Windows Analysis Report
SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Overview

General Information

Sample name:	SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe
Analysis ID:	1430331
MD5:	4f5f177604def1f099b2c6612cc919f2
SHA1:	c96214d34e9e50703518e7ec501ca3921874349f
SHA256:	49924087e1c13a0bdca2836c7ae899a6d51f0f3c7312f7c6da24b5b9838369a2
Tags:	exe
Infos:

Detection

Score:	25
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Compliance

Score:	32
Range:	0 - 100

Signatures

Writes many files with high entropy

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

EXE planting / hijacking vulnerabilities found

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Classification

Signatures

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAC.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAF.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAG.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAI.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAJ.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAO.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAP.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAR.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAS.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAU.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_C.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_E.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_F.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_G.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_I.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_J.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_K.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_P.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_R.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_S.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Spanish.txt	Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: certificate valid

Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb source: Setup.exe1.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallressp\release_32bit\UninsUIS.pdb source: UninsUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdb source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\Uninstaller\UninstExec\Release_32bit\UNINSTALLER.pdb source: UNINSTAL.exe.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_32bit\UninsUIR.pdb source: UninsUIR.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdb source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresus\release_32bit\UninsUIU.pdb source: UninsUIU.dll.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_32bit\SetupUIS.pdb source: SetupUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_32bit\UninsUII.pdb source: UninsUII.dll.1.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_32bit\SetupUIJ.pdb source: SetupUIJ.dll.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_32bit\SetupUIC.pdb source: SetupUIC.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdbP source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb85bd source: Setup.exe1.1.dr
Source:	Binary string: E:\DrvSrc\savesetting\FileSucceedPlus\Release\cnwiicef.pdb source: cnwiicef.exe.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\workspace_perforce\drv\win\DriverInstaller\V4.80_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResPT\Release_32bit\SetupResPT.pdb source: SetupUIP.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA\| source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdbT source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\OptimizedDriver\V1.13\_Installer\bin\win32\release\Setup.pdb source: Setup.exe0.1.dr

Spreading

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\	Jump to behavior

Networking

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 2WW77JM.INF.1.dr	String found in binary or memory: http://www.canon.com/
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	String found in binary or memory: http://www.winzip.com

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\2WW77JM.cat

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data1.cab entropy: 7.99898791615	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data2.cab entropy: 7.9984126627	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_satinphotopaper170gsm.ic_ entropy: 7.99661565766	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg170.ic_ entropy: 7.99730308238	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg255.ic_ entropy: 7.99628257576	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw407.dl_ entropy: 7.99922915959	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw409.dl_ entropy: 7.9992325901	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw40a.dl_ entropy: 7.99920077777	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw40c.dl_ entropy: 7.99922424229	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw410.dl_ entropy: 7.9993062281	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw411.dl_ entropy: 7.99909118806	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw412.dl_ entropy: 7.9992514384	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\aussdrv.dl_ entropy: 7.99579648386	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaper170gsm.ic_ entropy: 7.99696080557	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaperhg170.ic_ entropy: 7.99750379964	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaperhg255.ic_ entropy: 7.99631361308	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_photopaperplussemi-gloss.ic_ entropy: 7.99655226464	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_premiumglossypaper2-280.ic_ entropy: 7.99675445331	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_premiumsemiglossypaper2-280.ic_ entropy: 7.99654459165	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw416.dl_ entropy: 7.99914969582	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw419.dl_ entropy: 7.99936386754	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw804.dl_ entropy: 7.99924980407	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ac.ch_ entropy: 7.99905966223	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15af.ch_ entropy: 7.99898735292	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ag.ch_ entropy: 7.99892123794	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ai.ch_ entropy: 7.99880867066	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15aj.ch_ entropy: 7.99896393661	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ao.ch_ entropy: 7.99859875631	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ap.ch_ entropy: 7.99888599007	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ar.ch_ entropy: 7.99893916265	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15as.ch_ entropy: 7.99880078106	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15au.ch_ entropy: 7.99888576809	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfcgco.dl_ entropy: 7.99894945879	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfdpkj.dl_ entropy: 7.99292243382	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfdpkk.dl_ entropy: 7.99292021064	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwiosif.dl_ entropy: 7.9929455418	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwiwebi.dl_ entropy: 7.99401734475	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwm.dl_ entropy: 7.99949090904	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CAB1.CAB entropy: 7.99762462343	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwmui.dl_ entropy: 7.99890767576	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwp0rsw.dl_ entropy: 7.99860580628	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwp0rsx.dl_ entropy: 7.99725814889	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvprev.ex_ entropy: 7.99872123548	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr407.dl_ entropy: 7.99412143724	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr409.dl_ entropy: 7.99299784995	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr40a.dl_ entropy: 7.99381711537	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr40c.dl_ entropy: 7.99407923623	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr410.dl_ entropy: 7.99362085734	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr411.dl_ entropy: 7.99341760079	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr412.dl_ entropy: 7.99382397339	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr416.dl_ entropy: 7.99485451015	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr419.dl_ entropy: 7.99333128735	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr804.dl_ entropy: 7.9939176795	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnww77jm.ci_ entropy: 7.99738783352	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10dw1.ex_ entropy: 7.99882424278	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10ew1.dl_ entropy: 7.99899187399	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10qw1.ex_ entropy: 7.99922297001	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10sw1.dl_ entropy: 7.99612105952	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10vw1.ex_ entropy: 7.99874352262	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1csw1.ch_ entropy: 7.99113453055	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1csw1.dl_ entropy: 7.99392929791	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1dew1.dl_ entropy: 7.99388734601	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1esw1.dl_ entropy: 7.99318493668	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1frw1.dl_ entropy: 7.99418596704	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1itw1.dl_ entropy: 7.99363122128	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1jpw1.ch_ entropy: 7.99083568923	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1jpw1.dl_ entropy: 7.99391148715	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1krw1.dl_ entropy: 7.9924551554	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1ruw1.ch_ entropy: 7.99000288079	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1ruw1.dl_ entropy: 7.9932407923	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1usw1.dl_ entropy: 7.99346552348	Jump to dropped file

System Summary

PE file contains executable resources (Code or Archives)

Source: SetupUIG.dll.1.dr

Static PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped

PE file does not import any functions

Source: MUI.dll.1.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus25.rans.winEXE@1/223@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491

Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File written: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\UninstFiles.ini

Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static file information: File size 45428392 > 1048576

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: Raw size of _winzip_ is bigger than: 0x100000 < 0x2b2e000

Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb source: Setup.exe1.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallressp\release_32bit\UninsUIS.pdb source: UninsUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdb source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\Uninstaller\UninstExec\Release_32bit\UNINSTALLER.pdb source: UNINSTAL.exe.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_32bit\UninsUIR.pdb source: UninsUIR.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdb source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresus\release_32bit\UninsUIU.pdb source: UninsUIU.dll.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_32bit\SetupUIS.pdb source: SetupUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_32bit\UninsUII.pdb source: UninsUII.dll.1.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_32bit\SetupUIJ.pdb source: SetupUIJ.dll.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_32bit\SetupUIC.pdb source: SetupUIC.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdbP source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb85bd source: Setup.exe1.1.dr
Source:	Binary string: E:\DrvSrc\savesetting\FileSucceedPlus\Release\cnwiicef.pdb source: cnwiicef.exe.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\workspace_perforce\drv\win\DriverInstaller\V4.80_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResPT\Release_32bit\SetupResPT.pdb source: SetupUIP.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA\| source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdbT source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\OptimizedDriver\V1.13\_Installer\bin\win32\release\Setup.pdb source: Setup.exe0.1.dr

