCort409.dll..iRCort40A.chm..iRCort40a.dll..iRCort40C.chm..iRCort40c.dll..iRCort410.chm..iRCort410.dll..iRCort411.chm..iRCort411.dll..iRCort412.chm..iRCort412.dll..iRCort416.chm..iRCort416.dll..iRCort419.chm..iRCort419.dll..iRCort804.chm..iRCort804.dll..iRCortStartUp.exe..LFCMP14nu.DLL..lfeps14nu.dll..lffax14nu.dll..lftif14nu.dll..LTCLR14nu.dll..LTDIS14nu.dll..ltefx14nu.dll..ltfil14nu.DLL..ltimg14nu.dll..ltkrn12n.dll..ltkrn14nu.dll..Ltwvc14Nu.dll..Readme_Chinese_Simplified.txt..Readme_English.txt..Readme_French.txt..Readme_German.txt..Readme

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiicef.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	182864
Entropy (8bit):	6.554692814527826
Encrypted:	false
SSDEEP:	3072:KvZMlc+AXqm5np9Glwu00ESbKq8IzOw0N3me1hx:KvZ4I/R4F00EaKq8Iziwe9
MD5:	5DB3A7C727EC6F96FFE8143F51050E4B
SHA1:	32E4DD5280631A4B7FD0799819240427F12AF033
SHA-256:	AB38F79F16412AF0E45F4534169EA8A12D3DCF2DA7972400C9A2F73B137AA6AA
SHA-512:	915421630FC800A0939C3025B7AE36CB0805037F8252434A730AA514836D3D832B019F691EE4A88A6564C1B2F2609AF3F815972E9F4FF815939C6292E4BF5BC7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m.=...n...n...n..Xn...n..mn...n..ln-..n.tUn...n...n...n..in...n..\n...n..[n...nRich...n........................PE..L...`.S.................................... ....@.................................W.....@.................................$t..P.......................P............!..............................PU..@............ ...............................text............................... ..`.rdata...]... ...^..................@..@.data....;...........d..............@....rsrc................~..............@..@.reloc..t$.......&..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\cnwiidci.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	178208
Entropy (8bit):	6.549427478274386
Encrypted:	false
SSDEEP:	3072:Fc+cJApH4hFbvGTJCCrtqSibf/WrQw8LaHkCvwpbpF+bmF:Fc+cJqY/8B3trQFmHkCSr9F
MD5:	112D16F4953028396BB688C92245FE80
SHA1:	28C1CD8D5394054BB1260B1E2C0610688014823C
SHA-256:	B3A837123FE89845AE9ADC9F74BE3378E118AF4161EC6CE0C93786AAD1192F56
SHA-512:	003B3DC107EA4FE5BC69F9E3E4F528BDF3B3B4E8F23CA36FD7867A116F704A399D82FB7D60C8ED420047DFAD9F0A9E475F87760D1DA133228F49DAED4BEA6978
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........N..x ..x ..x .....x .....x ....kx ......x ..x!.x .....x .....x .....x .Rich.x .................PE..L......Q.....................................0....@.................................ML................................................................. ............................................j..@............0...............................text...)........................... ..`.rdata..h`...0...b..................@..@.data....A...........x..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\getinfo.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Generic INItialization configuration [OldVersionUtility]
Category:	dropped
Size (bytes):	4449
Entropy (8bit):	5.2209428250018615
Encrypted:	false
SSDEEP:	96:2RJh7mTFxHwGxFyFahrobPHf9q8/Fs4SK7I6oSB:2jETFxpxFuah8bff9q864P77N
MD5:	6323691F8CC8AE9109C77821432AD37A
SHA1:	E825BBB98B22669FF0F08888CFB5B935BA9AE277
SHA-256:	81A57469082594DB157F198D20B149458C495A711D7EED21899CD980FF9F6300
SHA-512:	8669D3E50F8F11DC6B29B1D7BFAD342BBD32384DF3C7FC1BDA161D3FFCBCC824638D424E4D3E1E52144CE0FBC418D13222E0D28369C8B1003598B17E1768EEBA
Malicious:	false
Preview:	[ApplicationName]..AppName=imagePROGRAF Printer Driver Extra Kit....[OldVersionUtility]..Existence=N..Registry=....[Registry]..FileNum=1..File00=reg....[DefaultInstallFolder]..Showfolder=Y....[Check32bitOS]..Check32bitOS=N....[Check64bitOS]..Check64bitOS=Y....[UseBoth32And64]..InstallAlways32bitArea=Y....[AdminAuthority]..Authority=Y....[StartMenu]..AppName=N..UninstallInfo=Y..ReadMeInfo=N..MediaGuide=N..OtherFile=1..File0=iRCort.exe..OptionCommand0=..ItemName0=Color imageRUNNER Enlargement Copy..WindowCaption0=....[DesktopShortCut]..ConfirmMessage=N..MediaGuide=N..MediaGudeName=..Readme=N..ReadmeName=..OtherFile=0..FileName0=..ItemName0=....[PrinterModelInfo]..showModelInfo=N..printerNum=0..N00=....[ConsentLicense]..showLicense=Y....[CompanyName]..name=Canon....[Version]..Appver=2.30.00..Instver=3, 1, 0, 1....[AttributeFile]..readPermitFileNum=0..name0=....[hardeFile]..filecount=0..name=....[Reboot]..showRebootDlg=N....[USBClassDrv]..NUM=0....[FireWireClassDrv]..NUM=0....[LPRClassDrv]

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\instpack.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	299008
Entropy (8bit):	6.420200468736576
Encrypted:	false
SSDEEP:	6144:V4pRJjepNSdSQGqkV+o1l2GsnpnrbEbHK1Zuj/MP:V4BAiSX1apnrbNZujE
MD5:	13E42311A567ED4B6EC9A2353C52EB21
SHA1:	D63C9FCB9284E405F197B6321E0019DAFA15D333
SHA-256:	9ECCEAA10559890BA7CA2CD15B4E05D46B711F57DA71471050FF95022B578490
SHA-512:	3816C07A4C7377CB6FB20FD69AFE5A0843970A2A192A4A5C1A867CBC94E98E5FC37492A1C8C5E97049242F36752D1CBF56D1A660DA40CF8F3D998706011184E7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ki../.o./.o./.o.......o...0.'.o.....5.o.......o...2.6.o./.n.%.o.....Q.o.......o.......o.......o.Rich/.o.........................PE..L...y..H...........!................;m..............................................KU...............................3..X...............x........................'..................................@...@...................D...@....................text............................... ..`.rdata..h...........................@..@.data...<d...@... ...@..............@....rsrc...x............`..............@..@.reloc...P.......`...0..............@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Data\reg

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	103
Entropy (8bit):	4.67130744511877
Encrypted:	false
SSDEEP:	3:wgLxqwL9hN0tu+gLxqwL9hNE1eov:PLxTvN0mLxTvNE3v
MD5:	CBFD831195C9945C6781DFAD928E5488
SHA1:	FEB1A1EDFA9D63117F92690074FF2F4FC1C20FB3
SHA-256:	78420DAFE36759D96E901AAFD8D19AE2C5181CB2DF934318DDC59F750D09C107
SHA-512:	94E24B59B6FDA1A36640D6FEF5EB53E7BC6B2CC1BE56953AF236F5095DE9630A17DAD17EE471DBDBD751AAA8F0271CBA31D7251290FCD29A7FA010BC0D56CAD1
Malicious:	false
Preview:	[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\GARO\ExKit]..[HKEY_LOCAL_MACHINE\SOFTWARE\Canon\GARO\ExKit\iRCort]..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\MUI.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	2.7284585698794146
Encrypted:	false
SSDEEP:	48:aR8Org1WYGw7ax/wrOzNL3qnOclEO5JtNCSC:O5Sax/YQYdhCt
MD5:	6CC88E59C0D504A7F07BAAAAD334C78D
SHA1:	788CB3A838ABEB99FFB8AF3A778DC68A53511BEB
SHA-256:	75C4A01FD9A76C95BB6B4C434617A171434A99C29C18C99F48BA32E74FB4908A
SHA-512:	FCF7C7CFAF060D4AE0477CC479A636115EC9E49FF9B6566B693B20529D654FAB59645FD4027C8EE5BD35D9FFF3559FC5B2588A7893DB09F44594D12A8C7322E0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}"j.9C..9C..9C.."..:C.."..:C..0;..;C..9C..?C.."..:C.."..8C.."..8C..Rich9C..................PE..L.....R...........!.........................................................P......D.....@..........................................0.......................@.......................................................................................rdata..............................@..@.data...(.... ......................@....rsrc........0......................@..@.reloc..n....@......................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Chinese_Simplified.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5323
Entropy (8bit):	6.126918006238522
Encrypted:	false
SSDEEP:	96:hQIqT5KD2ZDtDWKZW4N4ru+Ka7rcybfDwBB28Hs+++Rxokthqm:hoQ4N417wvDLMDkr
MD5:	C22F53722C3983AB43AAEADE1985B27D
SHA1:	5DE4A4581948D4BB9A2290008B17D4E5E2536B32
SHA-256:	5F9DBA76332FBAB28A22DB359CAFDA44B80E828F70DFC16879D1BB1170778B79
SHA-512:	5B10683B44039A8E1425947ED492033BE92E031E96CF702A11D274072B55AB6C4EC682274EC1B8B51E2DCC3D999EAF2BB57BB3C79C3CDA4334A324066C165161
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. 2.30 ... * CANON ...... 2015 *.._______________________________________________________________________________.......... 1. .... 2. ...... 3. .......... 4. ...............1. .. ------------------------------------------------------------------------....Printer Driver Extra Kit.imagePROGRAF .............................imagePROGRAF.............................Free Layout............Color imageRUNNER....Enlargement Copy........<.....>..- Canon.Canon...imagePROGRAF................- Microsoft.Microsoft Corporation....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_English.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6172
Entropy (8bit):	4.695611653851606
Encrypted:	false
SSDEEP:	96:uHPsyeLhkDukDJkDQB6PxP4I8a1KA77Dw6TT8DNImJlgMjDvbwFk7mcwgcYXD:uvsnVhENB6P5a7ADZ38DNI27voUEgh
MD5:	368FBBD6A5687F37732FE076C59D09D0
SHA1:	3663B82569B02A9B1A6D609CC0ED875FF76024EB
SHA-256:	BF15CED9FC932528C9B69F2E20A324CA2D4F86AA673225B7091F9B79BF197368
SHA-512:	E68870B572CBADBC20517939C7503375857D05790EB26B6678A49E625D56D9656CED6F76EBD53AB313F01599B2D4B899D887D35FF8AF5DE53D23532F861BD5C7
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. Version 2.30.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Contents.... 1. Introduction.. 2. System Requirements.. 3. Precautions During Installation.. 4. Cautions, Limitations and Restrictions....1. Introduction ---------------------------------------------------------------....Printer Driver Extra Kit is the expansion module for imagePROGRAF Printer ..Driver...Install this module to add the two extra functions to imagePROGRAF Printer ..Driver: ..Free Layout function allowing the user to arrange multiple images as desired ..when printing on roll paper, and Enlargement Copy function using the Color ..imageRUNNER MFC.....<Trademarks and Abbreviations>..- Canon, the Canon logo, and imagePROGRAF are trademarks or registe

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_French.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	7137
Entropy (8bit):	4.768494971359397
Encrypted:	false
SSDEEP:	96:ucfe4DLUZDVUZD3UZDEshaW2CsVjcckMOjuaHxV/FKPMYGJOI8rrwBugiRKjE6pK:urmCmccJXEntzOI8r0rEGl2riLIBAG
MD5:	1D8492F4C1B886298C82BA839E949855
SHA1:	7AD8238C2DED290579BB909551EB7933526770C1
SHA-256:	AF14589AB8AC6F1CFAD5BC0A3435D91FF32C5A938860FD23FD10DA728BB504EC
SHA-512:	B7AB1D82893A51E79640420E1E58A621CBE9EC49DF094EDD16166C1A57868E32DD7E8F81C40375F55259213AD5938BF136CDD82B0ED8582548399C86889F490A
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. Version 2.30.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Sommaire.... 1. Introduction.. 2. Configuration requise.. 3. Pr.cautions . observer pendant l'installation.. 4. Pr.cautions, limitations et restrictions....1. Introduction ---------------------------------------------------------------....Printer Driver Extra Kit est le module d'extension du Pilote d'imprimante ..imagePROGRAF...Installez ce module pour ajouter deux fonctions suppl.mentaires au Pilote ..d'imprimante imagePROGRAF : la fonction Free Layout qui permet . l'utilisateur ..d'organiser plusieurs images lorsqu'il utilise le papier en rouleau pour ..imprimer et la fonction Enlargement Copy via Color imageRUNNER MFC.....< Marques de commerce et abr.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_German.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	7462
Entropy (8bit):	4.834158793516527
Encrypted:	false
SSDEEP:	192:uJD3nW1wVGGHrF04RYE3BiIGYyVxAh3ei0+g7A2qyWR:uJieVJdGVNing82qR
MD5:	185D4BE988C4D909B81230A44C9B7772
SHA1:	05029B4CDA6C15900348576D47B1FF0EECD8C4E4
SHA-256:	BDC79E50CBC2CF82438B9344767548DC1D656ED0397D108498474EEC251F49C0
SHA-512:	92F6B90C6B4CE0AE77ED4A914AFF558917BE3E43A51A8404C9C1AF5F0D268812088D657917B9A91A93DA9537DE0F9BE24B1D4904189B55EAEF64F2A86540CCAC
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. Version 2.30.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Inhalt.... 1. Einf.hrung.. 2. Systemanforderungen.. 3. Vorsichtsma.nahmen w.hrend der Installation.. 4. Vorsichtshinweise, Begrenzungen und Beschr.nkungen....1. Einf.hrung -----------------------------------------------------------------....Printer Driver Extra Kit ist ein Erweiterungsmodul f.r den ..imagePROGRAF-Druckertreiber...Installieren Sie dieses Modul und erg.nzen Sie den imagePROGRAF-Druckertreiber ..um die zwei folgenden Zusatzfunktionen: Free Layout Funktion ..(erm.glicht dem Benutzer das freie Anordnen mehrerer Bilder beim Drucken auf ..Rollenpapier) und Enlargement Copy Funktion f.r vergr..erte Kopien (unter ..Verwendung von Color image

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Italian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	7115
Entropy (8bit):	4.623669950462014
Encrypted:	false
SSDEEP:	192:97ipVh+++0iy1/BUCI3XQavUa0f9DGDCIUbW:97We++1yExXQar0f9DXW
MD5:	AF3AB2001AE1868F298E0955739899E9
SHA1:	3C0BAA07087B3C832D0FF1CCFD01781CBA554B1A
SHA-256:	FEE806E9A5650B731FAD6CFFA6D18FEFA781E03430CAB4B6769156D1F3A4C8EF
SHA-512:	2F62A5F8AA2A3831E36300984766454E1E4D61EB1AD9A5D4145125FEC70C1E0173669A1CE45E3783F0CFC43EBD4B834DAB1C1BF2B10F9E43D4DB5F63C3FEEA5E
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. Versione 2.30.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________....Sommario.... 1. Introduzione.. 2. Requisiti di sistema.. 3. Precauzioni durante l'installazione.. 4. Avvertenze, limiti e restrizioni....1. Introduzione ---------------------------------------------------------------....Printer Driver Extra Kit . il modulo di espansione del Driver di stampa ..imagePROGRAF...Installare questo modulo per aggiungere le due funzioni supplementari al ..Driver di stampa imagePROGRAF, ovvero la funzione Free Layout, che consente di ..disporre di pi. immagini nel modo desiderato durante la stampa su carta in ..rotolo, e la funzione Enlargement Copy usando Color imageRUNNER MFC.....< Marchi di Fabbrica e Abbreviazioni >..- Canon, il

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Japanese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	7365
Entropy (8bit):	5.449517154352485
Encrypted:	false
SSDEEP:	96:ug+H8AXFniNPb+D3gxD3bRDmD3bF1bvCEWgeOGvZrXetfno7EvIhJHR5fTwBnCBH:uyAkwMOwjWtg8f2Gfn9tgfLd
MD5:	5484BBBA0A02C485E4DCFEBAE1E05A8C
SHA1:	FBFA4E0121399725DD08E0C8B8DBDE62E54F91EF
SHA-256:	E1DBA83137E6C9B2983BFB126E5C6C30D30328BFD494E61222F2235F22B9EA50
SHA-512:	68F158DCE10FA00EA13FD928608C4C6721AC9D03C054DB078D8EA85BC29A0A872F52F9EEC6B49D1AC86B1E07AA646C6CA47D6F9319DC2D0A0B03EDE79EC91B24
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. Version 2.30.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________........... 1. ...... 2. ...... 3. ............ 4. ..........1. .... -------------------------------------------------------------------....Printer Driver Extra Kit..imagePROGRAF............................................................................................Color imageRUNNER..................imagePROGRAF...............................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Korean.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	7120
Entropy (8bit):	5.622700198356783
Encrypted:	false
SSDEEP:	96:tFpyVujWDmeDQeD2H6An60sTXj6RFr5ZgaAjbBFd4NwBAV7NqmA/w58Ci40ZtTOp:tzGuFa/yHWacBPy74w8CUW
MD5:	259198514273F116215247577C102C56
SHA1:	785810D607CCE7448F93F0AB98B52F0B6716B77B
SHA-256:	55F45B63572334CA2A27062A13E8F3C98659996077DA5CBC1E0FC122FC848895
SHA-512:	CD305A8DE8895169B41644224683580284AC23DF228642F65E59A8C3BABB6679EB34472759989FE24CE6D3F4CE3E6EAEDDD309709B4044DC8FEB15B757904C2C
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. .. 2.30.. * ... CANON INC. 2015 *.._______________________________________________________________________________.......... 1. ...... 2. ... ...... 3. .. . .. .... 4. .., .. ... ......1. .... --------------------------------------------------------------------....Printer Driver Extra Kit. imagePROGRAF... ..... .. .. ......... ... .... ... ... . .. .. .... .... .... ...Free Layout... . ... ... Color imageRUNNER. .... ...Enlargement Copy.... imagePROGRAF ... ..... ... . .........<... ..>..- Canon, Canon .. . imagePROGRAF.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Portuguese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6779
Entropy (8bit):	4.7826975307977895
Encrypted:	false
SSDEEP:	96:xJi3gPnVW48D1vDN6vcdvsYIg7Eug9fO4KB94BnjuwBOjc+guoNpoqEV3vj9x4Q:xJiOEB6kdvsYHgQ4KB94lAg+guthvjV
MD5:	09FC1910A8CE3D070DBF69814CC72B64
SHA1:	25D468836BFB12B049A6642483121CF59CE72CFE
SHA-256:	5F7E4148476B1D3F041D960478189DE724CFB1B1B3616E6AE9E02C830C980F3D
SHA-512:	FFDACA034D3FAEC95C0B86785547A9CF60EC57CDA6947E1254B43883579A9F94014A902624C7361680F38A5303A1D3123A87A3912FB5DE2FBADDDBE5EE9B3997
Malicious:	false
Preview:	.________________________________________________________________________________.... Printer Driver Extra Kit.. Vers.o 2.30.. * Copyright CANON INC. 2015 *..________________________________________________________________________________....Conte.do.... 1. Introdu..o.. 2. Requisitos do sistema.. 3. Precau..es durante a instala..o.. 4. Cuidados, limita..es e restri..es....1. Introdu..o ------------------------------------------------------------------....O Printer Driver Extra Kit . o m.dulo de expans.o do driver de impressora ..imagePROGRAF...Instale esse m.dulo para adicionar mais duas fun..es ao driver ..de impressora imagePROGRAF:..A fun..o Free Layout, que permite que o usu.rio organize v.rias imagens conforme..desejar ao imprimir em papel em rolo, e a fun..o Enlargement Copy, que usa o..Color imageRUNNER MFC.....<Marcas comerciais e abrevia..es>..- Canon, o logot

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Russian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	11251
Entropy (8bit):	4.532839862948336
Encrypted:	false
SSDEEP:	192:fPHUVdVEXTWr9B9UN8xk2bBqsJeov8m/4136sLhVwuYVbKs/M+lk:Hx87qtNm/41qDukKEDlk
MD5:	E36DC6C5AC8B8E90FB63A5FD35B899CC
SHA1:	A6E73E8EF11F081879AF8CE6CB4A5B8090EF6AA3
SHA-256:	C60D8135D80FF8131DF035DB17F55374107676A4C58BB3C296682BB2AB39BFDF
SHA-512:	DEDCDAF2DE92A201F797F1CE5B0E4927A5D060DC83FFE1E3CAF5D2903F7B70F4850FC3FD8E95CA7E14B76747D8AD8188C645BE5BC1017B0B1B4040B6AB936E5B
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. ...... 2.30.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________.................. 1. .......... 2. ......... ............ 3. .... ................ .. ..... ........... 4. ..............., ........... . ...........1. ........ --------------------------------------------------------------------....Printer Driver Extra Kit ........ ....... .......... ... imagePROGRAF Printer ..Driver............. .... ...... ... .......... .... .............. ....... . ..imagePROGRAF Printer Driver: ....... Free Layout, .......

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Readme_Spanish.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	7253
Entropy (8bit):	4.670600412205347
Encrypted:	false
SSDEEP:	192:jxyWXPu8XqpK+4XAxegszjvPXfYoEc+YoXTXRz2h33XPus+Hi:4W/iCZwgoDshH/Ii
MD5:	7AB7C5982B35E2CF12C710E59E01C846
SHA1:	F53D489881CC9D54992077150640FE36239FCA19
SHA-256:	D3BC204E59DD7E4B181C3B8E7AAE88263698D3DA3BA5FE2B066B79CA548B6BF6
SHA-512:	3D2E9910D4DFF598B15F81289005A9FD838533DCF264823B6EDEB003377ED7EE7B13B2770B1A9CA4E5CA5D2A2C5745A44CE8174635B141972569B18F180B139E
Malicious:	false
Preview:	._______________________________________________________________________________.... Printer Driver Extra Kit.. versi.n 2.30.. * Copyright CANON INC. 2015 *.._______________________________________________________________________________.....ndice.... 1. Introducci.n.. 2. Requisitos del sistema.. 3. Precauciones durante la instalaci.n.. 4. Precauciones, limitaciones y restricciones....1. Introducci.n ---------------------------------------------------------------....Printer Driver Extra Kit es el m.dulo de extensi.n del Controlador de ..impresora imagePROGRAF...Instale este m.dulo para a.adir dos nuevas funciones al Controlador de ..impresora imagePROGRAF: ..la funci.n Free Layout que permite al usuario organizar m.ltiples im.genes ..como desee al imprimir en rollo de papel, y la funci.n Enlargement Copy ..mediante el Color imageRUNNER MFC.....< Marcas registradas y Abreviaciones >

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Setup.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2320464
Entropy (8bit):	5.956380304463204
Encrypted:	false
SSDEEP:	49152:8O7YiGe7FLWNwPkbr09rO73VSREcPpMI3QOywgReywylzBOsgXkSETtULu+qW1aR:NGkLWNwPA0873VSREcPpMGuwgReollOw
MD5:	72970382EC4DFF28364351F6DD5E91E9
SHA1:	044F9E0DEDB2CDF03DD30BC725E3C4CCF09E2E06
SHA-256:	FE553CBDE7AB3DE6BAC7DF2322E5E0345326F083C51CB873E55F7797D334F659
SHA-512:	3F849896A4F3A1BFBD386DD75CD88CC66F52BAFCBE63C6DD9C7BA50F5E8D059E87315D184924BB19C586EA308B9BF4354F065F35DAD78F7757483663746D12B3
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.B...,...,...,.......,.~...:.,.~.....,.......,...-.'.,.~.....,.~.....,.~.....,.Rich..,.........................PE..L.....tS.................~..........$.............@...........................#.....l.#...@..................................F..@..... ..f...........J#.P.... !.........................................@...............X....>.......................text....\|.......~.................. ..`.rdata..............................@..@.data....&...........n..............@....rsrc....f.... ..h.... .............@..@.reloc..(.... !....... .............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\Setup.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	15210
Entropy (8bit):	3.7182427555938387
Encrypted:	false
SSDEEP:	192:w4G+wnFz86dvlp2+MI1aLLNL30QH52qSZp:wD+GZ+L30Q8
MD5:	D7153D16AA674ACC829712909A1506DC
SHA1:	BE6FA8F817A8721DE9671FF7A62FB168D2145527
SHA-256:	7E823B5DDDE5AD37B40E71A0DDC6E2F03873299BBA8B0CB9186818AD67080CD8
SHA-512:	B64E813C55F8F54842383E2AC8BFC9F8AA0EF4004B00B4317B51307498892AD2BA8D28B4108A20C09023D8CD10A16ED3B2FDC6CB8574536EECBD1676F2851E72
Malicious:	false
Preview:	..[.S.t.a.r.t.u.p.].....A.p.p.N.a.m.e.=.".#.@.S.T.R._.A.P.P._.N.A.M.E.@.#.".....S.h.o.r.t.A.p.p.N.a.m.e.=.".#.@.S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.@.#.".....P.r.o.d.u.c.t.N.a.m.e.=.".i.R.C.o.r.t...e.x.e.".....V.e.r.s.i.o.n.=.".2...3.0...0.0.".....V.e.r.s.i.o.n.C.o.m.p.a.r.e.I.N.I.=.".1.".....E.U.L.A.=.".1.".....R.e.g.A.g.r.e.e.I.T.=.".1.".....F.o.l.d.e.r.S.e.l.e.c.t.=.".1.".....M.a.x.F.i.l.e.N.u.m.=.".2.4.8.".....M.a.x.P.a.t.h.L.e.n.=.".2.2.0.".....R.e.g.K.e.y.=.".S.o.f.t.w.a.r.e.\.C.a.n.o.n.\.i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....I.n.s.t.D.e.f.F.o.l.d.e.r.P.r.g.X.8.6.=.".1.".........[.r.e.g.i.o.n. .i.n.f.o.].....R.E.G.I.O.N.=.".0.".........[.L.a.n.g.u.a.g.e.].....S.u.p.p.o.r.t.L.a.n.g.u.a.g.e.=.".U.S.,.J.P.,.F.R.,.I.T.,.D.E.,.E.S.,.C.N.,.K.R.,.R.U.,.P.T.".....E.U.L.A.D.I.R.=.".R.e.s.\.E.U.L.A.".....R.e.a.d.M.e.D.I.R.=.".\.".....A.p.p.S.t.r.i.n.g.D.I.R.=.".R.e.s.\.S.t.r.i.n.g.".........[.i.n.s.t.a.l.l. .f.o.l.d.e.r.].....F.o.l.d.e.r.N.a.m.e.=.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\EC_French.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (1165), with CRLF line terminators
Category:	dropped
Size (bytes):	15268
Entropy (8bit):	3.548561898148572
Encrypted:	false
SSDEEP:	192:KQUXsuWrOg4aInxvMzUyQwGCxIRKMaQ4W2Thn0n6EpvpmfkqRiHJyMCshAqeAN4j:36g4aKLQIRbZE0n0R0vSsN+
MD5:	B267231D7A927E365ABAD1CD110A3A51
SHA1:	43BD5B06CCF29D4547BFEE8B560DC1015056A687
SHA-256:	F05FAE12A3A139C675AF4343D8A3E79F88876E74E21B8F9A4F84AB02D205328C
SHA-512:	36A68F75EB8E45E68C5968F4402A3749EDD938ED36BEEB7C4CB26CF1E73306B96A40E43D3FEC9EDC525CD57BAEA99CA8A20241FEE0022757F6A2ACF994F4C880
Malicious:	false
Preview:	..C.O.N.T.R.A.T. .D.E. .L.I.C.E.N.C.E. .D.E. .L.O.G.I.C.I.E.L. .D.E. .C.A.N.O.N.........I.M.P.O.R.T.A.N.T. .-. .N.E. .P.A.S. .O.U.B.L.I.E.R. .D.E. .L.I.R.E. .C.E. .C.O.N.T.R.A.T. .A.V.A.N.T. .D.'.I.N.S.T.A.L.L.E.R. .L.E. .L.O.G.I.C.I.E.L.!.........C.e. .d.o.c.u.m.e.n.t. .j.u.r.i.d.i.q.u.e. .e.s.t. .u.n. .c.o.n.t.r.a.t. .d.e. .l.i.c.e.n.c.e. ...t.a.b.l.i. .e.n.t.r.e. .v.o.u.s. .e.t. .l.a. .f.i.r.m.e. .C.a.n.o.n. .I.n.c... .(.d...s.i.g.n...e. .p.a.r. .".C.a.n.o.n.".). .r...g.i.s.s.a.n.t. .v.o.t.r.e. .u.t.i.l.i.s.a.t.i.o.n. .d.u. .l.o.g.i.c.i.e.l. .e.t. .d.u. .m.a.n.u.e.l. .e.n. .l.i.g.n.e. .o.u. ...l.e.c.t.r.i.q.u.e. .(.c.o.l.l.e.c.t.i.v.e.m.e.n.t. .d...s.i.g.n... .p.a.r. .l.e. .".L.O.G.I.C.I.E.L.".)... .E.N. .I.N.S.T.A.L.L.A.N.T. .L.E. .L.O.G.I.C.I.E.L.,. .I.L. .E.S.T. .C.O.N.S.I.D...R... .Q.U.E. .V.O.U.S. .A.C.C.E.P.T.E.Z. .D.'...T.R.E. .L.I... .P.A.R. .L.E.S. .C.O.N.D.I.T.I.O.N.S. .D.E. .C.E. .C.O.N.T.R.A.T... .E.N. .C.A.S. .D.E. .D...S.A.C.C.O.R.D. .A.V.E.C. .L.E.S. .C.O.N.D.I.T.I.O.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\EC_German.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (1154), with CRLF line terminators
Category:	dropped
Size (bytes):	14720
Entropy (8bit):	3.596964066544626
Encrypted:	false
SSDEEP:	192:e9IV5FY9R5vPa0N5IMQHPQ+AKfkqg1JhExlo5c:dVbY9R5XajozIg1P9+
MD5:	C4E2B797D5B0D54EB19D4B884EF8CEE6
SHA1:	48B3E35731CEECF8048BF9B16D89F48838FF8DAB
SHA-256:	410ADF0F1FECFE0389DD14584515B0F821AE92AA832BB744DC8BAE4FD1510017
SHA-512:	6609B33634040A49CFAA4A09AA37ADC84702293A97718D9B1CFDD7C33C732CD4916906DD5E6F57C2255313B6D2C0FD725D6C55CFB6ADCBEF8F9A3F0575FAAF14
Malicious:	false
Preview:	..C.A.N.O.N. .S.O.F.T.W.A.R.E.-.L.I.Z.E.N.Z.V.E.R.E.I.N.B.A.R.U.N.G.........W.I.C.H.T.I.G. .-. .L.E.S.E.N. .S.I.E. .D.I.E.S.E. .V.E.R.E.I.N.B.A.R.U.N.G. .V.O.R. .D.E.R. .I.N.S.T.A.L.L.A.T.I.O.N. .D.E.R. .S.O.F.T.W.A.R.E.!.........D.i.e.s.e.s. .j.u.r.i.s.t.i.s.c.h.e. .D.o.k.u.m.e.n.t. .i.s.t. .e.i.n.e. .L.i.z.e.n.z.v.e.r.e.i.n.b.a.r.u.n.g. .z.w.i.s.c.h.e.n. .I.h.n.e.n. .u.n.d. .C.a.n.o.n. .I.n.c... .(.".C.a.n.o.n.".). .b.e.z...g.l.i.c.h. .I.h.r.e.r. .V.e.r.w.e.n.d.u.n.g. .d.e.r. .S.o.f.t.w.a.r.e. .u.n.d. .d.e.r. .i.n. .e.l.e.k.t.r.o.n.i.s.c.h.e.r. .F.o.r.m. .v.o.r.h.a.n.d.e.n.e.n. .A.n.l.e.i.t.u.n.g.e.n. .(.h.i.e.r. .g.e.m.e.i.n.s.a.m. .a.l.s. .".S.O.F.T.W.A.R.E.". .b.e.z.e.i.c.h.n.e.t.)... .M.I.T. .D.E.R. .I.N.S.T.A.L.L.A.T.I.O.N. .D.E.R. .S.O.F.T.W.A.R.E. .S.T.I.M.M.E.N. .S.I.E. .D.E.N. .B.E.D.I.N.G.U.N.G.E.N. .D.I.E.S.E.R. .V.E.R.E.I.N.B.A.R.U.N.G. .Z.U. .U.N.D. .S.I.N.D. .A.N. .D.I.E.S.E. .G.E.B.U.N.D.E.N... .W.E.N.N. .S.I.E. .D.E.N. .B.E.D.I.N.G.U.N.G.E.N. .D.I.E.S.E.R. .V.E.R.E.I.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\EC_Italian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (1028), with CRLF line terminators
Category:	dropped
Size (bytes):	14282
Entropy (8bit):	3.5384174747523645
Encrypted:	false
SSDEEP:	192:Knz81j5z2Doves6+BvwFCvqRaDkLI5xGdfkqmyqpjk1n3KQT4:B1jD6+4GkLX4js4
MD5:	BB7300A14A0C905E6F5BF9437E01488C
SHA1:	B59DAEC587AF5B5B04F4E153335D1AD2D04A346B
SHA-256:	8652E759D1B10E2F724BB8E07459C603DFEF4FFB7C24DE687B7ACAC8DF87A305
SHA-512:	89DCDE9632E107CB72375CC259C208EE27A819791655771EBC4EED8BF0F3D28E8C12E2D104449FB17540E880E340EC1B0ACE5F4DDB59B39674AC6C4BB97A6F9E
Malicious:	false
Preview:	..C.O.N.T.R.A.T.T.O. .D.I. .L.I.C.E.N.Z.A. .D.E.L. .S.O.F.T.W.A.R.E. .C.A.N.O.N.........I.M.P.O.R.T.A.N.T.E.-.L.E.G.G.E.R.E. .I.L. .P.R.E.S.E.N.T.E. .C.O.N.T.R.A.T.T.O. .P.R.I.M.A. .D.I. .I.N.S.T.A.L.L.A.R.E. .I.L. .S.O.F.T.W.A.R.E.!.........I.l. .p.r.e.s.e.n.t.e. .d.o.c.u.m.e.n.t.o. .l.e.g.a.l.e. .c.o.s.t.i.t.u.i.s.c.e. .u.n. .c.o.n.t.r.a.t.t.o. .d.i. .l.i.c.e.n.z.a. .t.r.a. .l.. u.t.e.n.t.e. .e. .l.a. .C.a.n.o.n. .I.n.c... .(.".C.a.n.o.n.".). .r.e.g.o.l.a.n.t.e. .l.. u.t.i.l.i.z.z.o. .d.e.l. .s.o.f.t.w.a.r.e. .e. .d.e.l. .m.a.n.u.a.l.e. .o.n.l.i.n.e. .o. .e.l.e.t.t.r.o.n.i.c.o. .(.n.e.l. .l.o.r.o. .i.n.s.i.e.m.e.,. .i.l. .".S.O.F.T.W.A.R.E.".)... .I.N.S.T.A.L.L.A.N.D.O. .I.L. .S.O.F.T.W.A.R.E.,. .L.. U.T.E.N.T.E. .A.C.C.E.T.T.A. .D.I. .E.S.S.E.R.E. .V.I.N.C.O.L.A.T.O. .D.A.L.L.E. .C.O.N.D.I.Z.I.O.N.I. .D.E.L. .P.R.E.S.E.N.T.E. .C.O.N.T.R.A.T.T.O... .Q.U.A.L.O.R.A. .L.. U.T.E.N.T.E. .N.O.N. .A.C.C.E.T.T.I. .L.E. .C.O.N.D.I.Z.I.O.N.I. .D.E.L. .P.R.E.S.E.N.T.E. .C.O.N.T.R.A.T.T.O.,. .D.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\EC_Portuguese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (996), with CRLF line terminators
Category:	dropped
Size (bytes):	13416
Entropy (8bit):	3.5904498930650592
Encrypted:	false
SSDEEP:	192:KI2rQypJRen0Lq2vS/JCZJ/Rc+UPZxIfcq/2LM676uuuCFCXnM3N8:URReGq2vSxCZsc/Hd3N8
MD5:	AE8FFCC659FA2DC5145CDEE5876C4E4B
SHA1:	3376DFBD033A9F88F262A57F5A4351C45A296E67
SHA-256:	A64F4C70BFB6F43C6AE9C78D58009B6E275C360DB16012366ECAC7F62FE81C6B
SHA-512:	7EB76A2F687DC709DE6B7C1FFB8FD9C09158B0341B7BCE1468CD485D5EA4154E8A9FA3AF6D7E173AB0088483DED70C27D824B0D8CD2AC1D9FE6DE7FE79D3A645
Malicious:	false
Preview:	..C.O.N.T.R.A.T.O. .D.E. .L.I.C.E.N...A. .D.O. .S.O.F.T.W.A.R.E. .C.A.N.O.N.........I.M.P.O.R.T.A.N.T.E.-.L.E.I.A. .E.S.T.E. .C.O.N.T.R.A.T.O. .A.N.T.E.S. .D.E. .I.N.S.T.A.L.A.R. .O. .S.O.F.T.W.A.R.E.!. . .........E.s.t.e. .d.o.c.u.m.e.n.t.o. .l.e.g.a.l. ... .u.m. .c.o.n.t.r.a.t.o. .d.e. .l.i.c.e.n...a. .e.n.t.r.e. .v.o.c... .e. .a. .C.a.n.o.n. .I.n.c... .(.".C.a.n.o.n.".). .q.u.e. .r.e.g.e. .s.u.a. .u.t.i.l.i.z.a.....o. .d.o. .s.o.f.t.w.a.r.e. .e. .o. .m.a.n.u.a.l. .o.n.l.i.n.e. .o.u. .e.l.e.t.r...n.i.c.o. .(.c.o.l.e.t.i.v.a.m.e.n.t.e. .o. .".S.O.F.T.W.A.R.E.".)... . .A.O. .I.N.S.T.A.L.A.R. .O. .S.O.F.T.W.A.R.E.,. .C.O.N.S.I.D.E.R.A.M.O.S. .Q.U.E. .V.O.C... .C.O.N.C.O.R.D.O.U. .E.M. .S.E.G.U.I.R. .O.S. .T.E.R.M.O.S. .D.E.S.T.E. .C.O.N.T.R.A.T.O... . .S.E. .N...O. .C.O.N.C.O.R.D.A.R. .C.O.M. .O.S. .T.E.R.M.O.S. .D.E.S.T.E. .C.O.N.T.R.A.T.O.,. .F.E.C.H.E. .I.M.E.D.I.A.T.A.M.E.N.T.E. .E.S.T.E. .P.R.O.G.R.A.M.A. .D.E. .I.N.S.T.A.L.A.....O. .E. .N...O. .I.N.S.T.A.L.E. .O. .S.O.F.T.W.A.R.E.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\EC_Russian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (1182), with CRLF line terminators
Category:	dropped
Size (bytes):	15598
Entropy (8bit):	4.127101730249165
Encrypted:	false
SSDEEP:	192:8Ia2U2mxtp9C2W1jiLNFVUrHlsrv+G9AM5zEfcqRHCRutyijmiD1T:ha2UBxtp91NFqrStDVaRHCRut/jrpT
MD5:	FB6FB9FAAF5063DFE77FB82F777BF0D0
SHA1:	EFDCEBD7815CCDFAFDB45965DD7602A70DD72418
SHA-256:	A0A48080A917214255493EA633BDC21A4DD4D17CC663EB14CD35BD2165AAE25C
SHA-512:	E2471DC0D799E2E20A103243265B0684DC72468ABFF095D4BFBD9819C5F96323303F4D804655208E068E629887576C4E2EF7D54D6DD3C1104788322E52026FB7
Malicious:	false
Preview:	......&........./. ..... ... ..... ............. .......!.....'......... .C.A.N.O.N...................:. ... ...'."..."... .-."... .!.........(......... ..... ..... .#.!."............... ... ..... ............... .......!.....'......./.!.........-.B.>.B. .?.@.0.2.>.2.>.9. .4.>.:.C.<.5.=.B. .O.2.;.O.5.B.A.O. .;.8.F.5.=.7.8.>.=.=.K.<. .A.>.3.;.0.H.5.=.8.5.<. .<.5.6.4.C. ...0.<.8. .8. .:.>.@.?.>.@.0.F.8.5.9. .C.a.n.o.n. .I.n.c... .(.".C.a.n.o.n.".).,. .>.?.@.5.4.5.;.O.N.I.8.<. .8.A.?.>.;.L.7.>.2.0.=.8.5. ...0.<.8. .M.B.>.3.>. .?.@.>.3.@.0.<.<.=.>.3.>. .>.1.5.A.?.5.G.5.=.8.O.,. .0. .B.0.:.6.5. .8.=.B.5.@.0.:.B.8.2.=.K.E. .8. .M.;.5.:.B.@.>.=.=.K.E. .@.C.:.>.2.>.4.A.B.2. .(.A.>.2.<.5.A.B.=.>. .=.0.7.K.2.0.5.<.K.E. ."... ..... .........+... .......!.....'...........".)... ... ...................".!./.,. .'."...,. .#.!."................./. .-."... ... ..... ............. .......!.....'.........,. ...+. ......."..... ........."... .!....... .!.........!..... ...+.".,. .!.../.........+... .#.!.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\EC_Spanish.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (1087), with CRLF line terminators
Category:	dropped
Size (bytes):	14076
Entropy (8bit):	3.5471724731776297
Encrypted:	false
SSDEEP:	192:0G6xfF1ElOwGzSvfeEwZG5aobJovDLTFivfkqBLiNmbmmJT:M3EItSnPpaqJovXJibBhZT
MD5:	6285481F3C7A005B7A472F2E4E43AA19
SHA1:	B62EB5A6442C97B6591ECB839989A7D84039D038
SHA-256:	7F86CD994A32DB23582F725098103B73CA7D4592A7C43E099990FA1B92EFC369
SHA-512:	036282830CC341ACFC1D47744994CF8068F83B062F5A655DAB3D1BB2A49731E8AD85A3A0E23033179C946A27AE4C7E9534A6B18EBC42BF1A7771103903C8DF58
Malicious:	false
Preview:	..A.C.U.E.R.D.O. .D.E. .L.I.C.E.N.C.I.A. .D.E.L. .S.O.F.T.W.A.R.E. .D.E. .C.A.N.O.N.........I.M.P.O.R.T.A.N.T.E. .-. ...L.E.A. .E.S.T.E. .A.C.U.E.R.D.O. .A.N.T.E.S. .D.E. .I.N.S.T.A.L.A.R. .E.L. .S.O.F.T.W.A.R.E.!.........E.s.t.e. .d.o.c.u.m.e.n.t.o. .l.e.g.a.l. .e.s. .u.n. .a.c.u.e.r.d.o. .d.e. .l.i.c.e.n.c.i.a. .e.n.t.r.e. .u.s.t.e.d. .y. .C.a.n.o.n. .I.n.c... .(.".C.a.n.o.n.".). .q.u.e. .e.s.t.a.b.l.e.c.e. .e.l. .u.s.o. .d.e.l. .s.o.f.t.w.a.r.e. .y. .d.e.l. .m.a.n.u.a.l. .e.n. .l...n.e.a. .o. .e.l...c.t.r.i.c.o. .(.c.o.l.e.c.t.i.v.a.m.e.n.t.e.,. .e.l. .".S.O.F.T.W.A.R.E.".)... .C.O.N. .L.A. .I.N.S.T.A.L.A.C.I...N. .D.E.L. .S.O.F.T.W.A.R.E.,. .S.E. .C.O.N.S.I.D.E.R.A. .Q.U.E. .U.S.T.E.D. .E.S.T... .D.E. .A.C.U.E.R.D.O. .C.O.N. .L.A. .O.B.L.I.G.A.C.I...N. .D.E. .R.E.S.P.E.T.A.R. .L.O.S. .T...R.M.I.N.O.S. .D.E. .E.S.T.E. .A.C.U.E.R.D.O... .S.I. .U.S.T.E.D. .N.O. .A.C.E.P.T.A. .L.O.S. .T...R.M.I.N.O.S. .D.E. .E.S.T.E. .A.C.U.E.R.D.O.,. .C.I.E.R.R.E. .I.N.M.E.D.I.A.T.A.M.E.N.T.E. .E.S.T.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\JP_Japanese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (518), with CRLF line terminators
Category:	dropped
Size (bytes):	5854
Entropy (8bit):	5.491821021477222
Encrypted:	false
SSDEEP:	96:8hdm7UVE+wMJ7JSNkSg29qtOHkNqF2WkJaw1aAimuv2uvuvae7uKYpO:qdm7Ui00UrFWNnwcKf
MD5:	D4CCCE82B3BC26777BB162736E785102
SHA1:	79F39D0213EE570E5D6694AEE3258D09381FA478
SHA-256:	97E575C8A73C8C5879606127B28448079755830B2AA1BF014AFC803E353E145C
SHA-512:	3E5850A99F8D263618DB288D34C09121BC8DE9B2A622433365F8530249D767424E643DA417ECD7882894998EBD8C0BAA9CA7D0A92AFAC91CE1EE00E0593037EF
Malicious:	false
Preview:	.. . . . . . . . . . . . . . . . . . . . . . . ..0.0.0.0.0.0.O(u1...QY.}.f........,g.0.0.0.0.0.0.0T0.O(uk0j0.0MRk0.0.N.Nn0.e.z.0.0O0J0...0O0`0U0D0.0....S0n0QY.}o0.0J0.[.ih0.0.0.0.0.0*h._.O>y...N.N.0.0.0.0h0..D0~0Y0..h0n0..n0QY.}g0Y0.0.....0.0.0.0o0.0J0.[.ik0.[W0.0,gQY.}.fh0qQk0T0.c.OY0.0.0.0.0.0.0.0...T.0.0.0.0.0.0+T.0.0S0.0.0.0.}.yW0f0.N.N.0,g.0.0.0.0.0.0.0h0..D0~0Y0..n0^..r`S.v.O(u)j.0.N..ag..k0.We0M01...W0.0J0.[.i.0.N..ag..k0T0.T.aD0_0`0O0.0n0h0W0~0Y0.0....J0.[.io0.0.0,g.0.0.0.0.0.0.0n0.0.0.0.0.0.0.0.0c0f0.0S0n0QY.}k0.T.aW0_0S0h0k0j0.0~0Y0.0....J0.[.iL0S0n0QY.}k0.T.ag0M0j0D04X.Tk0o0.0T0.O(u.0.0.0.0.0.0.0U0.0Z0.0.va0k0.0,g.0.0.0.0.0.0.0.04x.hW0f0.NU0D0.0.............O(u1...........(.1.). .J0.[.io0.0.0,g.0.0.0.0.0.0.0.0.0.0.0.0.0n0.0.0.0.0.0.0.0.0.0.0.0...N.Nb..0.0.0.0c.h0..D0~0Y0..k0.v.c~0_0o0.0.0.0.0.0.0.0..X0.c.}U0.0.0..pen0.0.0.0.0.0.0n0]0.0^0.0k0J0D0f0.O(u...0.O(u.0h0o0.0.01....0.0.0.0.0.0.0.0.0.0.0.0.0.0n0...a.ZSO.Nk0.0.0.0.0.0.0Y0.0S0h0.0~0_0o0.0.0.0.0.0.0k0J0D0f0h.:yY0.0S0h0.0