Data Obfuscation

PE file contains sections with non-standard names

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: section name: _winzip_

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\cnwdsck6.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CNWIDSCK.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\instpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\InsCmn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\MUI.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAC.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAF.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAG.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAI.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAJ.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAO.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAP.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAR.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAS.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAU.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_C.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_E.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_F.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_G.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_I.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_J.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_K.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_P.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_R.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_S.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Spanish.txt	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\cnwdsck6.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CNWIDSCK.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\instpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\InsCmn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\MUI.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\CHECKSUM	ASCII text, with CRLF line terminators	062A9BE7256B73903D779201BBCA0DCE	1291CCEDD83D0AB1C21C697030FA6F52E319EA7A	AD23B9D984C7538349B7967D2EBE431473ABBA9FF277170A8505F9186B807A91
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\2WW77JM.INF	Windows setup INFormation	C04067F2C3A4DA675A0CD44D099C3530	140CDCEE55CA6AA1C0314ED3295FCD5610AF3FB6	795D41C331E8AEE290D1B1DBB81DFD0FC2ECB5CB8DCFBD4AC537E898061D22E9
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\2WW77JM.cat	data	5F2C3A9F97DBC523E76DCF6CC06FE718	BFF03913D6BB1966D8ECD7B15AF0594698082FFD	C77F3BE1DFFBD8292C46CDF6D01FC2F41F955507D0E82CD013274F80F5B4F003
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Chinese_Simplified.txt	ISO-8859 text, with very long lines (556), with CRLF line terminators	84F1A3414FC5E59A01D1371B60762473	ABC50BB4BDD4F73243B8DEE900BA29547AA44115	7D6E59098345CE6DEDB10C9AE587E238BE5C8FFB79F5FB73A2B5A8FE69B6E759
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_English.txt	ASCII text, with very long lines (993), with CRLF line terminators	21B4826B9A788654BD3E176C0EA03E79	444E221C3363AC9EE4CF6F055B8734677BFAB40A	A8F4168AC82D20208ACF0E438E4F8BE699C917B80F16569AFF88FDD463D12CE0
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_French.txt	Non-ISO extended-ASCII text, with very long lines (1165), with CRLF line terminators	7068743BBC999414A3F49531D493B0FC	A27387EB27DDEAED59ACE6814D69E28201C13A7B	46D37C4535B316B69A524CC7ED68F78193F921799D7248CC64B9F4C679048EAD
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_German.txt	ISO-8859 text, with very long lines (1154), with CRLF line terminators	24B0A301A2E3C0884BEB4D29DE7C73E5	83A69FAB2D1BF97FE56F5D933D2D5DE80EF4E566	BDBF04A18A4888746C15466093FAFCA9915CDCEC9CCDF39DB3A3EF45577CC246
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Italian.txt	Non-ISO extended-ASCII text, with very long lines (1028), with CRLF line terminators	330ADC5B9E5EA76442E580AE5AC6E513	9DF46F24FBEF8F4E65E1AF0DDADAE9A2253A3375	05196C4D38C4AAF9C78A48D4C48F2F31FBFF3D29B9BD046B59D8CEB5AD895DE2
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Japanese.txt	Non-ISO extended-ASCII text, with very long lines (518), with CRLF, NEL line terminators	6F37BCB885CB45B3514F2223928D425D	75ACD8492ED79D0A7CC99321F8B8DFE8AB3E2593	B8F1865A7F6AC2D63ADB7858D30C8C71FE5CEC2163F57B8FB8C92B624E08724F
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Korean.txt	ISO-8859 text, with very long lines (530), with CRLF line terminators	3063F7E7BA5D993F5E7FDF53825C7E22	C272289AC23876E76DC4D9BA79C6C6FF91C8E22D	2311CFE6E11A4BFD25ED02A03A29076BED4416B870B732AC118973097F67591C
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Portuguese.txt	ISO-8859 text, with very long lines (996), with CRLF line terminators	F04FC57019B68468E9715F9DD05E8EDD	0E49CD41477E229DA83AEF50700C2B3F7612F85A	02BF92B1BB0780C4B8BD427F111DA94E752DCE31DB33364EDCD219AD50167B92
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Russian.txt	ISO-8859 text, with very long lines (1182), with CRLF line terminators	E2E0D0918D3CF3C97DF5A29E0978B669	9D2C3D4EB62606E101536D6100992DF2DCB06902	48CE910355DC327EA22B4E01A023B82AE6922EAB0021824C7D36486EF1820B4E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Spanish.txt	ISO-8859 text, with very long lines (1087), with CRLF line terminators	6F72B77E2FABA49A63D77C62B3B6F339	E99A4B0EE191B2E3AD932BF250E2A8F1FF003EE8	2A4DC0F2FCAC7C59A0516B0729B41D94997B666C4AA46E0E982D50582ABC8E59
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Chinese_Simplified.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	9DA4C636CE5ACE145BC20A2CCC1EFE4A	D0158CA8BFA7281EF4CA87BB67D9581B74ED333D	F585A132179EA855943E87887F60F7A608A35353853C92C2AB7DCEB31E45AED6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_English.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	DD771D7F95883DD717CFE031A1A59EE5	928EAE01941ABFCA357B7680B4C06529ADD1B709	7CBCC11C2590B5FF2A1B962740D31192EB3E468D1E2BD6638DDD570FDA11AA3A
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_French.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	4926621A0A5CEE8314F429E38B95EAC9	E7ED39F39CD3DCD462C8F26858665C209B700930	D9D33D5E114459BEF7196EF557E62FAABEFF855797338AC6DFAA87B31D4CF98F
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_German.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	F10E8F3C93BED928171BA6048BFB976B	92A688C7F95CA90DF4E98CFC762B6ABC691C354E	3EB16FB3309F241C99FDFF087FC232137CA83812C490273050D9397CC7EDD12E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Italian.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	3DCACB08FF52AB9BCE6C534D688B796F	E9550391EF94296F5776B2E1A43B5B6A2825FF9C	D748F270D8A7BB402E04AED18FF9AD98AE241294AB3ED7FF0A3FDCBCDCB0CA77