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\US_English.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (993), with CRLF line terminators
Category:	dropped
Size (bytes):	12970
Entropy (8bit):	3.572779344859941
Encrypted:	false
SSDEEP:	192:QCvzuzwEv1tjtmx0tjP3QyeRUMxnLJJdfkqewqoJ8x4z1k:dzA71tjtmOtjPgyeR7Pbqodk
MD5:	24694E5E0DE62755BA07668953CE8D2E
SHA1:	0478F36EBE3A9A3BB239D73709DCF93A8984CE23
SHA-256:	030850F44DCAFBC79C225B430D5FDBD321D129D7A63181B35479242EC733EB57
SHA-512:	D4E299C6FCFB92FD91E98BAB1FE432174E516CC3EFE81D0831895C727F5DD357A0DC11C218F0335F0D316662C89B9FF3563BD8EAF27FE213CE215A84B91CC2B1
Malicious:	false
Preview:	..C.A.N.O.N. .S.O.F.T.W.A.R.E. .L.I.C.E.N.S.E. .A.G.R.E.E.M.E.N.T.........I.M.P.O.R.T.A.N.T.-.R.E.A.D. .T.H.I.S. .A.G.R.E.E.M.E.N.T. .B.E.F.O.R.E. .I.N.S.T.A.L.L.I.N.G. .T.H.E. .S.O.F.T.W.A.R.E.!.........T.h.i.s. .l.e.g.a.l. .d.o.c.u.m.e.n.t. .i.s. .a. .l.i.c.e.n.s.e. .a.g.r.e.e.m.e.n.t. .b.e.t.w.e.e.n. .y.o.u. .a.n.d. .C.a.n.o.n. .I.n.c... .(.".C.a.n.o.n.".). .g.o.v.e.r.n.i.n.g. .y.o.u.r. .u.s.e. .o.f. .t.h.e. .s.o.f.t.w.a.r.e. .a.n.d. .t.h.e. .o.n.l.i.n.e. .o.r. .e.l.e.c.t.r.i.c. .m.a.n.u.a.l. .(.c.o.l.l.e.c.t.i.v.e.l.y.,. .t.h.e. .".S.O.F.T.W.A.R.E.".)... .B.Y. .I.N.S.T.A.L.L.I.N.G. .T.H.E. .S.O.F.T.W.A.R.E.,. .Y.O.U. .A.R.E. .D.E.E.M.E.D. .T.O. .H.A.V.E. .A.G.R.E.E.D. .T.O. .B.E. .B.O.U.N.D. .B.Y. .T.H.E. .T.E.R.M.S. .O.F. .T.H.I.S. .A.G.R.E.E.M.E.N.T... .I.F. .Y.O.U. .D.O. .N.O.T. .A.G.R.E.E. .T.O. .T.H.E. .T.E.R.M.S. .O.F. .T.H.I.S. .A.G.R.E.E.M.E.N.T.,. .P.R.O.M.P.T.L.Y. .C.L.O.S.E. .T.H.I.S. .I.N.S.T.A.L.L.A.T.I.O.N. .P.R.O.G.R.A.M. .A.N.D. .D.O. .N.O.T. .I.N.S.T.A.L.L. .T.H.E.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\US_Korean.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (516), with CRLF line terminators
Category:	dropped
Size (bytes):	7038
Entropy (8bit):	5.442306312388692
Encrypted:	false
SSDEEP:	96:2skIZMhmfs/t98Ea2jcDutin4vTRQl7LGYZtcgsEmYdb7JZnuv2uvuvaeTuqIpyM:Aetfs/t9PjvtiIC7SatcgX3vkqe1n
MD5:	0C63F898493D157F3778EDE225445A60
SHA1:	0B17ECD00CC53687BFD3BCA265E8F2A260F3B521
SHA-256:	D41C27EA28B34D2AA549904B2F1CB85F4118871E4E5CBEB09E3D75B832B21675
SHA-512:	C67E4BBF40AAEDE267516FC805C36E4F22AC5E02DBE3561912A3D4DF8B3862E57FA72D896BC291939A0A5EDC20A1C84406CF2D0353B7E4E9160E889FDB1F328B
Malicious:	false
Preview:	..C.A.N.O.N. ......... .\|.t. ... ..}.............. .-. .........\|. .$.X.X.0. ..... .t. ..}...X. .....D. .}.<.....$.!.........t. ..... .8..... .........@. .(.\|.x. ..... .... ..t... .(.h.. .".........". .\|.. .}.h.). .X. ....... ...\. ......@. .C.a.n.o.n. .I.n.c... .(.".C.a.n.o.n.". .t.\|.. .}.h.). ...t.X. .\|.t. ... ..}......... .........\|. .$.X.X.t. .t. ..}...X. .t... .p.m... ..X.X.. ...<.\. .x...)..... .t. ..}...X. .p.m... ..X.X... .J.<.t. ..... .$.X. ...\.....D. ... .........\|. .$.X.X... ......$................... ..... ...\... .X.X... ....... ... ..}...X. .p.m... .p.t... ..X.X.. ...<.\. .x...).............1... .\|.t. ... ...\. ..... ... ...\. ...m.:. ....... .C.a.n.o.n. ...l./. ....0.(."....0.". .\|.. .}.h.). ....X. ....... ...t. ...... .....0...... .........\|. ..... .(.".....". .t.. ....,. .\..,. .$.X.,. .... ..... .\... ..D. ...m.h.).`. ... .................. .... .....0.\. .l.1... .l..... ...<.p. .$.....l.\|. ...t. ....0.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\EULA\US_SimplifiedChinese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (516), with CRLF line terminators
Category:	dropped
Size (bytes):	4524
Entropy (8bit):	6.4059931106650145
Encrypted:	false
SSDEEP:	96:K/3Hg5yECK6jhuHK0PEVs0Wnuv2uvuvaeTuqIpwOqwg:8wiTMq0PT0Wvkq7t3
MD5:	437A2E823505A067502C9417DDECB461
SHA1:	DC72D49E8C1A187321A0DDBB100E3A6BE0B9652D
SHA-256:	2AC6B9496C2F8F8D020687287E05F4C9F7AEB7AB7D128DE0BF9DB0EA7D33FF34
SHA-512:	739F53AA441A6F633A67E9D050F0BC036BD11AFE80A97816D9213139827156A64E1C62F8EEC3AE157630BC6D1BA571F183C386151A1B0472C593512BC87479CC
Malicious:	false
Preview:	..sO..o..N...SOS...............f...[..o..NMR........,gOS............,g.l._OS../f.`.NsO..lQ.S...{.y. sO... ..KN...v...SOS.....{.y. OS... ....v^....`.[o..N.ST.:g.b5uP[Kb.Q.v.O(u..qQ.T.{.y. o..N. ...0.[.,go..N..h.:y.`.].~.T.a.c.S,gOS...vag>k.0.Y.g.`.N.c.S,gOS...vag>k.Tag.N.....zsSsQ..[..z.^..v^.N.N...[..o..N.0..........Q.0R.o..N.v.O(uCg...`.^u..[,gOS...vag>k.Sag.N.0........1... ..cCg...S.SP.6R...[.N.O(usO...U.XSbpS:g...{.y. SbpS:g. .....`.S.N.N(W.`.v...{:g.N.O(u... .O(u. .a:NX[.P.0.R}..0.[..0gbL..b>f:y...o..N.v^..r.[...SCg.0.....Y.g.`.S.N.b.O@b.gL.A.N.(u7b.\u..[,gOS...vag>kv^...Y:N.`.b.b.N.RP.6R.SL.#....`.S.NAQ..vQ.[...{:g.vvQ.N(u7b.NQ..~.e._..c0R&{.T.Y.S...{:gOS...vSbpS:g... L.A.N.(u7b. ...O(u.o..N.0.....`.N._.\.o..N...N.0.Q...S.0.Q.U.0.Q.y.0.yA..0.P7..0l..y.bl....~,{.N.e...b1..y..S_?e.^.v._...cCg...\.o..N.NvQ.g.R..._.V.[&^.Q.b&^eQ.vQ.N.V.[.0d.^.,gOS..-N.g.fnx..[..&T.R.`.N._.Y6R.0....o..N.b.\vQl..y.bvQ.[.z.^......T.e_N.N._...NUO,{.N.e.[.edkI{L.:N.0.`.N._9e.S.0.O9e

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\EC_French.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\EC_German.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\EC_Italian.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\EC_Portuguese.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\EC_Russian.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\EC_Spanish.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\JP_Japanese.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	362
Entropy (8bit):	3.8925345913000458
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4PxYHLXUlpe9N8xv:Q+swGet4L0fquH4GQDe9M
MD5:	B7DAAFEACB21ABACBCDD1E7B3DE443BF
SHA1:	510C035EE5DCCBE2CF4CB7D53B90019D86279E64
SHA-256:	9E07753D2A0D0E96C54A58EC2D0673B611ED6BD440038D3ADB55A38ED6C23A48
SHA-512:	8F6F9B04431A760B47D15FCF6320E87035E0A300E6D4931C13D1408B1BA2DA2E5779F4257BFEEB3A64303D3A38245E3BBFAA3D5297B066013A74379E1B73C7D4
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F..0.0.0.0.0.0.0.0".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R.#.:d.b'Y.0.0.0".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\US_English.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\US_Korean.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Extra\res\STRING\US_SimplifiedChinese.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	388
Entropy (8bit):	3.528178436006482
Encrypted:	false
SSDEEP:	6:Q+slqGldxYHse4FO3d5K4dribYHfK4dxYHujSe4FcsQKlB4dxYHLXUlpe3PEyONv:Q+swGet4L0fquH4K8QDe38yON
MD5:	CB7382F10AF32893BDC04D14F621EFDA
SHA1:	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814
SHA-256:	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
SHA-512:	3C816855F6C3E5A71FA3A6E2D29136AA2183B55ABDA8F8CA42E63B7F79B0BC2AA49678CE068FB82CCEC3F85BAC4DEAE8ED220FD860E1EA8356EE3A9FCC13816E
Malicious:	false
Preview:	..[.S.t.r.i.n.g.].....S.T.R._.A.P.P._.N.A.M.E.=.".i.m.a.g.e.P.R.O.G.R.A.F. .P.r.i.n.t.e.r. .D.r.i.v.e.r. .E.x.t.r.a. .K.i.t.".....S.T.R._.S.H.O.R.T._.A.P.P._.N.A.M.E.=.".E.x.t.r.a. .K.i.t.".....S.T.R._.A.P.P._.N.A.M.E._.F.L.=.".i.m.a.g.e.P.R.O.G.R.A.F. .F.r.e.e.L.a.y.o.u.t.".....S.T.R._.A.P.P._.N.A.M.E._.I.R.=.".C.o.l.o.r. .i.m.a.g.e.R.U.N.N.E.R. .E.n.l.a.r.g.e.m.e.n.t. .C.o.p.y.".....

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\ANIMIMG\USBANIM.AV_

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	MS Compress archive data, SZDD variant, i is last character of original name, original size: 2396160 bytes
Category:	dropped
Size (bytes):	668217
Entropy (8bit):	7.711534353747695
Encrypted:	false
SSDEEP:	12288:gGngoyx+UmyuUksGOZjldqSC2EVxqn5cQCa7Oki3Tj3osR0e4qEbHKCg+C3:gmt2Tk6jlAZxE5BRE3Tj3oE0eQdI
MD5:	5DC52BA39839E232264D8F4F785FE751
SHA1:	BE5B42B695FDD8E3E00940D8636F9582D27F7621
SHA-256:	A03EE56F5D33B7871EE9659EE7D3A58C324CF2EA94C3001CB38480E4409C31F3
SHA-512:	768A62842EEC3A6074487EB01D3B2A16D902C29D3A7ACA082FD7855A9A93A4B6BCBBB448A4CFB7290E4826B3FC07F074E08FCF8C9D0A16F61E165DA5DA0CA94C
Malicious:	false
Preview:	SZDD..'3Ai..$..RIFF .$..AVI LIST.....hdrl.avih8....P....I.........X....}....j..y....!.8...t..st.rlP...vids`8.(.!. .,..'`.Yy3.P.f(..(..f2.....,.....t'.`.........................?......_.U.......................................%...%..%.....5...5..5.....E...E..E...UU...U..U...V.e...e..e..?V.u...u..u.._V............V............V............V............V............V............U..[..._..c.............?... .. ... ._... .. ... ....% .% ..% ....5 .5 ..5 ....E .E ..E ....U .U ..U ..G...e .e .j[..y".[...\.j. .. .. .?\.j. .. .. ._\.j. .. .. ..\.j. .. .. ..\.j. .. .. ..\.j. .. .. ..\.j. .. .. ..\... .. .. ...U..[.._..c..0j.0..0..0.?.0j%0.%0.%0._.0j50.50.50...0jE0.E0.E0...0jU0.U0.U0...0je0.e0.e0...0ju0.u0.u0...0J.0..0..1.".c..`..0..0..0.?.`..0..0..0._.`..0..0..0...`..0..0..0...`..0..0..0...`..0..0..0..T`..0..0..1.. ..@....@.0.3O.fO..O.......t b#..T.=@.=@..=@..T.M@.M@..M@..T.]@.]@.4]A.0..0....u@5.u@.u@.....@U..@..@...U.............C..BO..C.A.A.@J.UNK....M.M.M..M.].],]<]L]\]l].\|].].].].].].].

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\CAB1.CAB

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Microsoft Cabinet archive data, many, 599735 bytes, 5 files, at 0x2c +A "CDDI_SDK.dll" +A "CDDITCPIP.ext", number 1, 47 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	599735
Entropy (8bit):	7.9939855533908215
Encrypted:	true
SSDEEP:	12288:rS/nz8W347b7Ubfkyc28uInnjnVY5aaiSKoWjgLT43lnF1nAod:rS/z8n7bgLkycjuInjnSoDHNPnd
MD5:	78F6AF53909AE2D4CC96F5DAA873F9E0
SHA1:	6D5D75AAE627B0580815E095C6CDA73D4348AE32
SHA-256:	6CA44F5C565E57C92889B88C3004B52771D825B19E48452BE62B60E4F32ACEDC
SHA-512:	9E45743CBFD3D8F431F1FDCA6364E4B35B3C7E24161B71B22C8D006149B7BD34E77E89DE68D5D6C711E43C21E9585566453F446FEF00AEBFD433C7807B6C83B6
Malicious:	true
Preview:	MSCF.....&......,......................./.............H<1e .CDDI_SDK.dll..,........b<.r .CDDITCPIP.ext..\|...8....H<Ne .DeviceDiscovery.dll...........H<Ne .SLPDiscovery.dll......D....H<Se .SNMPDiscovery.dll.M.n.F..CK.;{\|..w.L.3..&....(.GBu.Q.....TQ.....$.I..W0....Qi..G.UWZ.U.\|@b.@..\W.n....0....N..~..oBl.....~....s..{..s..-<B./..rBl..K.#.4..<..J.X...7.R/L..\|y..l.?...DY0.......emW+._....<e....UT.F%.9...y.'U...i3.Z...?...K.X.....~....y...=.....<....H'_..B,.._\|x..st.>q.R.....`2..^.....J....?.6..2..7gGH.....m~mY..I`7../..`#D'........4.../........-O..\|,..=._...-...'.z...g.3j..l$9..D..1?0....\|..i-.Hs.........[.l...N@7.Q.9.-.j) n)a].R\...x...4....F..FCjW.P;>Ld.....QE....v..U.#.v.n../.K.G......&...c[..y..PlT.`.\.....{..P....OhOW..l.h.%..V3......n.M........B....P.r!.F+....QQ3...9...d.M..@..S3.h\.{...b..yc ..w...1Z...~.<..>Y.2d....+......hD{...f.F..8y.x......q.q...uFW.u.].f........>>..'.I..{.N?....cf..1p2..{.`8..7t.....!.S.Nh>ro.&...gv..?.0.v..j

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\CNWIDSCK.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	155648
Entropy (8bit):	5.922141063668167
Encrypted:	false
SSDEEP:	3072:KzKuJY/pIPN0qsHrzTYa39Wgt0PmhM7kR1tB7kCLrldvqVj:KzKuJY/WPN0RLg0W+0YXtF
MD5:	5C6301CB2DBE2915B36A5039457DDA5A
SHA1:	232717FB05ED839D3763AB3D322EB5FA59FE18A0
SHA-256:	80B911B6A96BA3877E087FE194F337889792AFDA81CADC8B8533D587D4D0C9FA
SHA-512:	1D98EE4DD729A6CB51BDB00B636BE217F1ADC61E37953DD7D4880CAAB1D0F42BDCCEA4F6FB6ED0D9B7CE7914BDDC33A10637469C9A2FE654C495CCA834A3C80E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......c..{'.('.('.(Qr.(4.('.(^.(Qr.(+.(Qr.(..(Qr.(..(Qr.(&.(Qr.(&.(Qr.(&.(Rich'.(........................PE..d......Q.........." .....d...t.......=..................................................................................................z...d...........`#......,.......................................................................X............................text....c.......d.................. ..`.rdata..z............h..............@..@.data..............................@....pdata..,........ ..................@..@.rsrc...`#.......$...2..............@..@.reloc..l............V..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\CNWIDSK.INI

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Generic INItialization configuration [OLDCONFIG]
Category:	dropped
Size (bytes):	1728
Entropy (8bit):	4.697189332717237
Encrypted:	false
SSDEEP:	24:AHzGas1dYMm1DXt34Z601B/V+iws6FhnF2Q5hZz99/0dbAHJ9/hxcC4xlY/M8hHa:uxlCwFDb5HhV40TlZGm3SGDJ+h
MD5:	C53335E38FEC21A69224FA65D5CDD79E
SHA1:	605E6FE985E4A02FDA182EF79F831B4D4CD0A20C
SHA-256:	EA6D482B496617B898CC91A4249636DCFD12017EF7700061F1696B6489B60342
SHA-512:	C3E41291EF26B71FE3C784CD616528CD9C0407CB75C6732E7A6250ED644582C2167D0B9F4EB911B0A842BE33CD05C809EB710E33E80CF7C1FADC7E5F1CD2667B
Malicious:	false
Preview:	[NEWCONFIG]..COUNT=82..PRT 0=BIJ1300..PRT 1=BIJ2300..PRT 2=BIJ1350 LIPS..PRT 3=BIJ2350 LIPS..PRT 4=BIJ1350 PCL..PRT 5=BIJ2350 PCL..PRT 6=W6400PG..PRT 7=W8400PG..PRT 8=Graphic Color W2200..PRT 9=W6400..PRT 10=W8400..PRT 11=iPF5000..PRT 12=iPF500..PRT 13=iPF600..PRT 14=iPF700..PRT 15=iPF9000..PRT 16=iPF8000..PRT 17=iPF6100..PRT 18=iPF5100..PRT 19=iPF510..PRT 20=iPF610..PRT 21=iPF710..PRT 22=iPF8000S..PRT 23=iPF9000S..PRT 24=iPF8100..PRT 25=iPF9100..PRT 26=LP17..PRT 27=LP24..PRT 28=iPF605..PRT 29=iPF720..PRT 30=iPF6200..PRT 31=iPF810..PRT 32=iPF820..PRT 33=iPF6000S..PRT 34=iPF8110..PRT 35=iPF8010S..PRT 36=iPF9110..PRT 37=iPF9010S..PRT 38=iPF650..PRT 39=iPF655..PRT 40=iPF750..PRT 41=iPF755..PRT 42=iPF6300..PRT 43=iPF6350..PRT 44=iPF8300..PRT 45=iPF815..PRT 46=iPF825..PRT 47=iPF6300S..PRT 48=iPF8310S..PRT 49=iPF8300S..PRT 50=iPF760..PRT 51=iPF765..PRT 52=iPF9400..PRT 53=iPF9400S..PRT 54=iPF6400..PRT 55=iPF6450..PRT 56=iPF9410..PRT 57=iPF9410S..PRT 58=iPF6460..PRT 59=iPF6410..PRT 60=iPF8400.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\XML\SLPDiscoveryGA1.xml

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	14964
Entropy (8bit):	4.91428408169398
Encrypted:	false
SSDEEP:	384:Pr1rorlrJqrrrkrjrcr6rrrorLryr1rgr5rUrXrHrqrLr1rBr4rLrLrTr2rYrVrQ:D9ct8XQf4SXc369EpAbLC39hs33PWMdQ
MD5:	D7A0182E4D96A691A3B5F535C5788C5D
SHA1:	6A2C67746F33F9687CC3E64B8BF3B4E6B276DB20
SHA-256:	66F4C7C325BD7AB388A29B73E0E2F89F15C61977EED6349BAC0F1D6E5B620FD8
SHA-512:	588014836931FF3F6C3D052D896D34B55576F93E55C7594F6F6A77E82618517225151BED6E623CBCBE55885553371E399DA36268B669BAB21F0127B3C63FA361
Malicious:	false
Preview:	<?xml version="1.0" encoding="utf-8"?>....<discovery xmlns="urn:slpdiscovery">......<refreshRate>60</refreshRate>...<timeout>4</timeout>.....<methodList onlyMatching="true">...... SLP method to find "service:printer" devices -->....<method name="Test" serviceType="printer.canon"> .....<AttributeList>......<devNameOID>x-can-PdInfoMachineName</devNameOID>......<devTypeOID>x-can-PdInfoProductName</devTypeOID>.. ....<sysDescOID>sysDescr</sysDescOID>.....</AttributeList>.......<deviceList>......<device name="Canon Office Color N1000" enum="1">.......<matchingDevTypeStrs>........<devTypeStr>Office Color N1000</devTypeStr>.......</matchingDevTypeStrs>......</device>........<device name="Canon Office Color N1100" enum="2">.......<matchingDevTypeStrs>........<devTypeStr>Office Color N1100</devTypeStr>.......</matchingDevTypeStrs>......</device>........<device name="Canon Office Color N2000" enum="3">.......<matchingDevTypeStrs>........<devTypeStr>Office Color N2000</devTypeStr>.......</matc

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\XML\SNMPDiscoveryGA1.xml

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	exported SGML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	15230
Entropy (8bit):	4.952648426701481
Encrypted:	false
SSDEEP:	384:h1r1rorlrJqrrrkrjrcr6rrrorLryr1rgr5rUrXrHrqrLr8rBr4rLrLrTr2rYrV0:b9ct8XQf4SXc369EpAbLC3Yhs33PWMdQ
MD5:	49C34CE89F469238C90B2B2E2369325D
SHA1:	D51109FF7885B1F2A42BD18BB6D54D916368867B
SHA-256:	9F057A7FD835A7210B6CE90D9229FF47C4D43DD22836EA3FB28EFBF3244C5914
SHA-512:	45A615C2EE8B9CF479C6B04A698738482142A18505FDC126E6421547E37B481A92695F85E4673582DEA92A7B96E66147AA98FF5027A4C793C64B42ECF30B7B06
Malicious:	false
Preview:	..;=====================================================================..; Copyright CANON INC. 2009 All Rights Reserved...; SNMPDiscovery.xml..;=====================================================================..-->..<discovery xmlns="urn:cissnmpdiscovery">......<refreshRate>60</refreshRate>...<timeout>8</timeout>.....<broadcastType>eLimitedBroadcast</broadcastType>...<methodList onlyMatching="false" snmpCommunity="public">......<method mibType="Canon MIB">.....<OIDList> ......<devTypeOID>.1.3.6.1.4.1.1602.1.1.1.1.0</devTypeOID>......<devNameOID>.1.3.6.1.4.1.1602.1.1.1.2.0</devNameOID>......<macAddrOID hexEncoded="true">.1.3.6.1.2.1.2.2.1.6.1</macAddrOID>......<sysDescOID>.1.3.6.1.2.1.1.1.0</sysDescOID>.....</OIDList>.......<deviceList>........<device name="Canon Office Color N1000" enum="1">.......<matchingDevTypeStrs>........<devTypeStr>Office Color N1000</devTypeStr>.......</matchingDevTypeStrs>......</device>........<device name="Canon Office Color N1100" enum="2">.......<

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\DDI\cnwdsck6.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	48128
Entropy (8bit):	5.776346671546614
Encrypted:	false
SSDEEP:	768:YtlADJIAjKCV7mpzsN4FhVznbnUYKNYUkpYtxIXLAQ/OV2rJrZXgOv:VU0yVO4HJ7UYKNYUggx2s8rZH
MD5:	981B62AE57D40EBB541F2F77CAEF6295
SHA1:	55193ACBA345A0392C54ED504641E6C5A463FF22
SHA-256:	CD0C6041E5405D6823FEED8A0721E9120E5E74318BA32EDBDF51AE9F367DD136
SHA-512:	99916D06D4088924D37B8073D569E089C53D208FE04E3E61535572EB5FFBD4E62B8E673C684A18434C5A8B93F2251D13DEB2A3A980AD227B0BAF79E6BBD1F534
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7z.Zs...s...s...zc^.S...zcY.6...zcO.z...T..t...s...)...zcP.p...zcH.r...mIN.r...zcK.r...Richs...................PE..d...z..Q.........." .....d...T.......................................................4....@.............................................\...T...P......................................................................................x............................text....c.......d.................. ..`.rdata..l/.......0...h..............@..@.data...X"..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..b...........................@..B................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\ENVINI.INI

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Generic INItialization configuration [Canon iPF770_x64]
Category:	dropped
Size (bytes):	522
Entropy (8bit):	5.065073998722065
Encrypted:	false
SSDEEP:	12:fr32ZbsGSTcXCwAUC32T3sGSTcXCwAA32Yt3sGSTcXCwAz:TGqncX3aGTcncX3lGYtcncX3m
MD5:	95AA4EE26EA38604002B5AC79B429711
SHA1:	0F93CB335F1AC7AA2F5E81788318A1B5230B9AB5
SHA-256:	FDBF0B00B0832E14BEB0F176F65419F81DAA7DD847E07F1FAFB66D5880903C65
SHA-512:	94EF4A4E12081F622821B4118E4876FB29C9EF91A1ACBBAC97ACB1501D21EEC089B6CEDE04999128BFA9631B6174270867493E69E40A6A3EAAD4B2F71CFFFC5D
Malicious:	false
Preview:	[CommonIniData_x64]..Data Type=RAW..PrintProcessor=WinPrint..Priority=1..Device Queue Name=..ProtocolType=9100..DefaultPort=..referTCPMON=YES..enableSNMP=AUTO....[Canon iPF770_x64]..Data Type=RAW..PrintProcessor=Canon iPF770 Print Processor..Priority=1..Device Queue Name=..ProtocolType=9100..DefaultPort=..referTCPMON=YES..enableSNMP=AUTO....[Canon iPF771_x64]..Data Type=RAW..PrintProcessor=Canon iPF771 Print Processor..Priority=1..Device Queue Name=..ProtocolType=9100..DefaultPort=..referTCPMON=YES..enableSNMP=AUTO..

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAC.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	33353
Entropy (8bit):	4.5160153751975765
Encrypted:	false
SSDEEP:	384:nbATNefcAmBtnBgL42+AVCVy9xurgkCuNUFaWHBOMCnEUWc38vUUvvOXMe5icC2r:nbOkoXJ
MD5:	823A6A78461CF7668C9085A45F726128
SHA1:	88FACB7F6B141043B4B827099B226D885DCFE578
SHA-256:	FC4D3B3459F57C779581F32046A51D530DA81561B8E70E98CFB230DAE6045384
SHA-512:	0A98ECD45E637A27EAC217E4EDE6874FD1C77F8AEA4F942874A9555642C6DEF0A52103EEF1DD400EE25B3A6E73DA2CCB2C5C2A0774A320BCE87D7ADD7392F55F
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f17\fnil\fcharset134\fprq2{\\panose 02010600030101010101}SimSun{\\falt ??};}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}{\f28\fnil\fcharset134\fprq2{\\panose 02010600030101010101}@SimSun;}..{\f52\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f195\froman\fcharset238\fprq2 Times New Roman CE;}{\f196\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f198\froman\fcharset161\fprq2 Times New Roman Greek;}{\f199\froman\fcharset162\fprq2 Times New Roman Tur;}{\f200\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f201\froman\fcharset178\fprq2 Times New Roman (Arabic);}..{\f202\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f333\fnil\fcharset0\fprq2 Sim

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAF.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	22343
Entropy (8bit):	5.182692740680335
Encrypted:	false
SSDEEP:	384:BSELrUUnvrB9woxgsaMqcTOfVUcgBWF3BktTRtElDqmWN+aVUoV1TEaRONlmG+Ds:xrUUnvrB9woxgsaMqcTOfVUcgBWF3Bkm
MD5:	0158E4C3425FAA2B1E81FAA36E21E6DB
SHA1:	03C806C46FF886E9937FB86C6B2DE39BF23FAE87
SHA-256:	9BD973A7F60FBD949EBBCD83A9416D55FFEB3C26AA10F5472CDA6D44AD496045
SHA-512:	AC243D0EF0C89671DC76BB1EE4847C61AE1281A2DAF56C82E73B9226235E4B1B9C2968335D60D2B2B24E746BA9891451B7CAE793BB48702A6E3ABD82258229B1
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\\panose 020b0604020202020204}Arial;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f39\froman\fcharset238\fprq2 Times New Roman CE;}{\f40\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f42\froman\fcharset161\fprq2 Times New Roman Greek;}..{\f43\froman\fcharset162\fprq2 Times New Roman Tur;}{\f44\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f45\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f46\froman\fcharset186\fprq2 Times New Roman Baltic;}..{\f47\fswiss\fcharset238\fprq2 Arial CE;}{\f48\fswiss\fcharset204\fprq2 Arial Cyr;}{\f50\fswiss\fcharset161\fprq2 Arial

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAG.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	21119
Entropy (8bit):	5.2915764720129514
Encrypted:	false
SSDEEP:	384:DlfnyDmjVYA2atcar2yr3x41J151wRdwhK1f8iGOd1X/:D1nySjVH2atcaqox41J151gehK58iGOP
MD5:	A7963AC2C1FDBB2C0089CBC56D48968C
SHA1:	290AF6804425DB36CB2A84911E04E512A2CBD401
SHA-256:	5348B976A994511050EBB50E1B0E96E9F5AB75A9C1953E0426A491E71E83079E
SHA-512:	124B78662ED079CDDBB16311687A13FA4A70B2468F4FC0BC77441191868029EF3A7BCA0BB3231E21BA39F2106838603F7B35930B6DEA08BD0F5077CC26834412
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f28\fswiss\fcharset0\fprq2{\\panose 020b0604030504040204}Tahoma;}..{\f49\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f193\froman\fcharset238\fprq2 Times New Roman CE;}{\f194\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f196\froman\fcharset161\fprq2 Times New Roman Greek;}{\f197\froman\fcharset162\fprq2 Times New Roman Tur;}{\f198\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f199\froman\fcharset178\fprq2 Times New Roman (Arabic);}..{\f200\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f379\froman\fcharset0\fprq1 MS Mincho Western{\\falt MS Mincho};}{\f377\froman\fcharset238\fprq1 MS Mincho CE{\\falt MS Mincho};}{\f378\froman\fcharset204\fprq1 MS Mincho Cyr{\

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAI.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	19435
Entropy (8bit):	5.249640519280235
Encrypted:	false
SSDEEP:	384:163Ovmw3CMSNu5YRpRYYGavN+6kVYvvQ7rKa8Qdgav3jIS9JS1/NO+YGJzA9vnDv:83Ovmw3hSNu5YRpRYYGavN+6kVcvQ7rL
MD5:	2FA3092ABA23850C08229C36F1C9E7EE
SHA1:	37D2F45BACE19DD86280F5121F6D0D8250982611
SHA-256:	1B2D73B1C2D1A4909B8479F50F184B97A5FC659C2B1EAA6ECB3DCDBBBABFC5E8
SHA-512:	F6730F836FB00AF7082E95D7EBD869B1FCCCDC4D93FB0AC8BB6694196CF5BDB0E1C553EF2601A98021B93A1C07AE73273BC5027C27D6E4455887B7046EA02AEE
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\\panose 020b0604020202020204}Arial;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f49\froman\fcharset128\fprq1{\*\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}..{\f193\froman\fcharset238\fprq2 Times New Roman CE;}{\f194\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f196\froman\fcharset161\fprq2 Times New Roman Greek;}{\f197\froman\fcharset162\fprq2 Times New Roman Tur;}..{\f198\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f199\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f200\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f201\fswiss\fcharset238\fprq2 Arial CE;}..{\f202\fswiss\fcharset204\fprq2 Arial Cyr;}{\f204\fswiss\fcharset161\fprq2 Arial Greek;}{\f205\fswiss\fcharset162\fprq2 Arial Tur;}{\f206\fsw

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAJ.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	33849
Entropy (8bit):	4.522092372336813
Encrypted:	false
SSDEEP:	384:gQAboFf/cqIAIWevR/B3I9kRvqCsLqs3A+BXy+ML00g7c:GboFXmAIl34qvq1YLM4
MD5:	65E53E0B63282B33B8C3D5BAE03954F5
SHA1:	4DBEF40DB2BD1701BB7E641B6309A1A96280D690
SHA-256:	C83D17D15D690D826259A95138C4B31EEC1C68F60061882C166EA44CCFEB068B
SHA-512:	0F9DDA8FE95FFE9CDD85408EAAD1940DA0B9095B704C396D91569F5ED4D69ABE79F32F45285FF7913A6DC78F566079F98A3CEF8263DEF01F60F532816A6EBF13
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\fmodern\fcharset128\fprq2{\\panose 020b0600070205080204}\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}{\f29\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}..{\f30\fmodern\fcharset128\fprq2{\*\panose 020b0600070205080204}@\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}{\f45\froman\fcharset238\fprq2 Times New Roman CE;}{\f46\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f48\froman\fcharset161\fprq2 Times New Roman Greek;}{\f49\froman\fcharset162\fprq2 Times New Roman Tur;}{\f50\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f51\froman\fcharset178\fprq2 Times New Roman (Arabi

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAO.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	114674
Entropy (8bit):	4.08707002465212
Encrypted:	false
SSDEEP:	384:k646R96z2t+4t7mWsfKPCav30KK7V/7hiDA64sxFbkjwYdyFIoYD8wYeM5/kmSAO:k646KaMSPZhX4jYFIogs93eEG1GRM
MD5:	D8DDE4E10950F459E8028B29F795157D
SHA1:	29527C54365B3833AD1063DA5E3F0103EB443AEA
SHA-256:	994C3FA0FF03AEE24A034ED136F51F9D1176F19A05DF015DDA2271D363A6BACB
SHA-512:	C2B45F857B162FB1DB7897684538C71281E1EB94F81352E4301510EBB9337F4A3AEE6CC287EF3BB9A1517F4419AB4F165E02458F731569E7B7EF5D599ABA99B2
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\fmodern\fcharset129\fprq1{\\panose 020b0609000101010101}GulimChe;}{\f58\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f124\fmodern\fcharset129\fprq1{\*\panose 020b0609000101010101}@GulimChe;}..{\f201\froman\fcharset238\fprq2 Times New Roman CE;}{\f202\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f204\froman\fcharset161\fprq2 Times New Roman Greek;}{\f205\froman\fcharset162\fprq2 Times New Roman Tur;}..{\f206\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f207\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f208\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f387\froman\fcharset0\fprq1 MS

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAP.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	23104
Entropy (8bit):	5.219985529023853
Encrypted:	false
SSDEEP:	384:a9b5mhRbEbfTlqAJvWP4oi+ze6K8QbQIl38:a9b5mhRbEbLlqAJ8ti+wnZl38
MD5:	A560059226C6035D867B6D564B5602C2
SHA1:	29BA6730627DA2A5DA6A6BB935E617ACAD0800CE
SHA-256:	E607CB01C4107ADB38DD18837626D603199B6A8BC8B0BC020F05F7E6524F8717
SHA-512:	FA288F891CA2D4760CB48875464345BE9C8713C1F8B6297BA2B24DF64ACA42877ACA3DDA768072C5BF40A3A384ACA9CD472765A98FEBC9183999BDF937814885
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f29\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f44\fmodern\fcharset128\fprq2{\\panose 020b0600070205080204}\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}..{\f45\fmodern\fcharset128\fprq2{\*\panose 020b0600070205080204}@\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}{\f475\froman\fcharset238\fprq2 Times New Roman CE;}{\f476\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f478\froman\fcharset161\fprq2 Times New Roman Greek;}{\f479\froman\fcharset162\fprq2 Times New Roman Tur;}{\f480\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f481\froman\fcharset178\fprq2 Times New Roman

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAR.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	26662
Entropy (8bit):	3.5849320390259494
Encrypted:	false
SSDEEP:	384:Nzof6qsV7zJMJVNK7WKJMthqFAEKj2yhDBVsorro3tsW0fkoZ1RYVC4NIGQz0lYm:NA6qsaV6WCs2W/RU50fCePMP/6G
MD5:	B8A4F24A17897032E8C1621D888A2338
SHA1:	2EA232EB2256ABC6DBF5DC32A7D069EA1071A126
SHA-256:	8C9D66AB7B54BAD8F49FF9F0729DDF1351636B3A85DE3774E57FBF9127B4CAE6
SHA-512:	96E00E3D1B2155AA5CB592C3176C084B344C0AD21086D285767A71771A218EEC11C5499F30E394AE086B30985844FE822D4723472F094A9C73CAFF0675D5D8FF
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033\deftab840{\fonttbl{\f0\fswiss\fprq2\fcharset204{\\fname Arial;}Arial CYR;}{\f1\fswiss\fprq2\fcharset0 Arial;}}..{\info{\horzdoc}{\\lchars $([\'5c\'7b\'a3\'a5\'91\'93<\'ab????$([\'7b???}{\*\fchars !%),.:\'3b?]\'7d\'a2\'b0\'92\'94\'89'?????>\'bb????????\'b7??!%),.:\'3b?]\'7d???????}}..\viewkind4\uc1\pard\nowidctlpar\qj\lang1049\kerning2\f0\fs21\'cb\'c8\'d6\'c5\'cd\'c7\'c8\'df \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 CANON\par..\f1\par..\f0\'c2\'c0\'c6\'cd\'ce: \'cf\'d0\'ce\'d7\'d2\'c8\'d2\'c5 \'dd\'d2\'ce \'d1\'ce\'c3\'cb\'c0\'d8\'c5\'cd\'c8\'c5 \'cf\'c5\'d0\'c5\'c4 \'d3\'d1\'d2\'c0\'cd\'ce\'c2\'ca\'ce\'c9 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c3\'ce \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'df!\f1\par..\par..\f0\'dd\'f2\'ee\'f2 \'ef\'f0\'e0\'e2\'ee\'e2\'ee\'e9 \'e4\'ee\'ea\'f3\'ec\'e5\'ed\'f2 \'ff\'e2\'eb\'ff\'e5\'f2\'f1\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'ee\'ed\'ed\'fb

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAS.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	21959
Entropy (8bit):	5.210347327390985
Encrypted:	false
SSDEEP:	384:INsmxwwXM0Ps0Iq1I/x2xIaNjV+dHFxqEA/BTT7TK1IxiudP7SbV4Tle0PTWn6TE:osmWwXZPs0Iq1Ipg1pV+dH3qEA/BTT78
MD5:	7E3E11D6FE902B5D1FF210914C4CEBF5
SHA1:	33B3944B16F5042E9A39EED7AC3811BEE53AD392
SHA-256:	90409140C39E883039462CF3AE9A4D399FE7ACE16762E274C6D223981485D2DE
SHA-512:	903684AFB55875A39ADCC995D9981994826DAC282151DBDE50D0FB5C24C0EC192A8B2495C0191FBA60DEA79CF7AAD7EAEBBF3C8E37605BF93C1BA0BCEF6C8725
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f28\fswiss\fcharset0\fprq2{\\panose 020b0604030504040204}Tahoma;}..{\f29\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f40\froman\fcharset238\fprq2 Times New Roman CE;}{\f41\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f43\froman\fcharset161\fprq2 Times New Roman Greek;}..{\f44\froman\fcharset162\fprq2 Times New Roman Tur;}{\f45\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f46\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f47\froman\fcharset186\fprq2 Times New Roman Baltic;}..{\f226\froman\fcharset0\fprq1 MS Mincho Western{\\falt MS Mincho};}{\f224\froman\fcharset238\fprq1 MS Mincho CE{\\falt MS Mincho};}{\f225\froman\fcharset204\fprq1 MS Mincho Cyr{\\falt M