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Japanese.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	76E68420C3FF65BDBFD033EDF62EA3C2	979F7005ACA0479DD841C8E0FDBF4CA5E2C6EFF5	A92C2508228203DBD98E1740A5D2C202AAFE967BA713E1D79F8E2A70E850983A
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Korean.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	9AAFD5F894FE4B235B0BED3F12E90087	8F6BB47A78278E4C9B287A2A33F1726BD9C2E043	D63AF7DFE4FC4CFE351E23B43F9AAFA1C54A889B3DC0A1EE2725CF5A054E9932
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Portuguese.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	2E12FCC6D5B515D32EE52CB4E3E56D4D	1C337260690B89C57BDD4522852240807C77E69B	9EFF15909BD01E92CFF9497CBE65A378E46B99601E38CE562489676D71A57EAB
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Russian.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7CF23C33D04A7598E872EB10AD27701A	2558749A25BE3D9D24276C87B03899C1A4350CA6	CF2DD729B993E4735E90B11D1119DB9D04208F67AF5A37EC7D9C10726A3C6602
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Spanish.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C4AB2B977975619A6413B96A3AD9F428	A704A2862FDC6822FDA99B37AA2BEBCB2019F695	9FAE191272F7F35BE82F111D06F732CB2DBA9D3E06F0C91B1F86F2475F907FF6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\aussdrv.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 59528 bytes, 1 file, at 0x2c +A "aussdrv.dll", number 1, 5 datablocks, 0xf03 compression	EF626A9732CD1149B6447AB9A8C3E6DF	48FE0BC32AAE22B0359C31DDDE635705D72907E5	09C0B436F4B6BBC81BB0862FB2AE7069B0CAE6195F3228489E206A1A735E2BA8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaper170gsm.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 582358 bytes, 1 file, at 0x2c +A "cn_ipf770_series_glossyphotopaper170gsm.icc", number 1, 21 datablocks, 0xf03 compression	171632A3EFDDC8037D4679F4E05C24C7	6AE73B7880854862E9A3B9C0D7AD7114F8F73EAB	866034D1030AA16E31AA36E8FCFC1750C4AAAAD9EF7D4605E739539F80879223
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaperhg170.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 581177 bytes, 1 file, at 0x2c +A "cn_ipf770_series_glossyphotopaperhg170.icc", number 1, 21 datablocks, 0xf03 compression	5DBEB5B8254CE4D463A7B1165FFC0AE3	F174AD3F1E58CF807732E51A061E299739102D4A	ED009A718960965CDB9ED1FD93EFD57C0DAA11F924A8512CFF96F0027CDE4D4C
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaperhg255.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 580011 bytes, 1 file, at 0x2c +A "cn_ipf770_series_glossyphotopaperhg255.icc", number 1, 21 datablocks, 0xf03 compression	ED9240BD74654F54DDDF63092E6E6444	98BA3A3F198909A8ECB900A0982BC787BF274049	8F2F500F9EC20B0D0DA800E00ACE0D23E588ED255E106840940FDD13C2F638B2
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_photopaperplussemi-gloss.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 587774 bytes, 1 file, at 0x2c +A "cn_ipf770_series_photopaperplussemi-gloss.icc", number 1, 21 datablocks, 0xf03 compression	4D20A17C7CD21891B36305ED6876CB56	C13CCE646480C5541C76BE46748762D02E887962	5662C5300B4DFE5F11C71BA8EB5081B84A35B31DF877ABC0DD346B9E2C3BE837
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_premiumglossypaper2-280.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 584569 bytes, 1 file, at 0x2c +A "cn_ipf770_series_premiumglossypaper2-280.icc", number 1, 21 datablocks, 0xf03 compression	79123C884B7D8078C48DACFE819D04C7	A734E596D0BC31CD7B6BF591A9F5AA8BBA61B5D5	E51984E3D54C3356D6E7A7393B661070BF44F5B7886ACFF864BF07F732394366
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_premiumsemiglossypaper2-280.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 584241 bytes, 1 file, at 0x2c +A "cn_ipf770_series_premiumsemiglossypaper2-280.icc", number 1, 21 datablocks, 0xf03 compression	3328D246FD3343BA718DC894DF95E8C2	F129D2E3C885627E4476891434951B0851B8A1DE	D41E931A0058B125936E13CE2E57FA32D044F2A8FDC90CE9064F1FFE80419E21
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_satinphotopaper170gsm.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 582113 bytes, 1 file, at 0x2c +A "cn_ipf770_series_satinphotopaper170gsm.icc", number 1, 21 datablocks, 0xf03 compression	26B4570C54E6F0E13529182CBC06E612	468CA7C197740DCB5448C80939FC0780EC48BE0A	E3DEC3B29723D6E98EDDC7B905FBF008DA08C56C0376DA82FF9D3C51690ACCA1
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg170.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 581294 bytes, 1 file, at 0x2c +A "cn_ipf770_series_semi-glossyphotopaperhg170.icc", number 1, 21 datablocks, 0xf03 compression	590929C72EC69E386474F45DFF23A570	315DD4773CB9BB90163A4A58980F7C64FD52528D	2ABEE508AAF92E4FD7CB71DFC23EB20D481465CD7DB7590E2A54FB008F265826
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg255.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 580024 bytes, 1 file, at 0x2c +A "cn_ipf770_series_semi-glossyphotopaperhg255.icc", number 1, 21 datablocks, 0xf03 compression	0B8A0B1B4CFC13E0D11AF3484607E111	06DA72D34648386CF830A685C43521811B256100	09941CDAFAC3EDC70B15E5B15BE1D6CBA022FBED101538F1C6B00CF28DC61FAC
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw407.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 912177 bytes, 1 file, at 0x2c +A "cnw407.dll", number 1, 142 datablocks, 0xf03 compression	361537DD787BADD366CB6DC8161C9F15	733520EB8D272155962B514FDC0CA82242C94158	346F97413E2230186ED6E5D6F5EEB4EBD596529BAB4AF7B02F93818EA1A7E959
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw409.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 910159 bytes, 1 file, at 0x2c +A "cnw409.dll", number 1, 142 datablocks, 0xf03 compression	3305BD24A956A08F77F61A8163948A02	F8C298366413D0C7A13019761DAEA2187DB5C3DE	230B7E678A1C74D05DAF89DBAF6038259577FAA285E73617D75D89DCB9299428
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw40a.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 911673 bytes, 1 file, at 0x2c +A "cnw40a.dll", number 1, 142 datablocks, 0xf03 compression	4065BD4CFC6A6EA200420220D1A250CB	1BBA5C1A394B5C0CD21245E7D97C3C849A199BB2	AA0FC65415BB3B6F86A57679ACD8DBE570B81D195C0585B9C94FBEF53F0E09FF