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\EULAU.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	17363
Entropy (8bit):	5.367633225037607
Encrypted:	false
SSDEEP:	192:AASsuY1o6FRC1g94rsN/qNIOhOKTPM9BxXLZLAU3VASc/WdLDsdNMNLJMIsPZ3TI:BSELzCI4LTk3Yjt/WdvLJuFc3
MD5:	3226AE0CE8A64A73AB498D01896C9DED
SHA1:	0A6EB6F5C8629575270F09285E742964879CFBB8
SHA-256:	B5586415BA1417AAA6A67F2A5A83D33160EBD8015B6B3E83C53D5FDB069991C6
SHA-512:	27664DBEAF5FCDC26DF29740CA77B90E870D689893D321ED51379B497D34C9C2CA22DB77AE8CE34FA4F2D989A3956B54A80E191BD2AB3BD2E7B12BD1E18AF2D1
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\\panose 020b0604020202020204}Arial;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f39\froman\fcharset238\fprq2 Times New Roman CE;}{\f40\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f42\froman\fcharset161\fprq2 Times New Roman Greek;}..{\f43\froman\fcharset162\fprq2 Times New Roman Tur;}{\f44\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f45\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f46\froman\fcharset186\fprq2 Times New Roman Baltic;}..{\f47\fswiss\fcharset238\fprq2 Arial CE;}{\f48\fswiss\fcharset204\fprq2 Arial Cyr;}{\f50\fswiss\fcharset161\fprq2 Arial

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\INSDRV.INI

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Generic INItialization configuration [DriverSetPath]
Category:	dropped
Size (bytes):	1759
Entropy (8bit):	5.444204508632964
Encrypted:	false
SSDEEP:	24:HGOVEk3uDX8Q1eqFmCpcVnmCybKVddzqu1Rvd4go+RdxP4adp44vQXJlC3AETtuC:HGOVEkEnFk5y4nEOvQXJUlTtz
MD5:	FDC6F5C4D649C3F4050411FFFED58995
SHA1:	CF53CC39C70919D9C581331917E1F3D5171C999E
SHA-256:	2882760937FEA8F64B7C9CB64DC05486B098E9A4B8FCED7EBF14517DD72B5CD6
SHA-512:	971CFA2F3DDFC545B744B95F870C5C9280827DC24F83650BF6B53EC225DABDA724FF187585F9FEB35E7052A34C0BB5FCB617C470F59CEBBE7BC6B9660C44C9EC
Malicious:	false
Preview:	[Installer Info]..PDL=imagePROGRAF..PDL_TYPE=..Product=GARO Printer Driver..Version=4.91..DIAS_USE=0..USB=1..IEEE1394=0..Dynamic=1..DynamicLevel=0..Uninstall=ON..UninstallPath=DEFAULT..OneDriverInst=0..DomsServiceSTOP=ON..DefaultPort=MANUAL..PortSet=OFF..USBAviFilePath=".\ANIMIMG\USBANIM.av_"..IEEE1394AviFilePath=..DynamicWakeup=1..DynamicWakeupWaitTime=10000..UsePrintUI=1..AddinCheck=1..ShareInstall=OFF..DynamicShare=OFF..CheckJobMonitor=OFF..CheckNetSpot=OFF..DispReadme=ON..EulaFileName=EULAU.RTF..RestoreInstall=OFF..CheckPreConfig=ON..CompareDriverFile=No..UpdateNoQueueDriver=ON..NoRegistDriverStore=NO..DomsServiceNAME=Canon Output Manager Service..UpdateCustomDriver=OFF..FileRename=YES..FirmVersion=..MCTName2=W77J..IPV6TAB=ON..OptDrvInstall=YES..OptDrvPath="..\OptDrv\Setup.exe"..DispRegionSelect=OFF....[DriverSetPath]..PDriverx64="..\Driver"..IEEE1394Driver=....[Driver_x64]..Canon iPF770=P4.91..Canon iPF771=P4.91....[Canon iPF770_x64]..ExtraKitPath="..\Extra\Setup.exe"..AppInstExtr

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\InsCmn.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	672256
Entropy (8bit):	6.109606907303908
Encrypted:	false
SSDEEP:	6144:TN9jLwwNwOSqSpUscAXN85SH4Sy2tiZonDOGJZYnEOW2No9ZOzuHJWYe5Mu2Lg7F:nLfJjYUs/0wWCn/So9KuIhos
MD5:	BC595D666575CAEED3F009C790C1DB2D
SHA1:	DB88B7A42B2593E613211AAA9DB13CE69E2DE8C5
SHA-256:	65826BC46DBB930DC55F2645FD34D4F7FD99AB6CD3D4A861699830232D2B73C9
SHA-512:	733DA464A9ADC846F80DB9607B9C2B41D1160B107BE7D8C87798362878E5C9F568317BE3B7DA92BB53715EDB00866C9A68C8588FD544E5E6B9419DD06BB978CA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n.p..#..#..#.T.#"..#.T.#...#\..#)..#\..#=..#..#..#.T.#t..#.T.#+..#.T.#+..#.T.#+..#Rich*..#........PE..d...}.oK.........." .....H..........`...................................................................................................Q...............\|.......\p...................................................................`.. ............................text....G.......H.................. ..`.rdata...J...`...L...L..............@..@.data....J.......&..................@....pdata..\p.......r..................@..@.rsrc...\|............0..............@..@.reloc...............4..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIC.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	994304
Entropy (8bit):	5.363376377105372
Encrypted:	false
SSDEEP:	12288:TEzCLvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:4zt/Xnz6lcg25W5O
MD5:	7ADF6343F7B729929C762F529C203F69
SHA1:	0DBB326C0A46ABA4A013A7C2EDE68D84EA765D4D
SHA-256:	7531F1BA8F3C19CE85085B813211E2C96DF7A535E01B53B7237C86860D151C2D
SHA-512:	C520766BC9C8821619C444EF62A8681A83CCEEFEE98EE73452F38D4AAE22CEDFD4DA71AC00BB9ABDEDD8585C3204537DC3229E21E6B10BAFCB1D00DC020965C2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d...vS.Q.........." .....l..........................................................nk......................................................X...(.......0p......8............p......P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...0p.......r..................@..@.reloc..,....p....... ..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIF.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1032192
Entropy (8bit):	5.318109532048645
Encrypted:	false
SSDEEP:	12288:oEkOLvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:zkJ/Xnz6lcg25W5O
MD5:	BFA39B338089571D0F91576A4CFD8F9A
SHA1:	656E251E1243A0938D3AB9E122428F2178572008
SHA-256:	6E4AF2FFA83E74AA55E2280F95B04E65917C981F46B514DBF2DD57F80E5DD3AF
SHA-512:	1735A706E345564D6325353A8FCC922053708475CA3A287863191AED59CA818362D43AC990CEB325DB54A61D23EC44BE17C3EEF2EBD68D47027CB0BB57F5F441
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d....S.Q.........." .....l...P..............................................................................................................X...(.......H.......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...H...........................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIG.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1033216
Entropy (8bit):	5.315385226877313
Encrypted:	false
SSDEEP:	12288:CEc5Lvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB5:Fcu/Xnz6lcg25W5O5
MD5:	EA605ACCB02BD800AD681724E459D9B8
SHA1:	0C26A79877D7A2E504BE4E3A5C2DAE134A0456B2
SHA-256:	E0D66CEDA8529F2087F438A0D071808C2C6F9FF712E0E638ACC5E295C6086FA3
SHA-512:	77AF5F6F9DBDCD7D9EF2AC1D200ADCCF0B8ED0E7D2C4173BE7FF0B516B211DC126452F730A2C6B68E4120D400E09DCF051678FA30EBCB55617C16B5A809C6343
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d....S.Q.........." .....l...T......................................................s.......................................................X...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUII.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1030656
Entropy (8bit):	5.316245214551309
Encrypted:	false
SSDEEP:	12288:NEg8Lvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:6gn/Xnz6lcg25W5O
MD5:	ADBA829D121E2597A7937508EEF3F4A0
SHA1:	DCB49069529D9A2218EBA77E568C3D46C55CF1B6
SHA-256:	C58661C2385DCC7D51C8C32E3D87C04B197E6F75CA93D9E07FAD7422E8A8A020
SHA-512:	43108D346BD8839879BADBCB2134D110935C9B9D56A4881784C38B056CDBDF8CCD7D20233F3C825103D428BD3A46007AB14F402FF0FB4E7C9E8E111DCA865695
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d....S.Q.........." .....l...J.............................................................................................................X...(.......(.......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...(...........................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIJ.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1003008
Entropy (8bit):	5.378075939199795
Encrypted:	false
SSDEEP:	12288:SE/GLvvbn9Zg2Xnz65jYBcgcB5rCjNhcbB:V/i/Xnz6scg25W5O
MD5:	F234E115D558B88D641D908548038074
SHA1:	72D3846EC8D54346901A19F3D177343BB3A71890
SHA-256:	7F6A71D7CEDB2E5109808DB0A4EDDE166E3DC912BB0B4B52D743DBD10C4CB529
SHA-512:	F44C12089CA20E752754ED24723286FB48B7CA4B09D64DD56808EA7BEE713DD4AF9FA5A22A9D364DD0C9405CE9107A6292A467A16AC32F0D35EBDAA631335244
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d...<Z.Q.........." .....l...........................................................7......................................................x...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...$.......&...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...`...........................@..@.reloc..,............B..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIO.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1002496
Entropy (8bit):	5.369494846901261
Encrypted:	false
SSDEEP:	12288:rE8iLvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:Q8N/Xnz6lcg25W5O
MD5:	CA562CC203D063C8E7673D00DA692D0A
SHA1:	DAADB9F781E06B21C960AFD358962E64DAEE1A7C
SHA-256:	13C2E6C669264174576B7106978802274EA122EFBF5196543485AA8325430C91
SHA-512:	DF9744E501296AF28E47CC9129ED3BFEC900CE41072063F26D158387AFCDCCB9B9EF936B4F9743ADAF40585ACC13A391E61F5714519DA9FC9EC207BA8C3060C4
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d....T.Q.........." .....l..................................................................................................................X...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..,............@..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIP.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1027072
Entropy (8bit):	5.317525491061716
Encrypted:	false
SSDEEP:	12288:qElWLvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:tlh/Xnz6lcg25W5O
MD5:	D3E4CF9CA759280D65FD82AB4880723D
SHA1:	6619B1E5530EA7A045304B460A950C257CF2A5E6
SHA-256:	B93F56F52D6E7358AA598230BF59401515528FF09F7D9F803F6D292ABA6A681B
SHA-512:	4788D68833F0E7DF70CD49D9DA7E2D8BB35F357B1851384656F3D28A2EB016C892C8431D7BCE27018A8B29A113B5DBFFC40363C2D970AE6D3766A9F848379048
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d....*.Q.........." .....l...<..............................................................................................................X...(.......H.......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...H...........................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIR.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1024512
Entropy (8bit):	5.414920743667683
Encrypted:	false
SSDEEP:	12288:4EpPLvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:Dp8/Xnz6lcg25W5O
MD5:	6A78B9D86F4004979A05AC94450F9AEB
SHA1:	DEE4C4FA80F340107FA3F321716DB1C571FA0CBA
SHA-256:	97F5714455230E80B75F038E1EF233F27921E37A193D12274414DCF12D051408
SHA-512:	F3C8F569BC3D979BD62E8F32350A047FBDD637B3C28582EFF5459443FEBB9AC8BF403C29AE07983134910A83E1845F1C98F04CFFBD7C6E9A2304917199C9CF7E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d...}..S.........." .....l...2......................................................\....................................................... ...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIS.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1032192
Entropy (8bit):	5.317102787821746
Encrypted:	false
SSDEEP:	12288:2EM5Lvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:BMu/Xnz6lcg25W5O
MD5:	E132E33C28067C575D725614CFAD8A94
SHA1:	DADEDA9E9BEC07099299CFA387B9135621E16F74
SHA-256:	4D2D027055DC321A88B73D8D2D5F8EB24EB4AEFD92B8AF8139A54A1CC7385C02
SHA-512:	B23E3BEE5961C2B7BBE5C84750D4B9B3C9B0FADE77D606C1EBA191765B6B0E3D411213D33657144D6E6A35FE7D59E14701FA17CC53FB82C54AB0B85201959A78
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d....*.Q.........." .....l...P.......................................................=......................................................P...(....... .......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc... ...........................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\SetupUIU.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1024000
Entropy (8bit):	5.318158054736587
Encrypted:	false
SSDEEP:	12288:1EOrLvvbnkg2Xnz6K7jYBcgcB5rCjNhcbB:iOI/Xnz6lcg25W5O
MD5:	C138B0CB79FD1B9E4B7D46E75A604286
SHA1:	6841199C82E72F4FA57F06EAC7A71DE05524DEEE
SHA-256:	F0E0D61F0E9867BA8E3C7E0F79AB5A756ED50DB07246640D7EB0C5D0FA3AB59A
SHA-512:	98E5AAB6587E80F7D669AA74C827A994FEA1BA43B4B24902B3793FF22E807FDF8FA5B8A91AF244935B3A72152218EB5131472CD9A6A3BF9B2796D14D0928455E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&...&..&...&..&.G.&..&..&..&...&..&...&..&...&..&Rich..&................PE..d...JT.Q.........." .....l...0......................................................'.......................................................X...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UNINSTAL.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1656928
Entropy (8bit):	6.021635951211469
Encrypted:	false
SSDEEP:	24576:HNHh4jT48625bruHzrN7fGdOBh5tVJycLc2X4WFrKWF1cPTLCng9CmjviDFc:j4ykrGqAF12LCn8CmjviDW
MD5:	0C86F3648A13FBD130BBF5F5C3FE8211
SHA1:	505B429D0D004593D042EB1A4FB823D10D119F38
SHA-256:	F2FB99435ECB464C1A5DC37CC0B96A7AC1243F3CA390B2B8A1B6C8B61FBC8D96
SHA-512:	5ED9C718C76DBCB939968E25E2786891F052BE3A3E815AB0795EE8F24B9332D6197F03B83546F5161E6103971889D098651529A68AD13A1AAE44C8CEAC754054
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u....a...a...a.......a.......a.....i.a.......a...`...a.....Z.a.......a.......a.Rich..a.........................PE..d...f.S..........#......D...........2.........@....................................A...................................................................x............*..`............r...............................................`..........@....................text...'C.......D.................. ..`.rdata.......`.......H..............@..@.data...0....@...8...$..............@....pdata...............\..............@..@.rsrc...x............`..............@..@........................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIC.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	349184
Entropy (8bit):	4.3191843250589725
Encrypted:	false
SSDEEP:	3072:UThN6x1rm2OunsGLarYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouJ:UNN2RopLrDT7AXPQjDjAs3ygu
MD5:	F55C835E9D508004B4395290B8CF1834
SHA1:	F3DFE49FE371C327844227BFD87A0F24A8A87A23
SHA-256:	4FFF0D8DC4E2C93A5615C6CC65A61247CE619F6CCF1B71E21303B0865ECA2571
SHA-512:	7B10406D3D1866E907258B7346DBBC382C3011169AC4FE3C9FA74526AF07A11F1D7984B66FF39FCE3624536FD79EE96DEA8897665829A1301B6DDBD6E21D232E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d....+.Q.........." .....l..........................................................2.......................................................X...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc.."............N..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIF.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	356352
Entropy (8bit):	4.3023613144132
Encrypted:	false
SSDEEP:	3072:pThN6x1rm2Ox7sGLuJcrYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouOA:pNN2RoGLJWrDT7AXPQjDjAs3ygu
MD5:	6D1BE68CAFD43A5C319E3FEE42B3164C
SHA1:	6BB97F1FD1F029622E3F774F24086C7A1AF68C42
SHA-256:	1E762047088DE40B2B8890647A65FE928B02C06766CB9D0E06E82AEC818FE0CF
SHA-512:	9E82B1F6F5A4C28F8EE9DB5AC872E20F0EB75D06CBE8C27D50FEC6EA2049086F9DC83D7084A72984499DC98C99B4BBD3C81FD1C767B0A3F4F7DB018C825DB56E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d....+.Q.........." .....l...........................................................7......................................................X...(.......H.......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...H...........................@..@.reloc..6............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIG.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	356352
Entropy (8bit):	4.306839735841177
Encrypted:	false
SSDEEP:	3072:qThN6x1rm2OCXsGLtrYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWou/VXCXJl:qNN2RoRSrDT7AXPQjDjAs3ygu
MD5:	7832066B69952047312F1B6CF9FC2CC1
SHA1:	F20B7EEC65C16C788409CBB5616AB41FBDF3FE33
SHA-256:	0DD63CBD4446D8910F843E13455715027AFCC1000982537DCB886DC27D2BBFD3
SHA-512:	4DF39E524AA2AB3CF21080DCD376FAC3EF8E8A9DADD855E99EA9D0C36BA44B9D68AB9A78BBFA4333628AD05E6D275E7B00FBF0F4BB580F1F36ED418701F37448
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d...(+.Q.........." .....l...........................................................L......................................................X...(.......H.......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...H...........................@..@.reloc..6............j..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUII.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	355840
Entropy (8bit):	4.29990539645369
Encrypted:	false
SSDEEP:	3072:WThN6x1rm2OsJsGLjrYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWou2W:WNN2RoV8rDT7AXPQjDjAs3ygu
MD5:	CEC6E88BB77C2A5480B237C814EA6257
SHA1:	951C69E0FF749F97A4BDD1C0ED73DBE65C4A02EE
SHA-256:	C257926157A0E01571B909092735778D926BD23921B8979C7CBD1E2E261F570D
SHA-512:	DD19DD001CA64AFC6ACF8D271C684E05001AC168B6D6F66B67736B9CE0F2832ACB39F62C5C185A235D9D8C8C515D5B2EA3CAED1B75CD6495FD2E08755E33C853
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d...F+.Q.........." .....l..................................................................................................................X...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..6............h..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIJ.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	350720
Entropy (8bit):	4.335631118730173
Encrypted:	false
SSDEEP:	3072:MlhN6x1rm2OiS8nLorYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouNiJ:MDN2Ro8GrDT7AXPQjDjAs3ygu
MD5:	CBDAF6D5C105D429549E349C28E7EBCF
SHA1:	FC98E4B4ABDA94B3F5A61C21CE168A6B38529AE3
SHA-256:	710443458A7FEED26C955E5C222185050118D4DD14AB1E4DFD3262B7766F38E1
SHA-512:	08F91740BE021B8FEDC885B80BC3B98FA08A8F1CACAB1C1A02D16B5D420D17C071CE18EB74880DAEBD1F20AE5F25D0A1D1194D1A37A799218476F95225AC96CE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d....%.Q.........." .....l...........................................................n......................................................0...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIO.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	350720
Entropy (8bit):	4.327030019446202
Encrypted:	false
SSDEEP:	3072:BThN6x1rm2OxssGLRrYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouZ0t:BNN2RoVurDT7AXPQjDjAs3yguZ0
MD5:	35C9B168BEE69CE7EA375FE73685E26B
SHA1:	5003734914B29F7D542319E3EF82F634BCE15260
SHA-256:	B7D48AF55DB8F00F19A5E84206963C01132275288A440D1E91401A4B8AA2CC1C
SHA-512:	233607E1B64AE75D229D9F948FA2546FE24C4B8B0443E27531E704536157874A90E5CB35C0328DB503FA1C5C70DAF6DB207F844DAD4B85AA1B206E5D5DDB14A2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d...Y+.Q.........." .....l..................................................................................................................X...(..............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc..............................@..@.reloc..,............T..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIP.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	355328
Entropy (8bit):	4.3044721327159
Encrypted:	false
SSDEEP:	3072:1lhN6x1rm2OPy8nLYrYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouGa:1DN2RolGrDT7AXPQjDjAs3ygu
MD5:	6AC908035A66858183B9A938A53CB9F0
SHA1:	DFC08E7025D8D8CEF0E6E4F8DBB15BCDEE163534
SHA-256:	881F015658647BECB0ABF187480B6488D390AC25CA1AFDD24268BA18DB182C3F
SHA-512:	FF466ADFCD25D5AB03987C4C4FDC22B63AE6B8F699EE39E4D9ACD3C78FFBDD546E75CEA4D29CFE27173380B146E82B726EF5B04B4111098DD398F8D10D79BD14
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d...z..Q.........." .....l..................................................................................................................0...(.......D.......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...D...........................@..@.reloc..6............f..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIR.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	354304
Entropy (8bit):	4.365528280626483
Encrypted:	false
SSDEEP:	3072:pThN6x1rm2O6SsGLUrYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouuC:pNN2RowlrDT7AXPQjDjAs3ygu
MD5:	FFDA89459D7050119FA7AD5961266D3F
SHA1:	7B62F41DF0A6A2E0DF3C955FCBC6467D604B83D5
SHA-256:	F8316EF9A57B02BF636497CD7ED636AF53BFC719030E458B108B3B671772E4D3
SHA-512:	97433938F7CF5975619E4907CE98F712FDC9D39E727E65CE381FEF75D6163BFB6DC260D72E0E069BFE61FE95357D69CDB76A81D569EFD879AA4D71F97074A4A0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d....+.Q.........." .....l...........................................................u......................................................X...(...............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...............................@..@.reloc..6............b..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIS.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	355840
Entropy (8bit):	4.302566109161349
Encrypted:	false
SSDEEP:	3072:5ThN6x1rm2OemsGLprYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouzW:5NN2RoAKrDT7AXPQjDjAs3ygu
MD5:	C74E35A8933984899D1267F9C37C16DF
SHA1:	F1207761736C574EEB2BAB0770F37B7F7EB8EDB9
SHA-256:	14D0FDDF249B3700B21C4CFCC135599851374CE585FCA9C4D7450C01A4EB78BA
SHA-512:	27FF4CC8C0819823A2E1DD74B5EDA06F3FDE4F2A28AE90C2C410E86A039551BAFB04DBE46564DE77B5B9BF034D90BCD1EB5D07EE53CACA22920F4D118C484935
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d....+.Q.........." .....l..........................................................G.......................................................X...(.......8.......8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc...8...........................@..@.reloc..6............h..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\UninsUIU.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	354304
Entropy (8bit):	4.2976623886474945
Encrypted:	false
SSDEEP:	3072:qThN6x1rm2Ob3sGLej/rYHWDqD+lpZAAqOa7s1xFxt31oP29Sm7xyBLwWouWczXj:qNN2RoQbfrDT7AXPQjDjAs3ygu
MD5:	40CE5CA86C5574886625A139FC205725
SHA1:	A966C94913008577B54BA959C4A419470C37CF61
SHA-256:	731E61E7A47223F7358F95080E72124E362A1574DD9DBE729A100F3D05FBF56D
SHA-512:	EA0FE11CAA2C6A0A55C50F7EA872FA0B5933ADDEAA2E4B76D76A1DA2324EDB7FE3F3B0AAE2E7A26845AD660258E61779F60CAB2719E711EB0EAAC7EE5E6067C5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..&..&..&.G.&..&..&..&...&..&...&..&...&..&...&..&...&..&Rich..&................PE..d....+.Q.........." .....l...........................................................n......................................................X...(..............8...................P................................................................................text....j.......l.................. ..`.rdata...#.......$...p..............@..@.data....!..........................@....pdata..8...........................@..@.rsrc..............................@..@.reloc..6............b..............@..B................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\MISC\Uninst.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Generic INItialization configuration [Profiles]
Category:	dropped
Size (bytes):	2813
Entropy (8bit):	5.263433550442916
Encrypted:	false
SSDEEP:	48:CaVolyOBdaf6QbB5qyhSfQBzkLTuozBg3GiZ1nHRvIbX3fmJgVvW:CaGrwAxLaAByHRAmAO
MD5:	FEC7C9DE7B341568F7B4A120FA6D1D6A
SHA1:	758AF0BE4FA82F53106CAFDB3802A152D2412884
SHA-256:	88929A460FDD355EBC8208F154D196B2C589A2E85B5E54CAF23B4CFB6E60667E
SHA-512:	5A7B3E0E10898FF39540FA8071943970EDBE4DA4B1D0E76719272939F685C4C00A1135769C9FA2945540FF60CAF61E8DA1BF207E7BB61D6335FB1E15430D49BF
Malicious:	false
Preview:	[PDL]..PDL=GARO1..PDL_TYPE=....[Profiles]..PDL_NAME=GARO Printer Driver..UninstallLevel=2..PST_DEL=OFF..AUTHORITYCHECK=ON..CheckJobMonitor=OFF..DelRestoreFile=OFF..CheckiWEMC_DRM=ON..UsePrintUI=0....[ModuleInfo]..ResourceModule=UninsUIU.dll....[Uninstall Drivers]..Canon Office Color N1000..Canon Office Color N1100..Canon Office Color N2000..Canon Office Color N2100..Canon Graphic Color W2200..Canon Large Format W6200PG..Canon Large Format W7200..Canon Large Format W7250..Canon Large Format W8200..Canon Large Format W8200PG..Canon BJ-W3000..Canon BJ-W3050..Canon BJ-W7000..Canon BIJ1300..Canon BIJ2300..Canon BIJ1350..Canon BIJ2350..Canon W6400PG..Canon W8400PG..Canon BIJ1350D..Canon W6400..Canon W8400..Canon iPF500..Canon iPF600..Canon iPF5000..Canon iPF700..Canon iPF9000..Canon iPF8000..Canon iPF6100..Canon iPF5100..Canon iPF510..Canon iPF610..Canon iPF710..Canon iPF8000S..Canon iPF9000S..Canon iPF8100..Canon iPF9100..Canon iPF605..Canon iPF720..Canon iPF6200..Canon iPF810..Canon iPF820