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw40c.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 912415 bytes, 1 file, at 0x2c +A "cnw40c.dll", number 1, 142 datablocks, 0xf03 compression	29E1DE93FA60F1850821E85E1305D32D	64448A1226FB664FEF80FB2C3E3F69E1D957FE82	58C2CF219B16CE43905349230AA2C2F03D66217F9D406CBF41D9DB01875E172E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw410.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 910987 bytes, 1 file, at 0x2c +A "cnw410.dll", number 1, 142 datablocks, 0xf03 compression	644B08360459B1D41D4937E11EE2A4B4	80F9F138694E6DB2DAB4A1E4AFADEE5CA9316458	595526908DFB33137EB15CBA0F1C760C3AC5023D4D8A6CCDAE1D9EB3ABA5DA8D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw411.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 907607 bytes, 1 file, at 0x2c +A "cnw411.dll", number 1, 141 datablocks, 0xf03 compression	6D8D4B2D060FE3DC29E33681D302DDFA	60646D0AD7252B64B188F31EDB897B3FA05EE30B	815C0497B737EFC88824F6E68BB8288B93A60AEBB34B4DCE7CB3A8C8D84448D8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw412.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 909691 bytes, 1 file, at 0x2c +A "cnw412.dll", number 1, 141 datablocks, 0xf03 compression	18C2FA7FB19893576609901FCBDF4AE0	5647BDBE9F2F77F762D7342E4835D586542FAB4A	D2A543A980233819C3D4065B6ACDD1F96BCC283308523A27751E61818778B14F
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw416.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 912829 bytes, 1 file, at 0x2c +A "cnw416.dll", number 1, 142 datablocks, 0xf03 compression	03A288631750387B1D446CF3B63406E9	44C97D3F96CBF228A59370629F5DF74B03C7F158	AC2DE12FACBA36D95345F7DA30B32117310F992C18FFE6C32F80668D81A545A3
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw419.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 913143 bytes, 1 file, at 0x2c +A "cnw419.dll", number 1, 142 datablocks, 0xf03 compression	F2BFAC94B82F96951DEF3BA518961135	C230E68C8C9C5B019210A54F9342C4774B5DC053	51010FEAA03B83E50432A4AEB8C6F81FF9B431356722D070D26E6F783CD6D484
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw804.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 906847 bytes, 1 file, at 0x2c +A "cnw804.dll", number 1, 140 datablocks, 0xf03 compression	99C44E76FD27297A946623B0B221BCC5	4BAB38C4441A8F863750CAE75BCFEC232B349C90	1A36A5E7AC7661B8D6460DD8DF441116D96A6F9B84663E1C15BF34B0375E3811
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ac.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 323401 bytes, 1 file, at 0x2c +RA "cnwa15ac.chm", number 1, 11 datablocks, 0xf03 compression	084C2B8EDA78DF0AA23978DF5557BD68	C2EFD1DF787792FFD00587E0D96AADD42F173E61	5A596FFDE52DB7F27139F5D2995EB9802775F8D3FDC6D00D65DB1F76361F0504
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15af.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 335995 bytes, 1 file, at 0x2c +RA "cnwa15af.chm", number 1, 11 datablocks, 0xf03 compression	DCA19268DA94001789CBA9B0D343B45A	A6CAD14CEB7A713292E59C3C0FF3DC62F511D90C	5A49457C24354D80C05A9A78BCAFABF9259F1B3A1DA4C772D39EF47BCD0F5972
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ag.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 337315 bytes, 1 file, at 0x2c +RA "cnwa15ag.chm", number 1, 11 datablocks, 0xf03 compression	FDF87ADE4BCD2152BCB1807FE5833DE5	C7921E6BD1CB008C205FEF2115D513324C607CF8	C98EBA7CCC187964C3191DB1A9A49A4A3B41D8258ECDFAAF9E4DA2A268989F73
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ai.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 335675 bytes, 1 file, at 0x2c +RA "cnwa15ai.chm", number 1, 11 datablocks, 0xf03 compression	9132E1520E305F3249B82A086D890B1F	17E4DB9061933736BEE0EB077E8771094139742A	7B282149B428EA202B8E4BF44E36BBCE0A4265F0500E0E58F13EC194A96CF16B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15aj.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 344943 bytes, 1 file, at 0x2c +RA "cnwa15aj.chm", number 1, 11 datablocks, 0xf03 compression	118EA60F6B536AE5782F82BB92E5E5B2	6C09955A8B7C97053D1493E34F151F89D811541F	883B065009771B869BA2977CEB057CA4EFBEF8962864C24DCECF4EBE1E5BFB26
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ao.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 335721 bytes, 1 file, at 0x2c +RA "cnwa15ao.chm", number 1, 11 datablocks, 0xf03 compression	ED5D7BBEA4F30CE7C93671CA66CDE5D1	6C4C0A4F3481B30ACB8D883BB7D6833811E7ED86	64DC3E5D6A27CC1D54E96905B6FA804EBFCDDC4E2AABBAE6E29FC8247A86EA08
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ap.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 313797 bytes, 1 file, at 0x2c +RA "cnwa15ap.chm", number 1, 11 datablocks, 0xf03 compression	9E83A7BA81E69C1EF84682AD701CFFDE	92C67EC4D25FA0D6956F10B2AF21D3C0BD5613A6	B7A8A9AEB54CF4A1CCEF43C44DF6385A19C210134844C7420DF1C559C98F6D8D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ar.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 329311 bytes, 1 file, at 0x2c +RA "cnwa15ar.chm", number 1, 11 datablocks, 0xf03 compression	5D8FC712D842449BE920533E9BED835A	EB41903BB0A34223FF3757222896553F924DD47B	33F8BA6F11B90FEB4A92E655F48DCC569B11AFDDB53F7E7BB75DE75CB12AFA74
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15as.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 330539 bytes, 1 file, at 0x2c +RA "cnwa15as.chm", number 1, 11 datablocks, 0xf03 compression	5C27D6E52F41C6743F554987CEA4F942	986BF7FB7D357AD131F0DB379AFEBF5CF33A11F9	AB63F11AD9552B6CEC3D0446E50583E7E4C73E15D81AC6A2047A92D264CFDE95
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15au.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 313797 bytes, 1 file, at 0x2c +RA "cnwa15au.chm", number 1, 11 datablocks, 0xf03 compression	E9B6253228B5980379720A983BF9C19C	B7436E1C7112F253436BAD0D16109BA68E30583D	EDBEE0CD4B5BCC4F826B0C1373921DAAAD16097BACC5684D12ABD18B1B958685
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfcgco.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 293487 bytes, 1 file, at 0x2c +A "cnwfcgco.dll", number 1, 24 datablocks, 0xf03 compression	A1E68F3E2AC37033D4955BBA7416F757	13188AA4E66DFBF2DD26EEB39EBF308059A970ED	FB27123E647B21FAB286B784445D9EA4FF9A8822639D479B36F76E77FCA1BE70
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfdpkj.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 29773 bytes, 1 file, at 0x2c +A "cnwfdpkj.dll", number 1, 3 datablocks, 0xf03 compression	1AE88EB66852799B053D72D6E2E4DFC0	E46CA3E86A2F469F6ADE94912B1865C826F28F11	CECB73816FD6A75388B3D39C7A9CEA159E179C9AE88435B289E3B80B379B37EF
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfdpkk.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 29773 bytes, 1 file, at 0x2c +A "cnwfdpkk.dll", number 1, 3 datablocks, 0xf03 compression	D68F8FE35CE998A92F1DC166195866A8	12F087EE6C89766B5260AC038C40A9A2651A5B78	F71BA00E42F1F10BE0D475DCB3F51E95642D6C54AC30C6FAB76C49682FBB714A
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwilmnt.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 23127 bytes, 1 file, at 0x2c +A "cnwilmnt.dll", number 1, 2 datablocks, 0xf03 compression	1587587B3E5ECEA3A219FB693F340587	C6D2361BCE48A37C09C8F2CF7B7D263B4020F511	A229AD8C422AE90377494FBFDC2122F4C7A90D0B15A787570B5E00CF5F0A4490