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\CHECKSUM

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1776
Entropy (8bit):	5.144498723323622
Encrypted:	false
SSDEEP:	24:cpTLmgewlSQYCECTp0xvnH+VTmSU9wHQmAGopE7mKyAqtLOHFU1bkZ:cZLmXHCEO0xne3UaHQ3GvCAELW1Z
MD5:	6626D9E12B4E47BD51B6B98F9F724209
SHA1:	DD16625456D2BD1286BAD4A2A2A3AED9631396A1
SHA-256:	59584AA37F889115DB4F516E17DFC050A0B3CFEEF935FF921BB3D1905BA5112B
SHA-512:	5F16D304B43C07723A5BA5C34076EA726F3A66DF54541FE39388E8DF7DB6353AF45AFCC165EC8DA617D0B5EF4D8B8A803666C880654C718E9C2BB66023D61A4E
Malicious:	false
Preview:	CHECKSUM.--------------------------------..Drv/100/cnwgdi10.hdi.c4c16eca7cd82557f90c7f8c267aabec..Drv/101/cnwgdi10.hdi.3826f7d5be6742d50c1b806db28a8826..Drv/102/cnwgdi10.hdi.fcc2339848bfd67b75e334e2d06c7df9..Drv/110/cnwgdi11.hdi.de25a10eb2fe4c4d78f816ddfb523cbc..Drv/111/cnwgdi11.hdi.4ba41927ec4efb9e958c12903882c05a..Drv/120/cnwgdi12.hdi.0aaa0b505412014f8a2481296fe79ff4..Drv/91/cnwgdi9.hdi.fe1d3201eefb8b4318ee7ed65e9ed943..Drv/92/cnwgdi9.hdi.8278a47296fa3c4d4afbc36fd230f51c..Eula/EULA_C.RTF.823a6a78461cf7668c9085a45f726128..Eula/EULA_E.RTF.3226ae0ce8a64a73ab498d01896c9ded..Eula/EULA_F.RTF.0158e4c3425faa2b1e81faa36e21e6db..Eula/EULA_G.RTF.a7963ac2c1fdbb2c0089cbc56d48968c..Eula/EULA_I.RTF.2fa3092aba23850c08229c36f1c9e7ee..Eula/EULA_J.RTF.65e53e0b63282b33b8c3d5bae03954f5..Eula/EULA_K.RTF.d8dde4e10950f459e8028b29f795157d..Eula/EULA_P.RTF.a560059226c6035d867b6d564b5602c2..Eula/EULA_R.RTF.b8a4f24a17897032e8c1621d888a2338..Eula/EULA_S.RTF.7e3e11d6fe902b5d1ff210914c4cebf5..Readme/Readme_Chinese

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\100\cnwgdi10.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	80384
Entropy (8bit):	5.871383168285089
Encrypted:	false
SSDEEP:	1536:eFF8elBc7qq8ApI789h1MxMhfEGM1WMi61y/6wM1BIFOlWG:HeOq3qII3qkSW761y/6r2FOlWG
MD5:	C4C16ECA7CD82557F90C7F8C267AABEC
SHA1:	0EA149CF4557227D210D63189AF473EB762F99ED
SHA-256:	628CEFC3B91A233C9E2E2264CF0AC6BE287362C7CAB1570C818932512F207E06
SHA-512:	CBE25C83059A3A18937643DE162660B94E81C17AC42AB6EBA83E1D183AA52778A23E0B889B428C8E1D6149ED75EF27ACA24EF87A6C64CABFCDCE2EFC85A8F574
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3m$.w.J.w.J.w.J..C..v.J.~t..v.J.~t..{.J.~t..s.J.P.1.q.J.~t..z.J.w.K.O.J.~t....J.~t..v.J.i^..v.J.~t..v.J.Richw.J.........................PE..d...t.OQ.........." .........................................................p............@........................................../..X............P.......@...............`..8...................................................................................text............................... ..`.rdata.............................@..@.data........0......................@....pdata.......@......................@..@.rsrc........P.......&..............@..@.reloc.......`.......6..............@..B........................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\101\cnwgdi10.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	128512
Entropy (8bit):	5.3683516337531145
Encrypted:	false
SSDEEP:	3072:LAO4RkrUyrPAj0v3Bgr/MB8nOlgf19t19tdkf19t19tdXf19t19tdBf19t19td/O:LAdeJB3e/MEOlgSZfB
MD5:	3826F7D5BE6742D50C1B806DB28A8826
SHA1:	5B5FCBB55B5D4DC96869374F5CCF5F7F8C6C702E
SHA-256:	8FE6096DBED5AFA221FB8045A278D156C917B089D0E223AA1750BDA3D54D7A73
SHA-512:	F17783D90888E9AD38BEA0698E2C575E435430E76BC1F0440D984F817625FD2F2547699178B7D571F8D95CBFCF5B28A8AF101B0A08BF5BF5C582E38658004495
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........se.............R].......j.......j........p......j...............j.......j.......@.......j......Rich............PE..d.....OQ.........." .........l......h........................................ ......d.....@............................................X...\|Q..................................d....................................................................................text...q........................... ..`.rdata..(...........................@..@.data....:.......6..................@....pdata..............................@..@.rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\102\cnwgdi10.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	82944
Entropy (8bit):	5.9057698804489895
Encrypted:	false
SSDEEP:	1536:ZZnxq2t1HJCzQydJ5BYIyEwpXhUqNwrNOp7qyaeSrI:/noiHJkQyrYxWlBOp7qyaeSrI
MD5:	FCC2339848BFD67B75E334E2D06C7DF9
SHA1:	1FA2178F846DE6F05EA1F55CBF034CC4D591E8B4
SHA-256:	E7F79C510E7D75105272824BAE30499F91E8680852AC1F85970D3835A53B38FD
SHA-512:	83B93BF80203F53727C5DEBE2D5E2EB71E4CC3157EDA4544CFED68D6BDF7DC7252F43ECC9FEA9C20131DE8253A6D06FBB3763849CB7D25A1667C5526895EF1D9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........VP...P...P....w.Q...Y.t.Q...Y.b.]...w1..X...Y.r.]...P...k...Y.e.^...Y.s.Q...N.u.Q...Y.p.Q...RichP...........................PE..d.....OQ.........." ................................................................r.....@..........................................5..X............`.......P...............p...... ................................................................................text............................... ..`.rdata.............................@..@.data...0....@....... ..............@....pdata.......P.......(..............@..@.rsrc........`.......0..............@..@.reloc.......p.......@..............@..B................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\110\cnwgdi11.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	5.846034389205633
Encrypted:	false
SSDEEP:	768:RfeQs1PwyJRrX6Vr0C2A7HlNahsZmfEMlRpuE+eXeV23g68DbVuO68Dy/i06KuHa:RSjX6V0CD7bEJEoneV2vcbicfOO/xAb
MD5:	DE25A10EB2FE4C4D78F816DDFB523CBC
SHA1:	6887971EAFAF2BFE27675A70CB79664726D810EB
SHA-256:	4F12E64629D294BE8C01F70168F4C1756A7163138E5157EAC0EEE3FDB0CB49A2
SHA-512:	BB7F75083BBBF80D018DDFF885445D68CC4FD65F344A861A44EAE012FA893ACA5E2EB8333355724A1EAF542E9090E22B190C85AD4E6DEE75EE37710F3AE50FCD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V..8...8...8......8. .....8......8......8.......8..j....8...9...8......8......8......8......8.Rich..8.................PE..d.....OQ.........." ................\...............................................tD....@..........................................5..X... ........`.......P..<............p...... ................................................................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..<....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\111\cnwgdi11.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	81920
Entropy (8bit):	5.84603621451744
Encrypted:	false
SSDEEP:	768:yfeQq1PwyJRrX6Vr0C2A7HlNahsZmfEMlRpuE+eXeV23g68D3GyuO68DOji06KuV:y8jX6V0CD7bEJEoneV2vc36cPOO/F37
MD5:	4BA41927EC4EFB9E958C12903882C05A
SHA1:	F8A5C3353A95705A8657A831CCC9B1476E1AA1A8
SHA-256:	E32010465F9C4FC5609ED24414A0FC7B8A3077802863DAEF4DE48FC2C4CAB91A
SHA-512:	40836081F2036403D710640E43403946C10CA6465A2A9187E4C07B98D1845313B3D39122A62AC3EDF5F09063723E1C4E7CD3832A6183D120615491D096BB3AB9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........V..8...8...8......8. .....8......8......8.......8..j....8...9...8......8......8......8......8.Rich..8.................PE..d.....OQ.........." ................\...............................................@.....@..........................................5..X... ........`.......P..<............p...... ................................................................................text............................... ..`.rdata..............................@..@.data........@......................@....pdata..<....P.......&..............@..@.rsrc........`......................@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\120\cnwgdi12.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	81408
Entropy (8bit):	5.818060274293173
Encrypted:	false
SSDEEP:	1536:gP78RpF6hTZWyfmS5P50XT26OOL+zuIZk:+ARp4hTAK75P5J6OOLwZk
MD5:	0AAA0B505412014F8A2481296FE79FF4
SHA1:	32CD6F9077D0E2D3575248405A4ACFEE2790E3C5
SHA-256:	029ABB1D6AD765FB584EB60EB8335AB59B1466574374C50C423FB9FF74A27826
SHA-512:	8121587E997CD605EC2E0B7C9F88558827D7FB07879FDFFC030496B837EDE5C4C0C0D8E43B5D62BBC2837F4823EE2E628AF913C6A26193198CC88CA0F99DC011
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........K,.B..B..B.I..B.&....B.I..B.I..B.I..B.D]...B.....B..C..+B.z...B.z...B....B....B.z...B.Rich.B.........................PE..d...8^CS.........." ......................................................................`.........................................`5..X...X........`..H....P...............p..........8...............................p............................................text...C........................... ..`.rdata..............................@..@.data... ....@......................@....pdata.......P.......$..............@..@.rsrc...H....`.......,..............@..@.reloc.......p.......:..............@..B........................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\91\cnwgdi9.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	80384
Entropy (8bit):	5.834631857618309
Encrypted:	false
SSDEEP:	1536:d9KDelsGmKiXfiHbG+DfEMpd5AnwOlKm:TKDHLLvUpnAwOlKm
MD5:	FE1D3201EEFB8B4318EE7ED65E9ED943
SHA1:	951F180FACE51FB2F917C18E4D5A08D2FF3B77B4
SHA-256:	A945C80376961C359519E78B95F174EAA25CBE0A5761097FFC2A7DB952EC2A0D
SHA-512:	451AA49B922B033ADE14EF3625335E10129A148EC2A4135B1C5C205A121474AA732363DF36C88DA8A9F92B333808F8E9D4A655A126A477C8052A9D2F1114109F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F.).'.z.'.z.'.z..z.'.z..z.'.z..z.'.z..z.'.z...z.'.z..z.'.z.'.z.&.z..z.'.z..z.'.z..z.'.z..z.'.zRich.'.z........................PE..d...A.OQ.........." ..........................@..............................p.......C.............................................../..W............P.......@..t............`..8....................................................................................text...W........................... ..`.rdata.............................@..@.data........0......................@....pdata..t....@....... ..............@..@.rsrc........P.......(..............@..@.reloc.......`.......6..............@..B........................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Drv\92\cnwgdi9.hdi

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	80384
Entropy (8bit):	5.8328637646737675
Encrypted:	false
SSDEEP:	1536:AYmdYnGmriMfiniY+Q6EOkrQQYbvHOlv9:jmYLe2hyQbbvOlv9
MD5:	8278A47296FA3C4D4AFBC36FD230F51C
SHA1:	C27A003EF7917789A53A79035F115989286DFF82
SHA-256:	44EBA3C85CC8E11DB310D88D41109653F74EFC792A9339531CEC66F94719B8B0
SHA-512:	F1CE43EE7831CB71E689568F64472187BA757F72D4E0E3873708E091E8BA4A92CBCC2FBE8C9FF0EC327C8ACA77AC8708AAA6DAA5D020FE486F0CB78827ED1EF5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G.).&.z.&.z.&.z..z.&.z...z.&.z...z.&.z...z.&.z...z.&.z...z.&.z.&.z.'.z...z.&.z...z.&.z...z.&.z...z.&.zRich.&.z........PE..d...T.OQ.........." ..........................@..............................p.......6..............................................`/..W............P.......@..t............`..8...................................................................................text...W........................... ..`.rdata..............................@..@.data........0......................@....pdata..t....@....... ..............@..@.rsrc........P.......(..............@..@.reloc.......`.......6..............@..B........................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_C.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	33353
Entropy (8bit):	4.5160153751975765
Encrypted:	false
SSDEEP:	384:nbATNefcAmBtnBgL42+AVCVy9xurgkCuNUFaWHBOMCnEUWc38vUUvvOXMe5icC2r:nbOkoXJ
MD5:	823A6A78461CF7668C9085A45F726128
SHA1:	88FACB7F6B141043B4B827099B226D885DCFE578
SHA-256:	FC4D3B3459F57C779581F32046A51D530DA81561B8E70E98CFB230DAE6045384
SHA-512:	0A98ECD45E637A27EAC217E4EDE6874FD1C77F8AEA4F942874A9555642C6DEF0A52103EEF1DD400EE25B3A6E73DA2CCB2C5C2A0774A320BCE87D7ADD7392F55F
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f17\fnil\fcharset134\fprq2{\\panose 02010600030101010101}SimSun{\\falt ??};}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}{\f28\fnil\fcharset134\fprq2{\\panose 02010600030101010101}@SimSun;}..{\f52\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f195\froman\fcharset238\fprq2 Times New Roman CE;}{\f196\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f198\froman\fcharset161\fprq2 Times New Roman Greek;}{\f199\froman\fcharset162\fprq2 Times New Roman Tur;}{\f200\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f201\froman\fcharset178\fprq2 Times New Roman (Arabic);}..{\f202\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f333\fnil\fcharset0\fprq2 Sim

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_E.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	17363
Entropy (8bit):	5.367633225037607
Encrypted:	false
SSDEEP:	192:AASsuY1o6FRC1g94rsN/qNIOhOKTPM9BxXLZLAU3VASc/WdLDsdNMNLJMIsPZ3TI:BSELzCI4LTk3Yjt/WdvLJuFc3
MD5:	3226AE0CE8A64A73AB498D01896C9DED
SHA1:	0A6EB6F5C8629575270F09285E742964879CFBB8
SHA-256:	B5586415BA1417AAA6A67F2A5A83D33160EBD8015B6B3E83C53D5FDB069991C6
SHA-512:	27664DBEAF5FCDC26DF29740CA77B90E870D689893D321ED51379B497D34C9C2CA22DB77AE8CE34FA4F2D989A3956B54A80E191BD2AB3BD2E7B12BD1E18AF2D1
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\\panose 020b0604020202020204}Arial;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f39\froman\fcharset238\fprq2 Times New Roman CE;}{\f40\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f42\froman\fcharset161\fprq2 Times New Roman Greek;}..{\f43\froman\fcharset162\fprq2 Times New Roman Tur;}{\f44\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f45\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f46\froman\fcharset186\fprq2 Times New Roman Baltic;}..{\f47\fswiss\fcharset238\fprq2 Arial CE;}{\f48\fswiss\fcharset204\fprq2 Arial Cyr;}{\f50\fswiss\fcharset161\fprq2 Arial

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_F.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	22343
Entropy (8bit):	5.182692740680335
Encrypted:	false
SSDEEP:	384:BSELrUUnvrB9woxgsaMqcTOfVUcgBWF3BktTRtElDqmWN+aVUoV1TEaRONlmG+Ds:xrUUnvrB9woxgsaMqcTOfVUcgBWF3Bkm
MD5:	0158E4C3425FAA2B1E81FAA36E21E6DB
SHA1:	03C806C46FF886E9937FB86C6B2DE39BF23FAE87
SHA-256:	9BD973A7F60FBD949EBBCD83A9416D55FFEB3C26AA10F5472CDA6D44AD496045
SHA-512:	AC243D0EF0C89671DC76BB1EE4847C61AE1281A2DAF56C82E73B9226235E4B1B9C2968335D60D2B2B24E746BA9891451B7CAE793BB48702A6E3ABD82258229B1
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\\panose 020b0604020202020204}Arial;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f39\froman\fcharset238\fprq2 Times New Roman CE;}{\f40\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f42\froman\fcharset161\fprq2 Times New Roman Greek;}..{\f43\froman\fcharset162\fprq2 Times New Roman Tur;}{\f44\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f45\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f46\froman\fcharset186\fprq2 Times New Roman Baltic;}..{\f47\fswiss\fcharset238\fprq2 Arial CE;}{\f48\fswiss\fcharset204\fprq2 Arial Cyr;}{\f50\fswiss\fcharset161\fprq2 Arial

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_G.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	21119
Entropy (8bit):	5.2915764720129514
Encrypted:	false
SSDEEP:	384:DlfnyDmjVYA2atcar2yr3x41J151wRdwhK1f8iGOd1X/:D1nySjVH2atcaqox41J151gehK58iGOP
MD5:	A7963AC2C1FDBB2C0089CBC56D48968C
SHA1:	290AF6804425DB36CB2A84911E04E512A2CBD401
SHA-256:	5348B976A994511050EBB50E1B0E96E9F5AB75A9C1953E0426A491E71E83079E
SHA-512:	124B78662ED079CDDBB16311687A13FA4A70B2468F4FC0BC77441191868029EF3A7BCA0BB3231E21BA39F2106838603F7B35930B6DEA08BD0F5077CC26834412
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f28\fswiss\fcharset0\fprq2{\\panose 020b0604030504040204}Tahoma;}..{\f49\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f193\froman\fcharset238\fprq2 Times New Roman CE;}{\f194\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f196\froman\fcharset161\fprq2 Times New Roman Greek;}{\f197\froman\fcharset162\fprq2 Times New Roman Tur;}{\f198\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f199\froman\fcharset178\fprq2 Times New Roman (Arabic);}..{\f200\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f379\froman\fcharset0\fprq1 MS Mincho Western{\\falt MS Mincho};}{\f377\froman\fcharset238\fprq1 MS Mincho CE{\\falt MS Mincho};}{\f378\froman\fcharset204\fprq1 MS Mincho Cyr{\

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_I.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	19435
Entropy (8bit):	5.249640519280235
Encrypted:	false
SSDEEP:	384:163Ovmw3CMSNu5YRpRYYGavN+6kVYvvQ7rKa8Qdgav3jIS9JS1/NO+YGJzA9vnDv:83Ovmw3hSNu5YRpRYYGavN+6kVcvQ7rL
MD5:	2FA3092ABA23850C08229C36F1C9E7EE
SHA1:	37D2F45BACE19DD86280F5121F6D0D8250982611
SHA-256:	1B2D73B1C2D1A4909B8479F50F184B97A5FC659C2B1EAA6ECB3DCDBBBABFC5E8
SHA-512:	F6730F836FB00AF7082E95D7EBD869B1FCCCDC4D93FB0AC8BB6694196CF5BDB0E1C553EF2601A98021B93A1C07AE73273BC5027C27D6E4455887B7046EA02AEE
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}{\f1\fswiss\fcharset0\fprq2{\\panose 020b0604020202020204}Arial;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f49\froman\fcharset128\fprq1{\*\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}..{\f193\froman\fcharset238\fprq2 Times New Roman CE;}{\f194\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f196\froman\fcharset161\fprq2 Times New Roman Greek;}{\f197\froman\fcharset162\fprq2 Times New Roman Tur;}..{\f198\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f199\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f200\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f201\fswiss\fcharset238\fprq2 Arial CE;}..{\f202\fswiss\fcharset204\fprq2 Arial Cyr;}{\f204\fswiss\fcharset161\fprq2 Arial Greek;}{\f205\fswiss\fcharset162\fprq2 Arial Tur;}{\f206\fsw