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwiosif.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 32001 bytes, 1 file, at 0x2c +A "cnwiosif.dll", number 1, 3 datablocks, 0xf03 compression	A4C527C5966E356AA0A5643AF58EB946	93809657A1BCB0A9AF605704BFB882BCB955A124	5DC3D610B755C9DC3FDFC7E46E59C7356721211E03BA73514301ECE27107F68B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwiwebi.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 36557 bytes, 1 file, at 0x2c +A "cnwiwebi.dll", number 1, 3 datablocks, 0xf03 compression	C911410195FBB6634BEBC484A1DA54C5	D63EFCD05706A46C9B4EBFE63829BFB731C75CCE	8EB436A0B176F35C1CC17B6A7FC46C7F879D41527FEA16099F1BFD14B63B4CF8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwm.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 534969 bytes, 1 file, at 0x2c +A "cnwm.dll", number 1, 43 datablocks, 0xf03 compression	02C9F5B25F57A3AF2051F3CAC965CF48	F00F4E8DF60FD22FAD66D41E9A9F1E70DB3FE671	0D4B2625DE17CC08046CB3E07D34215C9C9D494BCB93E8C51410D17E9A6AF3D3
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwmui.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 830305 bytes, 1 file, at 0x2c +A "cnwmui.dll", number 1, 81 datablocks, 0xf03 compression	A01DB86933CEA3A96D5A1DFDE1A1C29B	1A9FCAD35A7601825E1CB5B5AD95909F5FE3AEEF	4AEB508029582B25A0E0049CC116569519B832D094783E5D0B7EE8B02D110C54
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwp0rsw.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 366459 bytes, 1 file, at 0x2c +A "cnwp0rsw.dll", number 1, 33 datablocks, 0xf03 compression	D5051C078B76AE4191BD453D80832168	E17AB0A968105B2554AFCDD229B4350E1F15447F	8A35D7326605DED72C7535602A03F4240BD9FE2043EAB94D139EB3D0E2C1EE6B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwp0rsx.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 88555 bytes, 1 file, at 0x2c +A "cnwp0rsx.dll", number 1, 8 datablocks, 0xf03 compression	4045477A69CE205F12C699DE134347AC	35EDE5D4E51D9BA0A0CD6418E7446C72E3AFCCF2	D4D997DA9ABC9BCBB1825FEAEA5331359E1D88DFF88EEAB7FCEAC2D17FCF335E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvprev.ex_	Microsoft Cabinet archive data, Windows 2000/XP setup, 366693 bytes, 1 file, at 0x2c +A "cnwvprev.exe", number 1, 33 datablocks, 0xf03 compression	F699523E9624142F0AC025F74848D24E	32C288D465B80B69BF56E8BEFC6D66A0C05CE049	E22153A39962662EE21BCB13EB5CD3BE63E6FF201204818A9382683CCE94B925
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr407.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 209131 bytes, 1 file, at 0x2c +A "cnwvr407.dll", number 1, 70 datablocks, 0xf03 compression	60E6E8F8FD2B563AE79697390F159573	6363784FC0E84E4F232697F2B9ECA73B0194F0E9	D8D63402D32A24C6934D96E4B706E99240271C7331B554637EDD1276CDBFED98
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr409.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 208855 bytes, 1 file, at 0x2c +A "cnwvr409.dll", number 1, 70 datablocks, 0xf03 compression	DC5E66288EBCE5CB681B340A793163CB	4679225C5F101C7C7E3CE7D2B7BD17E576C17954	DCD6373F69B6494E495270DF363DAFE40A2E8F927CFCE42718E4C0D735912885
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr40a.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 209105 bytes, 1 file, at 0x2c +A "cnwvr40a.dll", number 1, 70 datablocks, 0xf03 compression	E043FEF77D117898E65AF383C8B3F331	7AA136DFAE0A1A49114ABBDCE76416F05E907E93	B35DE4C305D8A685ED4CFCD312E3CF156059DD19D2FEACC7BD94D324D3D6A48D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr40c.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 209189 bytes, 1 file, at 0x2c +A "cnwvr40c.dll", number 1, 70 datablocks, 0xf03 compression	DB14138E65FE820904E805C609CBEBA7	8CE2392AAA3967D4FE0369DC9204C692C10B936C	726F61428F86E711F98AC6C66CA6847E706595DE015549DD0BECAB7381CCE6C8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr410.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 208585 bytes, 1 file, at 0x2c +A "cnwvr410.dll", number 1, 70 datablocks, 0xf03 compression	45C98AEDC3C53BBE99312884A375B225	F2E63B70E7A21170E34C76BE92BDF3F8BB24DB16	9A18707C051B1454C573DDED4A49987259324CCB8615267CC6316D505C8AD5CE
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr411.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 208889 bytes, 1 file, at 0x2c +A "cnwvr411.dll", number 1, 70 datablocks, 0xf03 compression	B06A86D47E83969DD21FFD90AD56330F	2DA3E55FCBE4683E1279B0695D647809044D944D	10777592D23743C9C0DBA4475B1A88178554CBA62080BDF38874BB5535440672
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr412.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 208995 bytes, 1 file, at 0x2c +A "cnwvr412.dll", number 1, 70 datablocks, 0xf03 compression	10BAD47E7BC95D7F0EB12EC579711089	BA4B86E05A3D121D8EF4774AE3351060EDD5A32C	2A3E9762207CEA075C15E99723D4D230A49C22EE6C492C122DE096E5B1CF0C14
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr416.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 208849 bytes, 1 file, at 0x2c +A "cnwvr416.dll", number 1, 70 datablocks, 0xf03 compression	19B02C9369D912296DB5FC7698CDF2CE	9D6EE2791A55C1BDE9A369A6B945902C0CAAD505	B2E98B2174163DDD0CDC7FB58FC0BE6CBF01300A85E735431D5C288CE08CC719
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr419.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 209479 bytes, 1 file, at 0x2c +A "cnwvr419.dll", number 1, 70 datablocks, 0xf03 compression	3299437DD8A61BD67704D417ABA41F66	C135E970750B220E87A4E7E668FEBC2647986929	826D11CE170B4C3E282B9FBEC02B952E6F5336E7DF37A139F7E72F61668A6993
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr804.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 208667 bytes, 1 file, at 0x2c +A "cnwvr804.dll", number 1, 70 datablocks, 0xf03 compression	16BDC61FE7A01DA806CE2EAED1985A71	BE0AF4F58718D94F19512432DEB92234971C7762	35C69732817176256AA9D0D8037E3260F48414C887E90236A95CA1C65D50D303
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnww77jm.ci_	Microsoft Cabinet archive data, Windows 2000/XP setup, 4171289 bytes, 1 file, at 0x2c +A "cnww77jm.cip", number 1, 150 datablocks, 0xf03 compression	9BD211F50DBA6D46B66DC62B805BC5C7	9302049FEEE297B20C0EF8AAB7FAA6E1823061A4	5E8A8A81FEA2644D865E223C54583F47392CBB127D9371D244163B4F4F1DC581
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnww77jm.up_	Microsoft Cabinet archive data, Windows 2000/XP setup, 11717 bytes, 1 file, at 0x2c +A "cnww77jm.upd", number 1, 2 datablocks, 0xf03 compression	8AB85539B876EC3351F1ED7A46DBE8EF	2EE9DD2610DE5365F959C2E36359E60F26CD95A4	FEA8B43D0E37435011BD1A388A299E82C4AD2C2A490625C1D1A57C9E8D4F185B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnww77jm.xp_	Microsoft Cabinet archive data, Windows 2000/XP setup, 2175 bytes, 1 file, at 0x2c +A "cnww77jm.xpd", number 1, 1 datablock, 0xf03 compression	8CCA7D66FEDBA4CF9B7C1226CB9ED042	2AC5DAAF9F2BF1BD7B6DB6AE4E3210A5837CEFAE	784FDCB4005EC965CC71DB0CA49276ACA697BABEB409295AC4A701096E5D1681
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnww77km.up_	Microsoft Cabinet archive data, Windows 2000/XP setup, 11717 bytes, 1 file, at 0x2c +A "cnww77km.upd", number 1, 2 datablocks, 0xf03 compression	83C66E96B4EE11B28F6200E30E7771DF	70C4C016C66F3F5C8FE9601247869E451CBEF70E	49A48D50D89BBD929C7C249A875924745701F124D2F0021CF66530BFB92234A0
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnww77km.xp_	Microsoft Cabinet archive data, Windows 2000/XP setup, 2173 bytes, 1 file, at 0x2c +A "cnww77km.xpd", number 1, 1 datablock, 0xf03 compression	471E774066EBA61C551DD43A184ED5F5	4ED586377E51750554D64D334C08991B9CFB362A	4DDA57B5D0882167F9DE1487FA225B4460D47D07FC5FCFD68DA36CB1C906F45D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnxp0log.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 831 bytes, 1 file, at 0x2c +A "cnxp0log.dll", number 1, 1 datablock, 0xf03 compression	6184303E51F005FC6B46C34905C3517F	78AD10326C394675D68E31154C0B850F74F8F4C0	430323862DD7C16DF00C2CA7668C1FA0074F114934BDDE61623AC6D2064EE174
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnzsrgbc.ic_	Microsoft Cabinet archive data, Windows 2000/XP setup, 4521 bytes, 1 file, at 0x2c +A "cnzsrgbc.icc", number 1, 1 datablock, 0xf03 compression	4D16508F38B0F855E613752B3EDE9321	21B4225BA0B599DCEADD0344F90D163049C175E1	12FA79752C1BD0AEE11F8615E9516AE469D94850CED7F30DB93D98CAAE54CF28
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10dw1.ex_	Microsoft Cabinet archive data, Windows 2000/XP setup, 301213 bytes, 1 file, at 0x2c +A "cpc10dw1.exe", number 1, 25 datablocks, 0xf03 compression	7098DD874F6191A3E9A480EF9A3B2CB8	C35B5CA7EC29810D749B952BB879E8EE9B13402C	F4CC11B2C24C7FEFF4AD4CA55031722A638ABDB0966193D97F15BBE8ECD8FB37
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10ew1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 290803 bytes, 1 file, at 0x2c +A "cpc10ew1.dll", number 1, 30 datablocks, 0xf03 compression	38C0A1992D546A9F47CBC92B59C5F39E	6BBFCA012830B148167526B19E5C0E7A30713A68	7878DAAEC401E3167E5BC865C836D3F2D6A51DFCE1F1698D42315B3D39FB22E3
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10qw1.ex_	Microsoft Cabinet archive data, Windows 2000/XP setup, 312231 bytes, 1 file, at 0x2c +A "cpc10qw1.exe", number 1, 35 datablocks, 0xf03 compression	ACD157DBE12B204CE3A6B85C5F940341	343510C4D9371835CE83FC3200346C0EF094B693	F0E51910F735A05B6C0537736D0F8A9BA3AF13DA4D351D7B0E7E5EED1EA6BB7B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10sw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 130633 bytes, 1 file, at 0x2c +A "cpc10sw1.dll", number 1, 10 datablocks, 0xf03 compression	CE8056584CF9E7D434B27D51FE55AA43	3275124CD614C827EECD4208136F858322CDE794	2BA48398A464F0A22EB2CB059658A14FB223A307627173095F62ECF4BA896477
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10vw1.ex_	Microsoft Cabinet archive data, Windows 2000/XP setup, 258223 bytes, 1 file, at 0x2c +A "cpc10vw1.exe", number 1, 20 datablocks, 0xf03 compression	2D543A44AFA74D3E01BE1ABFA0AC84E3	2029BC84A0502DAE229628F2EF9F025C426AAF67	A6E24135003F57C4811215C87B97032DEAE88C2A9E5E32CEB6A471AD253B1B5E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1csw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 21031 bytes, 1 file, at 0x2c +A "cpc1csw1.chm", number 1, 1 datablock, 0xf03 compression	DEB143D9EDD461B4BF6324A6B68FE4FC	E8ADAE502CA747510752ABB2E0EF9A0085677666	72F26A2C7F5444B302A051DC77DF73F048B3AE565707C12016DACCA922DAA3B6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1csw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 59263 bytes, 1 file, at 0x2c +A "cpc1csw1.dll", number 1, 18 datablocks, 0xf03 compression	DF995BFAC9015B39B594DE9C23592785	A554480050789FED9B7259666E4B3E3C4BF2F5C7	216B075650C3F7CAE1EEA3BD88AFE51DB3A14C5EE92662BB979513C4CDA3C19A
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1dew1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 21185 bytes, 1 file, at 0x2c +A "cpc1dew1.chm", number 1, 1 datablock, 0xf03 compression	D42F318289E7E4F1658948981732FF11	7CBC33D7072FCFFE6B0246DBDC91377ACC9E2B5A	76D197529C2203C010BD951F18EC27262FA2BB7F19147544B5DBBB18F35DA48D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1dew1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 60775 bytes, 1 file, at 0x2c +A "cpc1dew1.dll", number 1, 19 datablocks, 0xf03 compression	2AF2BA4269FBC3E01FE23CFF45E79FEA	331A93684466111C19A972D6E235EB75B32C6F95	CE031110B9ED9DB5A800F92A7D89F85D6EB733F77667273E644EF45BED5A47C9
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1esw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 20921 bytes, 1 file, at 0x2c +A "cpc1esw1.chm", number 1, 1 datablock, 0xf03 compression	C43FBC4BCD87C09CAE556BBCF05E552C	CD48F569CB352E41A8751B9348CC99AE368F1A8B	3254F0DB1835AB76BD2F8F9A96C15912FECBD6E455855B644DE08E837375CB5F
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1esw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 60549 bytes, 1 file, at 0x2c +A "cpc1esw1.dll", number 1, 19 datablocks, 0xf03 compression	14B58FBED0F6140C24D480E14C6D6B97	B56079AB7F6CA65E0FF99F6CEC71F1FA7B2EDC5C	83C45FA4B047BCB00EBCF559AC557EA9C752F705AD1611D4BEFFB1815A006484
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1frw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 20717 bytes, 1 file, at 0x2c +A "cpc1frw1.chm", number 1, 1 datablock, 0xf03 compression	5072BB858D3CF10E5373D353C82C6FA6	CB52473749D5C02B286699EB96DDD8B4D8B8B1E8	FAA72DB770C5C6D64312D6C8504D779771E61A2BC07521F1D76478AA6862CC3B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1frw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 60541 bytes, 1 file, at 0x2c +A "cpc1frw1.dll", number 1, 19 datablocks, 0xf03 compression	4D978F12782191CB4F74143D57956CFB	81096CA5AC8BECFFEAE762805C53EA985545B78A	B558A31B0EDD9CA77C43AF3F65E585F2C56041BA6E5E80EC5857C0994748F6D1
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1itw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 20741 bytes, 1 file, at 0x2c +A "cpc1itw1.chm", number 1, 1 datablock, 0xf03 compression	79FB1BF504170A709AAE0EA2A6AEAB08	9DB70657C3ABBA40174956D9C22F94C5083F9044	8244536F1573F5EEB607AEDE7267BDAF92EFB72AC9D31FD967136EFA6F358456