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_J.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	33849
Entropy (8bit):	4.522092372336813
Encrypted:	false
SSDEEP:	384:gQAboFf/cqIAIWevR/B3I9kRvqCsLqs3A+BXy+ML00g7c:GboFXmAIl34qvq1YLM4
MD5:	65E53E0B63282B33B8C3D5BAE03954F5
SHA1:	4DBEF40DB2BD1701BB7E641B6309A1A96280D690
SHA-256:	C83D17D15D690D826259A95138C4B31EEC1C68F60061882C166EA44CCFEB068B
SHA-512:	0F9DDA8FE95FFE9CDD85408EAAD1940DA0B9095B704C396D91569F5ED4D69ABE79F32F45285FF7913A6DC78F566079F98A3CEF8263DEF01F60F532816A6EBF13
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\fmodern\fcharset128\fprq2{\\panose 020b0600070205080204}\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}{\f29\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}..{\f30\fmodern\fcharset128\fprq2{\*\panose 020b0600070205080204}@\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}{\f45\froman\fcharset238\fprq2 Times New Roman CE;}{\f46\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f48\froman\fcharset161\fprq2 Times New Roman Greek;}{\f49\froman\fcharset162\fprq2 Times New Roman Tur;}{\f50\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f51\froman\fcharset178\fprq2 Times New Roman (Arabi

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_K.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	114674
Entropy (8bit):	4.08707002465212
Encrypted:	false
SSDEEP:	384:k646R96z2t+4t7mWsfKPCav30KK7V/7hiDA64sxFbkjwYdyFIoYD8wYeM5/kmSAO:k646KaMSPZhX4jYFIogs93eEG1GRM
MD5:	D8DDE4E10950F459E8028B29F795157D
SHA1:	29527C54365B3833AD1063DA5E3F0103EB443AEA
SHA-256:	994C3FA0FF03AEE24A034ED136F51F9D1176F19A05DF015DDA2271D363A6BACB
SHA-512:	C2B45F857B162FB1DB7897684538C71281E1EB94F81352E4301510EBB9337F4A3AEE6CC287EF3BB9A1517F4419AB4F165E02458F731569E7B7EF5D599ABA99B2
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f28\fmodern\fcharset129\fprq1{\\panose 020b0609000101010101}GulimChe;}{\f58\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f124\fmodern\fcharset129\fprq1{\*\panose 020b0609000101010101}@GulimChe;}..{\f201\froman\fcharset238\fprq2 Times New Roman CE;}{\f202\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f204\froman\fcharset161\fprq2 Times New Roman Greek;}{\f205\froman\fcharset162\fprq2 Times New Roman Tur;}..{\f206\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f207\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f208\froman\fcharset186\fprq2 Times New Roman Baltic;}{\f387\froman\fcharset0\fprq1 MS

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_P.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	23104
Entropy (8bit):	5.219985529023853
Encrypted:	false
SSDEEP:	384:a9b5mhRbEbfTlqAJvWP4oi+ze6K8QbQIl38:a9b5mhRbEbLlqAJ8ti+wnZl38
MD5:	A560059226C6035D867B6D564B5602C2
SHA1:	29BA6730627DA2A5DA6A6BB935E617ACAD0800CE
SHA-256:	E607CB01C4107ADB38DD18837626D603199B6A8BC8B0BC020F05F7E6524F8717
SHA-512:	FA288F891CA2D4760CB48875464345BE9C8713C1F8B6297BA2B24DF64ACA42877ACA3DDA768072C5BF40A3A384ACA9CD472765A98FEBC9183999BDF937814885
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff26\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f26\froman\fcharset0\fprq2{\\panose 02040604050505020304}Century;}..{\f29\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f44\fmodern\fcharset128\fprq2{\\panose 020b0600070205080204}\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}..{\f45\fmodern\fcharset128\fprq2{\*\panose 020b0600070205080204}@\'82\'6c\'82\'72 \'82\'6f\'83\'53\'83\'56\'83\'62\'83\'4e;}{\f475\froman\fcharset238\fprq2 Times New Roman CE;}{\f476\froman\fcharset204\fprq2 Times New Roman Cyr;}..{\f478\froman\fcharset161\fprq2 Times New Roman Greek;}{\f479\froman\fcharset162\fprq2 Times New Roman Tur;}{\f480\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f481\froman\fcharset178\fprq2 Times New Roman

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_R.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
Category:	dropped
Size (bytes):	26662
Entropy (8bit):	3.5849320390259494
Encrypted:	false
SSDEEP:	384:Nzof6qsV7zJMJVNK7WKJMthqFAEKj2yhDBVsorro3tsW0fkoZ1RYVC4NIGQz0lYm:NA6qsaV6WCs2W/RU50fCePMP/6G
MD5:	B8A4F24A17897032E8C1621D888A2338
SHA1:	2EA232EB2256ABC6DBF5DC32A7D069EA1071A126
SHA-256:	8C9D66AB7B54BAD8F49FF9F0729DDF1351636B3A85DE3774E57FBF9127B4CAE6
SHA-512:	96E00E3D1B2155AA5CB592C3176C084B344C0AD21086D285767A71771A218EEC11C5499F30E394AE086B30985844FE822D4723472F094A9C73CAFF0675D5D8FF
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg1252\deff0\deflang1033\deflangfe1033\deftab840{\fonttbl{\f0\fswiss\fprq2\fcharset204{\\fname Arial;}Arial CYR;}{\f1\fswiss\fprq2\fcharset0 Arial;}}..{\info{\horzdoc}{\\lchars $([\'5c\'7b\'a3\'a5\'91\'93<\'ab????$([\'7b???}{\*\fchars !%),.:\'3b?]\'7d\'a2\'b0\'92\'94\'89'?????>\'bb????????\'b7??!%),.:\'3b?]\'7d???????}}..\viewkind4\uc1\pard\nowidctlpar\qj\lang1049\kerning2\f0\fs21\'cb\'c8\'d6\'c5\'cd\'c7\'c8\'df \'cd\'c0 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c5 \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'c5 CANON\par..\f1\par..\f0\'c2\'c0\'c6\'cd\'ce: \'cf\'d0\'ce\'d7\'d2\'c8\'d2\'c5 \'dd\'d2\'ce \'d1\'ce\'c3\'cb\'c0\'d8\'c5\'cd\'c8\'c5 \'cf\'c5\'d0\'c5\'c4 \'d3\'d1\'d2\'c0\'cd\'ce\'c2\'ca\'ce\'c9 \'cf\'d0\'ce\'c3\'d0\'c0\'cc\'cc\'cd\'ce\'c3\'ce \'ce\'c1\'c5\'d1\'cf\'c5\'d7\'c5\'cd\'c8\'df!\f1\par..\par..\f0\'dd\'f2\'ee\'f2 \'ef\'f0\'e0\'e2\'ee\'e2\'ee\'e9 \'e4\'ee\'ea\'f3\'ec\'e5\'ed\'f2 \'ff\'e2\'eb\'ff\'e5\'f2\'f1\'ff \'eb\'e8\'f6\'e5\'ed\'e7\'e8\'ee\'ed\'ed\'fb

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Eula\EULA_S.RTF

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033
Category:	dropped
Size (bytes):	21959
Entropy (8bit):	5.210347327390985
Encrypted:	false
SSDEEP:	384:INsmxwwXM0Ps0Iq1I/x2xIaNjV+dHFxqEA/BTT7TK1IxiudP7SbV4Tle0PTWn6TE:osmWwXZPs0Iq1Ipg1pV+dH3qEA/BTT78
MD5:	7E3E11D6FE902B5D1FF210914C4CEBF5
SHA1:	33B3944B16F5042E9A39EED7AC3811BEE53AD392
SHA-256:	90409140C39E883039462CF3AE9A4D399FE7ACE16762E274C6D223981485D2DE
SHA-512:	903684AFB55875A39ADCC995D9981994826DAC282151DBDE50D0FB5C24C0EC192A8B2495C0191FBA60DEA79CF7AAD7EAEBBF3C8E37605BF93C1BA0BCEF6C8725
Malicious:	false
Preview:	{\rtf1\ansi\ansicpg932\uc2 \deff0\deflang1033\deflangfe1041{\fonttbl{\f0\froman\fcharset0\fprq2{\\panose 02020603050405020304}Times New Roman;}..{\f23\froman\fcharset128\fprq1{\\panose 02020609040205080304}\'82\'6c\'82\'72 \'96\'be\'92\'a9{\\falt MS Mincho};}{\f28\fswiss\fcharset0\fprq2{\\panose 020b0604030504040204}Tahoma;}..{\f29\froman\fcharset128\fprq1{\\panose 02020609040205080304}@\'82\'6c\'82\'72 \'96\'be\'92\'a9;}{\f40\froman\fcharset238\fprq2 Times New Roman CE;}{\f41\froman\fcharset204\fprq2 Times New Roman Cyr;}{\f43\froman\fcharset161\fprq2 Times New Roman Greek;}..{\f44\froman\fcharset162\fprq2 Times New Roman Tur;}{\f45\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f46\froman\fcharset178\fprq2 Times New Roman (Arabic);}{\f47\froman\fcharset186\fprq2 Times New Roman Baltic;}..{\f226\froman\fcharset0\fprq1 MS Mincho Western{\\falt MS Mincho};}{\f224\froman\fcharset238\fprq1 MS Mincho CE{\\falt MS Mincho};}{\f225\froman\fcharset204\fprq1 MS Mincho Cyr{\\falt M

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Chinese_Simplified.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	3946
Entropy (8bit):	4.695589725349978
Encrypted:	false
SSDEEP:	96:YZRUZRwrH1uTCPf4ldWTY8oAHkmOEeKl+3mpMTNT2ci03yWYR2n:YZRUZRKHNfAw8pAHkmOvKyQYJ3yWh
MD5:	4EE07EFC2881AD124BCA72D3AB734FE7
SHA1:	D318AB3BE3C1665223317B42BFC855176586AF86
SHA-256:	6322AFD4215941C525D00A98C90B2378E3000FCF7FCEDBCAC493558B689A5E58
SHA-512:	64A8206FB317CA65B5C498CC178D1B4A04FC9F843787DFD9DF65B978D8383C8E575EDAF25CE48268C55C6FB614D86648AA59C46F161E99A6C31F50861825773F
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .V.e.r.s.i.o.n. .1...1.3..... . . . . . . . . . . . . . . . . . . . . . .... .C.A.N.O.N. .lQ.SHrCg@b.g .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._..........vU_........ . .1... .._...... . .2... ..\|.~..Bl.... . .3... ..[..e.v.l.a.Ny..... . .4... ..l.a.Ny..0@\P.'`.TP.6R............1...._..-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.........&^.g .i.m.a.g.e.P.R.O.G.R.A.F. ..v .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .......(W

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_English.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6310
Entropy (8bit):	3.4135764447226085
Encrypted:	false
SSDEEP:	192:YZRuN3ZRFCmZnl69hiAHkmOvKwFwvXL6RXSiyF:YZRuN3ZRFzZl69hiAHkmmKQwvXuRByF
MD5:	52CC2826CF1D052ED0A846AFB55754AA
SHA1:	B2C4D2903ACB7C51F599A5DCE0048DC1651D9D00
SHA-256:	12F8555D92AF6E98547127F126738EC850B94A9E5B3BCB598200393A88ECD308
SHA-512:	84C54028EB6F5A1F6AA194A254690D2812114687A4CBA829F393F067E726723533BB426FC05223B888D4744C2B64D42E62D8397AF3F488CA022C53CD5B7636B2
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .V.e.r.s.i.o.n. . .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.........C.o.n.t.e.n.t.s......... . .1... .I.n.t.r.o.d.u.c.t.i.o.n..... . .2... .S.y.s.t.e.m. .R.e.q.u.i.r.e.m.e.n.t.s..... . .3... .P.r.e.c.a.u.t.i.o.n.s. .D.u.r.i.n.g. .I.n.s.t.a.l.l.a.t.i.o.n..... . .4... .C.a.u.t.i.o.n.s.,. .L.i.m.i.t.a.t.i.o.n.s. .a.n.d. .R.e.s.t.r.i.c.t.i.o.n.s.............1... .I.n.t.r.o.d.u.c.t.i.o.n. .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_French.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	7004
Entropy (8bit):	3.4117073396598556
Encrypted:	false
SSDEEP:	192:YZRmKSZRT8FDE6awSbAHkmOvKggR3MMLAh8TokJCSjp:YZRmKSZRT866awSbAHkmmKL3MiAhPKp
MD5:	6C56B50C12D2B258B6A00AFC97326AF1
SHA1:	DF9C1C615A6D74BFC9292B77B896527A5DF8E562
SHA-256:	C6763A951094610C1290C4391165A2EE3DBF668DFB33CB077D36A8A7625FF130
SHA-512:	89AC605093B42849C2CDDDDA2CD96AAF261E9CC5F11E4646BB33173756974FF054AF31C2810A2171B74C32C1C81BA5038C1FEAC9A1096E9D3CA59BB27030A5D3
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .v.e.r.s.i.o.n. .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.........S.o.m.m.a.i.r.e......... . .1... .I.n.t.r.o.d.u.c.t.i.o.n..... . .2... .C.o.n.f.i.g.u.r.a.t.i.o.n. .r.e.q.u.i.s.e..... . .3... .P.r...c.a.u.t.i.o.n.s. ... .o.b.s.e.r.v.e.r. .p.e.n.d.a.n.t. .l.'.i.n.s.t.a.l.l.a.t.i.o.n..... . .4... .P.r...c.a.u.t.i.o.n.s.,. .l.i.m.i.t.a.t.i.o.n.s. .e.t. .r.e.s.t.r.i.c.t.i.o.n.s.............1...I.n.t.r.o.d.u.c.t.i.o.n.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_German.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6780
Entropy (8bit):	3.451788819151219
Encrypted:	false
SSDEEP:	192:YZR1ZRA0FmDbK6GqOrm/AHkmOvKjmPt6fEIQ:YZR1ZRA0E/K6sm/AHkmmKjMt6fEIQ
MD5:	7A34368089866DF029FC40745B370015
SHA1:	2B666DF55AFFEA1B2D38F050DB65A4CB546A020C
SHA-256:	630AEBAEED0BDB9985C03E32C0519ABC84C4A5A90278710832B578914A8C89F6
SHA-512:	A8A892B4AAA53FDA510B02C96C6F86329FAF300CD7A030BDA79E3102134634E00CFC07357795561F22E4A365AAA5CFE37EB9D02AFB7A9946D5A53CEBE6CD9022
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .v.e.r.s.i.o.n. .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.........I.n.h.a.l.t......... . .1... .E.i.n.f...h.r.u.n.g..... . .2... .S.y.s.t.e.m.a.n.f.o.r.d.e.r.u.n.g.e.n..... . .3... .V.o.r.s.i.c.h.t.s.m.a...n.a.h.m.e.n. .w...h.r.e.n.d. .d.e.r. .I.n.s.t.a.l.l.a.t.i.o.n..... . .4... .V.o.r.s.i.c.h.t.s.h.i.n.w.e.i.s.e.,. .B.e.g.r.e.n.z.u.n.g.e.n. .u.n.d. .B.e.s.c.h.r...n.k.u.n.g.e.n.............1... .E.i.n.f...h.r.u.n.g. .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Italian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6736
Entropy (8bit):	3.389169949855005
Encrypted:	false
SSDEEP:	192:YZRhZRRyXW6a0KmbAHkmOvKPVZB2nQdrLSi7zj:YZRhZRQXW6aAbAHkmmKPzBkQdrGcj
MD5:	B66DE0D7A053F9F0C963C205AE70D342
SHA1:	22A61DA16FDF118672EC8FBC2CA45CC393833895
SHA-256:	EC20B23FDCC1C7D677B2B34515B694B33123479C04258DB2E2924817FD069E9E
SHA-512:	7B8B82B30EDBFC0B44A633798EC52852D33DE5E40FCA9BC813A51696966DB266A4FD0DDC93F6505DDE6E43066D94F8E57C5804F00D5F5F19446BB4D261CDCCE4
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .v.e.r.s.i.o.n. .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.........S.o.m.m.a.r.i.o......... . .1... .I.n.t.r.o.d.u.z.i.o.n.e..... . .2... .R.e.q.u.i.s.i.t.i. .d.i. .s.i.s.t.e.m.a..... . .3... .P.r.e.c.a.u.z.i.o.n.i. .d.u.r.a.n.t.e. .l.'.i.n.s.t.a.l.l.a.z.i.o.n.e..... . .4... .A.v.v.e.r.t.e.n.z.e.,. .l.i.m.i.t.i. .e. .r.e.s.t.r.i.z.i.o.n.i.............1... .I.n.t.r.o.d.u.z.i.o.n.e. .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Japanese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	4174
Entropy (8bit):	4.66434000345733
Encrypted:	false
SSDEEP:	48:T+kUn+I7+kaK+u+8hvQ+e+Z+AJ+iO+P+OEH+T+l+v9f+SyPnNvFPEl8+ALAAkNNN:KWXhfePAHkmOEeKl+zyPNdsdAL7ANFH
MD5:	B1294F9A86311DF65AABF99CB5ADD187
SHA1:	38727FA48DD6CFE84348C819404FAF879A6B74F8
SHA-256:	4A63427A68A0F3F162BFD2635B67CB584394B7AE598F8B47D06DC6558BFB9F89
SHA-512:	FE3026B32BC94C7B597CEE5D69A743775BDEB63FD3E1010EB19D9EFCC66F2229A88ECE4F072D40F62D067A521E68AFFEC764B17D17AEE190DBDC1C28F6E07B51
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . . . . . . . . . .A.u.t.o.C.A.D.(u.0.0.0.0.0.0.0.0.gi..S.0.0.0 .V.e.r.s.i.o.n. .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._..........%.v!k........ . .1... .o0X0.0k0.... . .2... ..O(u.t.X.... . .3... ..0.0.0.0.0.0Bfn0.l.a.... . .4... ..O(u.Nn0.l.a............1... .o0X0.0k0 .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.........A.u.t.o.C.A.D.(u.0.0.0.0.0.0.0.0.gi..S.0.0.0...N.N.0.gi..S.0.0.0..o0.0i.m.a.g.e.P.R.O.G.R.A.F.g0.0.....0.0.0.0.0.0>yn0C.A.D.(u.0.0.0.0.0.0.0A.u.t.o.C.A.D..0

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Korean.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	4636
Entropy (8bit):	4.665391671767506
Encrypted:	false
SSDEEP:	96:YZRlFZRMEhRQrLkMK6PM9sPAHkmOEeKl+ev/C7UeUwUMVbHOcDS:YZR3ZRMEhRxD6MsPAHkmOvK1IVb2
MD5:	DEECD35B8BB710DBB31D071D37B81B68
SHA1:	9A9ECF8B6B149F1338D25AD8DCB61389912FCC26
SHA-256:	CB7CC07C1F128CF6E20BAB0A10A1B722F25C6E6D71DDD8A122A013CFD85FD1E0
SHA-512:	BF58B24DDD468414926B93B88E91792519181BB6BDFEE3DC4FB51041538556063EEBD71AF47A7DBBBC1FAB953A7C56B8C650568D40BD513B8CF09BE45DEDBBB8
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .V.e.r.s.i.o.n. . .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . . . . . .... ..... .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._...........(......... . .1... ....X.0..... . .2... ....\. ...l.p.t..... . .3... .$.X. ... ...X. ...m..... . .4... ...X.,. ...\. ...... ...}.............1... ....X.0.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.........P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D.(.t.X. .O.p.t.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Portuguese.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6506
Entropy (8bit):	3.410894972894707
Encrypted:	false
SSDEEP:	96:YZRg/UVZRCMrKqqH6BQlFYQK6a8eQiDbAHkmOEeKl+qbmPdizb/502LaJZa2uNso:YZRzZRCnRQ6aZbAHkmOvKlBR02LQo
MD5:	22A06EC1EEBC2EA1BBA323CD5D18BD6A
SHA1:	E320E5D660DE008F38F7F03B2AAA52C7A9968D98
SHA-256:	4302743DB911AA78A97BD2A3EA22B9825241AECADAD5896148C3CDB9A983E634
SHA-512:	B160CBD6D61A58E70C6853ABD3C8D0C28E5199C849F81132A3E7449833693452C4FA26016C956E08C4C0E4003AD6025E5EF7CA4391F34E706D0E770B99BFC819
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .V.e.r.s.i.o.n. . .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.........C.o.n.t.e...d.o......... . .1... .I.n.t.r.o.d.u.....o..... . .2... .R.e.q.u.i.s.i.t.o.s. .d.o. .s.i.s.t.e.m.a..... . .3... .P.r.e.c.a.u.....e.s. .d.u.r.a.n.t.e. .a. .i.n.s.t.a.l.a.....o..... . .4... .C.u.i.d.a.d.o.s.,. .l.i.m.i.t.a.....e.s. .e. .r.e.s.t.r.i.....e.s.............1... .I.n.t.r.o.d.u.....o. .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Russian.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6740
Entropy (8bit):	4.095276477900739
Encrypted:	false
SSDEEP:	96:YZRYa+ZR3PUmGDOQkK6xOjbAHkmOEeKl+/YVxIk7vjPCspqOlrLse3Lyi:YZREZR3PUmM6EjbAHkmOvKAsD8OlrLV
MD5:	EB3920C203C310E8C3D7AC9B5B578F9B
SHA1:	F410862AD4C8868CAF7BCD1BE50E7798A9400B05
SHA-256:	E4D3A135B2E6FF6E4791A4E0E246C4AF600DA3CC99B2E8F6EDC912F2B974E0EB
SHA-512:	C2F46B8F368CBE3A01445CA32510AA80937A21DA2FA4D2039ED7D4EB4B49024DE16CBE2EB72463EAE25FD3B989EA50389AAD6EA9D666F406F3378FA551206D7A
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .V.e.r.s.i.o.n. .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._.........!.>.4.5.@.6.0.=.8.5......... . .1... ...2.5.4.5.=.8.5..... . .2... .!.8.A.B.5.<.=.K.5. .B.@.5.1.>.2.0.=.8.O..... . .3... ...5.@.K. .?.@.5.4.>.A.B.>.@.>.6.=.>.A.B.8. .2.>. .2.@.5.<.O. ..... . . . . .C.A.B.0.=.>.2.:.8..... . .4... ...@.5.4.>.A.B.5.@.5.6.5.=.8.O.,. .>.3.@.0.=.8.G.5.=.8.O. .8. .C.A.;.>.2.8.O.............1... ...2.5.4.5.=.8.5. .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Readme\Readme_Spanish.txt