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1itw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 60275 bytes, 1 file, at 0x2c +A "cpc1itw1.dll", number 1, 19 datablocks, 0xf03 compression	8907FEC1B2898FEC847D17CDF6681034	EFBED1EC045E4452F7A52F0A2A3D8018D562D3F4	FE0275936203A7C891A9C1023974B6920E15E83210DB8EDAA06EDB689BD4E066
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1jpw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 25613 bytes, 1 file, at 0x2c +A "cpc1jpw1.chm", number 1, 2 datablocks, 0xf03 compression	B26BF8C2D47385E64A79F88FCFC855CF	00F1FBD52DA58DFF16F4660B8F10F2FB5484BBD2	64528E6F2BA1868705800D55C64B3D4CC88A51ED69F9714A87C1FD98D65F8120
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1jpw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 59311 bytes, 1 file, at 0x2c +A "cpc1jpw1.dll", number 1, 18 datablocks, 0xf03 compression	D15AA101A9AA9BD8B9C3392C51C8F051	A750C061C267B1AD50B14EADC21A25039A9D3CBC	ED247FE9994F00B2AC281E86821DB638C91BA718AF4547CCFA394417B247F8ED
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1krw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 22229 bytes, 1 file, at 0x2c +A "cpc1krw1.chm", number 1, 1 datablock, 0xf03 compression	11A59185975E62241E7286F9EB3912DC	CB263A8BA80BA9E056C67C444872CBC2C92F2D76	A73B5609FFCD45091B24E598C00079A8995E8887CD3AEBF2153054E7ED52CECC
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1krw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 59743 bytes, 1 file, at 0x2c +A "cpc1krw1.dll", number 1, 18 datablocks, 0xf03 compression	1B76D2CC0C819DD607B14FE9C9F23F86	B75C2BB5C2ACE935DD5B925C39CD2FA5AEE0012A	AE1108C9ED1012DE87E66031F33E8E011229F6E07165774671B6528EAEA7CF82
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1ruw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 20955 bytes, 1 file, at 0x2c +A "cpc1ruw1.chm", number 1, 1 datablock, 0xf03 compression	E5F4C25D0E2E5FA5D886EC41C4C73399	018345047B6CA3727F5BF505B1D8D88E6DAF1B76	82A749DF7A90CDBB801A61EE0D3955A16EEDEA5E7A6D1FF4240071A1EC6F8117
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1ruw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 60923 bytes, 1 file, at 0x2c +A "cpc1ruw1.dll", number 1, 19 datablocks, 0xf03 compression	6B2BD474A0B2F11F44F79B3E2C026FD4	95E5D6CBAE081329971259F9CB8466251AA88BF2	C5CFC65A86C2A00AC92AAD81093348A9B4974C3267EEA6C05C6B0BF43E021859
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1usw1.ch_	Microsoft Cabinet archive data, Windows 2000/XP setup, 20721 bytes, 1 file, at 0x2c +A "cpc1usw1.chm", number 1, 1 datablock, 0xf03 compression	BAC1D12EE6072FFD34CAEFCFBCBEDACC	51EA2E7E8BDF66642ECA7F9C2E892EE6A6BC1918	79DEC1B5394142ADDB312CE25DEEB129F8E01E664E673C3855257E1E6DB51B9B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1usw1.dl_	Microsoft Cabinet archive data, Windows 2000/XP setup, 59985 bytes, 1 file, at 0x2c +A "cpc1usw1.dll", number 1, 19 datablocks, 0xf03 compression	68F73C00BC4345E0F67A76DB1F2CCF76	E2AEF81EC5E41BC3EDE650F84A8694CBF7DC85CE	C73030F469DF8A98A9617DC9788D6DD0D0FA571887B27BC6A9E78578803360CF
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\CHECKSUM	ASCII text, with CRLF line terminators	457FB300CB956C6DCDAB8DFB6163514A	9B03F553EB8720D9EE13BC64F30CFA88C29E7B6B	266EC8777C33647F14CAA79CBD9F59C0106EB1D61724BFAA9F4A41A5C2E1C169
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data1.cab	Microsoft Cabinet archive data, many, 744649 bytes, 21 files, at 0x2c +A "CN\setuprsc.dll" +A "CN\uinstrsc.dll", number 1, 98 datablocks, 0x1503 compression	0C3EFD4FF34272D31246C84DE34FAEB3	597734B432786E53C306CBA0DD43F25B7616D2D5	19704FC83E46C6456D18BFD941334D85F0943F09D1F85EBA8F1EC171EA47FCC5
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data2.cab	Microsoft Cabinet archive data, many, 7140158 bytes, 95 files, at 0x2c +A "Canon CIW Extension.dll" +A "cnpdsdk.dll", number 1, 1409 datablocks, 0x1503 compression	FC1647A245517EC4FB2D9E6A819F73E9	DCDFBEB1316EBBE349AA524B7D68F8ADAD421153	8A65A730A04BEEDB4D15FA9165F70594A6D8939198D1C1D822003899CB185D3D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\UninstFiles.ini	ASCII text, with CRLF line terminators	0EF1A18517D5E71B570AAFD0AB865D2A	088DB4117C580A29926ABBD7A8FF57C5FB613986	17F1C325113564B9137C809CF765614C5FF0DEA349EFD1B042DF5633A1653B12
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	PE32 executable (GUI) Intel 80386, for MS Windows	5DB3A7C727EC6F96FFE8143F51050E4B	32E4DD5280631A4B7FD0799819240427F12AF033	AB38F79F16412AF0E45F4534169EA8A12D3DCF2DA7972400C9A2F73B137AA6AA
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	PE32 executable (GUI) Intel 80386, for MS Windows	112D16F4953028396BB688C92245FE80	28C1CD8D5394054BB1260B1E2C0610688014823C	B3A837123FE89845AE9ADC9F74BE3378E118AF4161EC6CE0C93786AAD1192F56
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\getinfo.ini	Generic INItialization configuration [OldVersionUtility]	6323691F8CC8AE9109C77821432AD37A	E825BBB98B22669FF0F08888CFB5B935BA9AE277	81A57469082594DB157F198D20B149458C495A711D7EED21899CD980FF9F6300
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\instpack.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	13E42311A567ED4B6EC9A2353C52EB21	D63C9FCB9284E405F197B6321E0019DAFA15D333	9ECCEAA10559890BA7CA2CD15B4E05D46B711F57DA71471050FF95022B578490
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\reg	ASCII text, with CRLF line terminators	CBFD831195C9945C6781DFAD928E5488	FEB1A1EDFA9D63117F92690074FF2F4FC1C20FB3	78420DAFE36759D96E901AAFD8D19AE2C5181CB2DF934318DDC59F750D09C107
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\MUI.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	6CC88E59C0D504A7F07BAAAAD334C78D	788CB3A838ABEB99FFB8AF3A778DC68A53511BEB	75C4A01FD9A76C95BB6B4C434617A171434A99C29C18C99F48BA32E74FB4908A
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Chinese_Simplified.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C22F53722C3983AB43AAEADE1985B27D	5DE4A4581948D4BB9A2290008B17D4E5E2536B32	5F9DBA76332FBAB28A22DB359CAFDA44B80E828F70DFC16879D1BB1170778B79
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_English.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	368FBBD6A5687F37732FE076C59D09D0	3663B82569B02A9B1A6D609CC0ED875FF76024EB	BF15CED9FC932528C9B69F2E20A324CA2D4F86AA673225B7091F9B79BF197368
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_French.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	1D8492F4C1B886298C82BA839E949855	7AD8238C2DED290579BB909551EB7933526770C1	AF14589AB8AC6F1CFAD5BC0A3435D91FF32C5A938860FD23FD10DA728BB504EC
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_German.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	185D4BE988C4D909B81230A44C9B7772	05029B4CDA6C15900348576D47B1FF0EECD8C4E4	BDC79E50CBC2CF82438B9344767548DC1D656ED0397D108498474EEC251F49C0