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6878
Entropy (8bit):	3.391024339972882
Encrypted:	false
SSDEEP:	96:YZRPZapZRl8fAAvgVQB97QK6y0A+abAHkmOEeKl+U1xRuqLG+b2Nb3o/AnNuCLLB:YZR4ZRlJw6AbAHkmOvKTr43dxLLu9vC
MD5:	95A7C4575B1B956BFEEDC41A0E28D6B7
SHA1:	10E6D186782B214BD9814AC4179BEB48E30F773F
SHA-256:	B62A8E40DCF08F539F873241A4141C8A0B0FB2705A8D601BD8D7B56ACE9D43EE
SHA-512:	D23033B1F9041CAB5A9BE3364A5FF314CE95163CE7D76012691EB687E110DD406D711A220E216F47ED34F5116754CF70688216A3748A506C9DBDCE0D2C0C159C
Malicious:	false
Preview:	.._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._......... . . . . . . . . . .P.r.i.n.t.e.r. .D.r.i.v.e.r. .O.p.t.i.m.i.z.a.t.i.o.n. .M.o.d.u.l.e. .f.o.r. .A.u.t.o.C.A.D. .V.e.r.s.i.o.n. .1...1.3..... . . . . . . . . . . . . . . . . . . . . . . .... .C.o.p.y.r.i.g.h.t. .C.A.N.O.N. .I.N.C... .2.0.1.4. ........_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._...........n.d.i.c.e......... . .1... .I.n.t.r.o.d.u.c.c.i...n..... . .2... .R.e.q.u.i.s.i.t.o.s. .d.e.l. .s.i.s.t.e.m.a..... . .3... .P.r.e.c.a.u.c.i.o.n.e.s. .d.u.r.a.n.t.e. .l.a. .i.n.s.t.a.l.a.c.i...n..... . .4... .P.r.e.c.a.u.c.i.o.n.e.s.,. .l.i.m.i.t.a.c.i.o.n.e.s. .y. .r.e.s.t.r.i.c.c.i.o.n.e.s.............1... .I.n.t.r.o.d.u.c.c.i...n.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Setup.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	562232
Entropy (8bit):	5.71748766124663
Encrypted:	false
SSDEEP:	12288:Zui7tkMq4lVdaH00Kk30lNxcMjYBcgcB5rCjNhcbB92:FTq4lVdaH00KfyNcg25W5O92
MD5:	906AFEE70B38F48D662DB9C7CDEE0E78
SHA1:	860106273CBC2C0EB4AA3B0D5786DA10E928D633
SHA-256:	7FCAC3366BFDCE7F7499C7F851D37C4094F0787D9DD66DDB13EF4CE7246A1FA6
SHA-512:	0A86321E68F38ADA3FEA8DF5E480BC6181BA67E96F132E044CBA2231B085CE579EA37E18B21E7796F20A376DF262FEDA0C36234A86CCF99AFD46B76A51D018AA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2UZl\.Zl\.Zl\.}.'.Ol\.Zl]..m\.}.!.Rl\.}.1..l\.}.2.l\.}...Xl\.}. .[l\.}.$.[l\.RichZl\.........PE..d...O\BS..........#.................P,.........@.....................................(.......................................................Z.......@.........../...v..8..................................................................(Z..@....................text...;........................... ..`.rdata..............................@..@.data...............\..............@....pdata.../.......0..................@..@.rsrc........@......................@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\Uninstal.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	568888
Entropy (8bit):	5.214864595780365
Encrypted:	false
SSDEEP:	6144:wRLtofpznS8anC5Xf63fDZZOM2dpRKvg+rDT7AXPQjDjAs3ygubx:wBtofpbLanCU3fDZ0dHskkjAs3yDbx
MD5:	7615A4B252842C55B242A93CE8B40F01
SHA1:	EB35A229C8514F98F52343C62190ED23E443C7A1
SHA-256:	CF790CA288C5792A3703F73F45C926371FBA243AEA5C5FDB6BB6DA33EA02EAF0
SHA-512:	ECA5449201580FF1F9077676B91D21328F9D347DD9E15DBA7F19EF0D54AA6F70F2EE20559F562B0C72B8D284BCF4FD20B1D79B47CD5570D436D884EDC501C5AD
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.;...U...U...U.0.....U...T...U.0.(...U.0.8...U.0.;.o.U.0.'...U.0.)...U.0.-...U.Rich..U.................PE..d...K\BS..........#..................L.........@.............................0......t........................................................k.......`....... ...0......8...................................................................@k..@....................text............................... ..`.rdata..............................@..@.data...p........(...p..............@....pdata...0... ...2..................@..@.rsrc........`......................@..@................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\cnwgdicp.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	4042808
Entropy (8bit):	6.316463168255092
Encrypted:	false
SSDEEP:	49152:FZpf3XZCEH7XJ8G8P+uJo5cM2k06c6rmmbCvhJK+fNH1urvhJDih30EMK:FZiSZRYoypyj+S+fNH1urvhJDW0EMK
MD5:	F0F832FAEC349046BDF38236BAC973C5
SHA1:	FF1DCDA21126097C5B5A8B9F6A2963EBFFF120E9
SHA-256:	EC80EF9B88AF6CEC9AF781208708CD49DAE2B0ABF9B4036438700F40469CE90F
SHA-512:	26EB6BF2CE21EB86733455980B6E34BC965BBEAF738F634B1A6C36D3BB225EE5C291C5880C5FE6A505D033F4202E0E24170EF1A0025CEA159C824DFCD928B250
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G......Z...Z...Z$8.Z...Z$8.Z...Z$8.Z...Z$8.Z...Z...Z"..Z$8.Z(..Z$8.Z...Z$8.Z...Z...Z...Z$8.Z...ZRich...Z................PE..d.....iS..........#.......+....................@..............................>.......>.............................................Pg6.F...HG6.......:.\.....7.......=.8.............,...............................................+......F6.@....................text...W.+.......+................. ..`.rdata........+.......+.............@..@.data...P@...p6..>...R6.............@....pdata........7..0....6.............@..@.rsrc...\.....:.......9.............@..@................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\OptDrv\cnwgdicp.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Generic INItialization configuration [SupportLanguage]
Category:	dropped
Size (bytes):	1983
Entropy (8bit):	5.139094287137588
Encrypted:	false
SSDEEP:	24:yWMIQz0I/Nj8R4v986m8e74DsaV+4/SRyocKnQt30xRkTeXomioRxi:y3dyyl8z8eWLV+4/SRXcKnQt3CRkTz
MD5:	58A15B30E0509219065A8D719EDD136E
SHA1:	909D3CEE75A1F5F3A7AA790A8B2128C49F9BED98
SHA-256:	75A06A3ED5645CD907A240E2B0C622F6935DF1400B6DED89E1E83620E359B735
SHA-512:	D9BAE52A84995C65293D21EF692B58CCBD188B2D705D557C3B3A3376A91EDCC6812E3A381D493DBFB0576453D3A3CBC34EFE541C51012A823E8DEAAC6BDE47B6
Malicious:	false
Preview:	[SupportOS]..Win2K=1..WinXP=1..Win2003=1..WinVista=1..Win2008=1..Win7=1..Win8=1..Win2012=1..Newer=1....[SupportLanguage]..English=1..French=1..Italian=1..German=1..Spanish=1..Japanese=1..Chinese Simplified=1..Korean=1..Russian=1..Portuguese=1....[Settings]..Overwrite=3..SrcOptModulePath=Drv..OptModuleNamePrefix=cnwgdi..OptModuleNameSrcFmt=%HEIDIVER_MAJOR%%HEIDIVER_MINOR%\%MODULE_PREFIX%%HEIDIVER_MAJOR%.hdi..OptModuleNameDstFmt=%MODULE_PREFIX%%HEIDIVER_MAJOR%.hdi..EulaPath=Eula..ReadmePath=Readme..MinHeidiVer=9..AcadVersions=2008-2015..FixedSearchResult=1....[SupportApps]..AutoCAD 2008..AutoCAD 2009..AutoCAD 2010..AutoCAD 2011..AutoCAD 2012..AutoCAD 2013..AutoCAD 2014..AutoCAD 2015..AutoCAD LT 2008..AutoCAD LT 2009..AutoCAD LT 2010..AutoCAD LT 2011..AutoCAD LT 2012..AutoCAD LT 2013..AutoCAD LT 2014..AutoCAD LT 2015..DWG TrueView 2008..DWG TrueView 2009..DWG TrueView 2010..DWG TrueView 2011..DWG TrueView 2012..DWG TrueView 2013..DWG TrueView 2014..DWG TrueView 2015..AutoCAD Architecture

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Setup.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	6114400
Entropy (8bit):	5.509918202481575
Encrypted:	false
SSDEEP:	49152:NqS17LSEKfxInrs7aVFyBpBpWxXbyE+DoL6Dky7WISWz2M0phGHPAbIO1gDPnJcf:NLjFNwStZDIOuDhcgD5O1
MD5:	B29BA79A6AB0BCC509C0E94540BCF223
SHA1:	80E98CB1285A6F0DCEAE38AF2280E55D81A6F706
SHA-256:	124ABACABB71F92A8CEA3CD437F33BDD628EFDB4FC0E434C73AC4B8C0DE02E54
SHA-512:	432FCBA349DE9FC596C54F41A8B13362219F236BA0C1AFEB68E99C8F01054C5376A1B2B14F62C0981E830F78175A4C7297A414EB53583C328A0F4B5616F9F877
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........*~..K.H.K.H.K.H..}H.K.H..mH.K.H..}H!K.H..kH.K.H.K.H.I.H..~H.J.H..lH.K.H..hH.K.HRich.K.H........PE..d......S..........#.......7..$&......Z.........@..............................].....it].....................................................p.B.T.....Y......PS......].`............37.............................................. 7. ....B.@....................text...?.7.......7................. ..`.rdata..6.... 7.......7.............@..@.data....r....B.......B.............@....pdata......PS.......R.............@..@.rsrc.........Y......lX.............@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Setup.ini

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File Type:	Generic INItialization configuration [SupportOS]
Category:	dropped
Size (bytes):	291
Entropy (8bit):	5.138456939834351
Encrypted:	false
SSDEEP:	6:9qDwg7a3iCqUdFUKJBG5IooIuUaMmymUDkov8xvQ/L2v1ln:9JabCqUduj+GQvQ/Qn
MD5:	144EEFE74E726AA55FD42B520E24753F
SHA1:	BC4CB9E5699908D3EE46B3F38D6ED815970B7F7C
SHA-256:	6E9C8C78D9E96828A61CBD0F1B325DB785A1C77060DA6567AC47EC7B61A07A32
SHA-512:	7F2F13F770D28E49892751244699DB1DA10E2DE7A2B2673D62CC1A8479BEA015CA806455E8AF309A583AE2B6A79166F749E7D52A3F844684B32310D0239F1DA3
Malicious:	false
Preview:	[ModuleInfo]..ResourceModule=SetupUIU.dll..CheckiWEMC_DRM=ON....[SupportOS]..WinXP_x64=1..Win2003_x64=1..WinVista_x64=1..Win2008_x64=1..Win7_x64=1....[SupportLanguage]..English=1..French=1..Italian=1..German=1..Spanish=1..Japanese=1..Chinese Simplified=1..Korean=1..Russian=1..Portuguese=1..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.997823941374321
TrID:	Win32 Executable (generic) a (10002005/4) 99.73% Winzip Win32 self-extracting archive (generic) (23002/1) 0.23% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
File size:	48'111'280 bytes
MD5:	bf33e9af43b635a47ba59405048173a6
SHA1:	191d856ce5b9a5ce5831653db15e475d301299b1
SHA256:	49f0fca0e58c3f40319fc730b3423c5b536d9308ec65fe243180a2ef22328978
SHA512:	e3d31cc3e785c3ba6a738459397e4564c474967660c053a4f9f90be979ceccb94bd6c1111aa8cc268f89d54cf0c4436e584a8d8c4943e0738d996154c073e091
SSDEEP:	786432:gmOWNaZ2Q+OGjovnEYZ+iClMZSspzLgF5MF+RvyJs0NgBAiaGbJDnNO3c2TG935n:iI2LGkvzZtcspnMMsvwsYoZPDk3RCJ5n
TLSH:	1CB733063B48D880C5B1A63E30879AA7DA17E63268745F4F0EC1AF5D1D63594EFA3387
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qw.W5...5...5.......&.......E...5...........8...............4.......4...5...7.......4...Rich5...........................PE..L..

File Icon


Icon Hash:	533c2b2713576fee

Static PE Info

General

Entrypoint:	0x40a79e
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x4AEF3FA7 [Mon Nov 2 20:23:03 2009 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f2f9102c7663962c22d17a8dabc5e7ce

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	25/03/2014 01:00:00 19/04/2015 01:59:59
Subject Chain	CN=Canon Inc., OU=Inkjet System Development Center, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Canon Inc., L=Kawasaki-shi, S=Kanagawa, C=JP
Version:	3
Thumbprint MD5:	73E3593F02FAA7E3EAD78014ACAC0ED7
Thumbprint SHA-1:	9FD63BE7142588C5B3DCDFB0B5C71AA8A3DCA172
Thumbprint SHA-256:	F465C102018BCFCE87D7BD3C666922F9A15BBD3A4335F746332101E3DAB6EE3D
Serial:	42E42D04DA33DB4275572152C9CFDABE

Entrypoint Preview

Instruction
call 00007F5430888DA3h
jmp 00007F543088414Bh
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [00423C20h], eax
mov dword ptr [00423C1Ch], ecx
mov dword ptr [00423C18h], edx
mov dword ptr [00423C14h], ebx
mov dword ptr [00423C10h], esi
mov dword ptr [00423C0Ch], edi
mov word ptr [00423C38h], ss
mov word ptr [00423C2Ch], cs
mov word ptr [00423C08h], ds
mov word ptr [00423C04h], es
mov word ptr [00423C00h], fs
mov word ptr [00423BFCh], gs
pushfd
pop dword ptr [00423C30h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [00423C24h], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [00423C28h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [00423C34h], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [00423B70h], 00010001h
mov eax, dword ptr [00423C28h]
mov dword ptr [00423B24h], eax
mov dword ptr [00423B18h], C0000409h
mov dword ptr [00423B1Ch], 00000001h
mov eax, dword ptr [00417420h]
mov dword ptr [ebp-00000328h], eax
mov eax, dword ptr [00417424h]
mov dword ptr [ebp-00000324h], eax
call dword ptr [004131B4h]

Rich Headers

Programming Language:

[ASM] VS2005 build 50727
[ C ] VS2005 build 50727
[C++] VS2005 build 50727
[EXP] VS2005 build 50727
[RES] VS2005 build 50727
[LNK] VS2005 build 50727

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x16710	0x32	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x15844	0x8c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x26000	0x97a8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x2de0000	0x1eb0	_winzip_
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x14e48	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x13000	0x2b8	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x11ff5	0x12000	8ad57c6baf27d65ae8dae769b564ae30	False	0.624267578125	data	6.620173902911684	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x13000	0x3742	0x4000	5936658766ce0c07e562dccd1db5a0e3	False	0.32928466796875	OpenPGP Secret Key	4.937916234393975	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x17000	0xe744	0x2000	bc6e567c449c459e8a0d77665814218e	False	0.173095703125	data	1.978933544662313	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x26000	0x97a8	0xa000	a2a34523050e5027f138a4ff5f5f7f76	False	0.4905029296875	data	5.291962974613592	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_winzip_	0x30000	0x2dbd000	0x2dbd000	9c11110790ea2adf199048ad2fb584a0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
WZ_MANIFEST	0x2ea58	0x5df	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.4311377245508982
RT_ICON	0x287e8	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152	English	United States	0.4176829268292683
RT_ICON	0x28e50	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.4959677419354839
RT_ICON	0x29138	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128	English	United States	0.5608108108108109
RT_ICON	0x29260	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	English	United States	0.6548507462686567
RT_ICON	0x2a108	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	English	United States	0.7851985559566786
RT_ICON	0x2a9b0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	English	United States	0.4848265895953757
RT_ICON	0x2af18	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.6487551867219917
RT_ICON	0x2d4c0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.6995778611632271
RT_ICON	0x2e568	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.5611702127659575
RT_DIALOG	0x264d0	0x27e	data	English	United States	0.5188087774294671
RT_DIALOG	0x2f610	0x192	data	English	United States	0.5920398009950248
RT_STRING	0x26750	0x2fc	Matlab v4 mat-file (little endian) h, numeric, rows 0, columns 0	English	United States	0.3717277486910995
RT_STRING	0x26a50	0x16e	data	English	United States	0.5683060109289617
RT_STRING	0x26bc0	0x91a	data	English	United States	0.3776824034334764
RT_STRING	0x274e0	0x880	data	English	United States	0.35018382352941174
RT_STRING	0x27d60	0x4fe	data	English	United States	0.3935837245696401
RT_STRING	0x28260	0x518	data	English	United States	0.4125766871165644
RT_STRING	0x28778	0x6e	data	English	United States	0.6727272727272727
RT_GROUP_ICON	0x2e9d0	0x84	data	English	United States	0.6363636363636364
RT_MANIFEST	0x2f038	0x5d4	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.43029490616621985

Imports

DLL	Import
SHELL32.dll	SHGetPathFromIDListA, SHGetSpecialFolderLocation, ShellExecuteA, FindExecutableA, SHBrowseForFolderA, SHGetMalloc
USER32.dll	GetClientRect, SetRect, EndPaint, LoadCursorA, GetLastActivePopup, KillTimer, ShowWindow, PostMessageA, SendMessageA, EnableWindow, SetTimer, SetWindowTextA, SetForegroundWindow, SetActiveWindow, SetDlgItemTextA, GetKeyState, CharUpperBuffA, PeekMessageA, GetSysColor, DispatchMessageA, GetParent, SendDlgItemMessageA, GetDlgItem, InvalidateRect, UpdateWindow, LoadStringA, MessageBoxA, DialogBoxParamA, GetWindowLongA, SetWindowLongA, GetDlgItemTextA, EndDialog, GetWindowRect, GetSystemMetrics, SetWindowPos, SetCursor, CharNextA, BeginPaint, SetWindowWord, GetWindowWord, DefWindowProcA, RegisterClassA, TranslateMessage
KERNEL32.dll	GetLocaleInfoA, GetStringTypeW, GetStringTypeA, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, LCMapStringW, LCMapStringA, GetStdHandle, HeapCreate, HeapDestroy, VirtualAlloc, VirtualFree, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapSize, Sleep, GetCurrentThreadId, SetLastError, TlsFree, TlsSetValue, GetVersionExA, FindClose, FindFirstFileA, GetCurrentDirectoryA, SetCurrentDirectoryA, CreateDirectoryA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, LocalAlloc, GetDriveTypeA, GetEnvironmentVariableA, SetFilePointer, CreateFileA, GetWindowsDirectoryA, GlobalFree, GlobalUnlock, GlobalHandle, _lclose, _llseek, _lread, _lopen, GlobalLock, GlobalAlloc, GlobalMemoryStatus, GetVersion, GetModuleFileNameA, WriteFile, GetSystemTime, LocalFree, ExitProcess, FormatMessageA, GetLastError, GetModuleHandleA, GetVolumeInformationA, WideCharToMultiByte, CreateProcessA, lstrcmpiA, SetErrorMode, MultiByteToWideChar, GetLocalTime, lstrlenA, CreateFileW, ReadFile, GetConsoleCP, GetConsoleMode, LoadLibraryA, InitializeCriticalSection, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, FlushFileBuffers, WriteConsoleW, CloseHandle, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, GetProcessHeap, GetStartupInfoA, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, GetProcAddress, TlsGetValue, TlsAlloc
GDI32.dll	SetTextColor, SetTextAlign, GetBkColor, GetTextExtentPoint32A, ExtTextOutA, CreateDCA, GetDeviceCaps, CreateFontIndirectA, DeleteDC, SelectObject, DeleteObject, SetBkColor
ADVAPI32.dll	RegQueryValueA
COMCTL32.dll

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

⊘No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

System Behavior

Analysis Process: SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exePID: 6484, Parent PID: 1028

General

Target ID:	0
Start time:	14:40:11
Start date:	23/04/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe"
Imagebase:	0x400000
File size:	48'111'280 bytes
MD5 hash:	BF33E9AF43B635A47BA59405048173A6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Analysis Advice

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Privilege Escalation

Compliance

Spreading

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\CHECKSUM

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\6WW77JM.INF

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\6WW77JM.cat

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Chinese_Simplified.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_English.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_French.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_German.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Italian.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Japanese.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Korean.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Portuguese.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Russian.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\License_Spanish.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Chinese_Simplified.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_English.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_French.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_German.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Italian.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Japanese.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Korean.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Portuguese.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Russian.txt

C:\Users\user\Desktop\iPF770Series-Drv-Win64-491\64bit\Driver\ReadMe_Spanish.txt

Windows Analysis Report
SecuriteInfo.com.BScope.TrojanDownloader.Adload.19603.9288.exe