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Italian.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	AF3AB2001AE1868F298E0955739899E9	3C0BAA07087B3C832D0FF1CCFD01781CBA554B1A	FEE806E9A5650B731FAD6CFFA6D18FEFA781E03430CAB4B6769156D1F3A4C8EF
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Japanese.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	5484BBBA0A02C485E4DCFEBAE1E05A8C	FBFA4E0121399725DD08E0C8B8DBDE62E54F91EF	E1DBA83137E6C9B2983BFB126E5C6C30D30328BFD494E61222F2235F22B9EA50
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Korean.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	259198514273F116215247577C102C56	785810D607CCE7448F93F0AB98B52F0B6716B77B	55F45B63572334CA2A27062A13E8F3C98659996077DA5CBC1E0FC122FC848895
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Portuguese.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	09FC1910A8CE3D070DBF69814CC72B64	25D468836BFB12B049A6642483121CF59CE72CFE	5F7E4148476B1D3F041D960478189DE724CFB1B1B3616E6AE9E02C830C980F3D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Russian.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	E36DC6C5AC8B8E90FB63A5FD35B899CC	A6E73E8EF11F081879AF8CE6CB4A5B8090EF6AA3	C60D8135D80FF8131DF035DB17F55374107676A4C58BB3C296682BB2AB39BFDF
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Spanish.txt	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	7AB7C5982B35E2CF12C710E59E01C846	F53D489881CC9D54992077150640FE36239FCA19	D3BC204E59DD7E4B181C3B8E7AAE88263698D3DA3BA5FE2B066B79CA548B6BF6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	72970382EC4DFF28364351F6DD5E91E9	044F9E0DEDB2CDF03DD30BC725E3C4CCF09E2E06	FE553CBDE7AB3DE6BAC7DF2322E5E0345326F083C51CB873E55F7797D334F659
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	D7153D16AA674ACC829712909A1506DC	BE6FA8F817A8721DE9671FF7A62FB168D2145527	7E823B5DDDE5AD37B40E71A0DDC6E2F03873299BBA8B0CB9186818AD67080CD8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\EC_French.txt	Unicode text, UTF-16, little-endian text, with very long lines (1165), with CRLF line terminators	B267231D7A927E365ABAD1CD110A3A51	43BD5B06CCF29D4547BFEE8B560DC1015056A687	F05FAE12A3A139C675AF4343D8A3E79F88876E74E21B8F9A4F84AB02D205328C
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\EC_German.txt	Unicode text, UTF-16, little-endian text, with very long lines (1154), with CRLF line terminators	C4E2B797D5B0D54EB19D4B884EF8CEE6	48B3E35731CEECF8048BF9B16D89F48838FF8DAB	410ADF0F1FECFE0389DD14584515B0F821AE92AA832BB744DC8BAE4FD1510017
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\EC_Italian.txt	Unicode text, UTF-16, little-endian text, with very long lines (1028), with CRLF line terminators	BB7300A14A0C905E6F5BF9437E01488C	B59DAEC587AF5B5B04F4E153335D1AD2D04A346B	8652E759D1B10E2F724BB8E07459C603DFEF4FFB7C24DE687B7ACAC8DF87A305
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\EC_Portuguese.txt	Unicode text, UTF-16, little-endian text, with very long lines (996), with CRLF line terminators	AE8FFCC659FA2DC5145CDEE5876C4E4B	3376DFBD033A9F88F262A57F5A4351C45A296E67	A64F4C70BFB6F43C6AE9C78D58009B6E275C360DB16012366ECAC7F62FE81C6B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\EC_Russian.txt	Unicode text, UTF-16, little-endian text, with very long lines (1182), with CRLF line terminators	FB6FB9FAAF5063DFE77FB82F777BF0D0	EFDCEBD7815CCDFAFDB45965DD7602A70DD72418	A0A48080A917214255493EA633BDC21A4DD4D17CC663EB14CD35BD2165AAE25C
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\EC_Spanish.txt	Unicode text, UTF-16, little-endian text, with very long lines (1087), with CRLF line terminators	6285481F3C7A005B7A472F2E4E43AA19	B62EB5A6442C97B6591ECB839989A7D84039D038	7F86CD994A32DB23582F725098103B73CA7D4592A7C43E099990FA1B92EFC369
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\JP_Japanese.txt	Unicode text, UTF-16, little-endian text, with very long lines (518), with CRLF line terminators	D4CCCE82B3BC26777BB162736E785102	79F39D0213EE570E5D6694AEE3258D09381FA478	97E575C8A73C8C5879606127B28448079755830B2AA1BF014AFC803E353E145C
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\US_English.txt	Unicode text, UTF-16, little-endian text, with very long lines (993), with CRLF line terminators	24694E5E0DE62755BA07668953CE8D2E	0478F36EBE3A9A3BB239D73709DCF93A8984CE23	030850F44DCAFBC79C225B430D5FDBD321D129D7A63181B35479242EC733EB57
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\US_Korean.txt	Unicode text, UTF-16, little-endian text, with very long lines (516), with CRLF line terminators	0C63F898493D157F3778EDE225445A60	0B17ECD00CC53687BFD3BCA265E8F2A260F3B521	D41C27EA28B34D2AA549904B2F1CB85F4118871E4E5CBEB09E3D75B832B21675
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\EULA\US_SimplifiedChinese.txt	Unicode text, UTF-16, little-endian text, with very long lines (516), with CRLF line terminators	437A2E823505A067502C9417DDECB461	DC72D49E8C1A187321A0DDBB100E3A6BE0B9652D	2AC6B9496C2F8F8D020687287E05F4C9F7AEB7AB7D128DE0BF9DB0EA7D33FF34
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\EC_French.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\EC_German.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\EC_Italian.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\EC_Portuguese.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\EC_Russian.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\EC_Spanish.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\JP_Japanese.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	B7DAAFEACB21ABACBCDD1E7B3DE443BF	510C035EE5DCCBE2CF4CB7D53B90019D86279E64	9E07753D2A0D0E96C54A58EC2D0673B611ED6BD440038D3ADB55A38ED6C23A48
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\US_English.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\US_Korean.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\US_SimplifiedChinese.ini	Unicode text, UTF-16, little-endian text, with CRLF line terminators	CB7382F10AF32893BDC04D14F621EFDA	6F271AA70A6F8DC7E67C0EDC9CB53AADEB8B6814	AE6F4E5700B3F8979D69B9B5511A27927B2B4527F0D9A67B3EED60471A8A0419
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\ANIMIMG\USBANIM.av_	MS Compress archive data, SZDD variant, i is last character of original name, original size: 2396160 bytes	5DC52BA39839E232264D8F4F785FE751	BE5B42B695FDD8E3E00940D8636F9582D27F7621	A03EE56F5D33B7871EE9659EE7D3A58C324CF2EA94C3001CB38480E4409C31F3
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CAB1.CAB	Microsoft Cabinet archive data, many, 486440 bytes, 5 files, at 0x2c +A "CDDI_SDK.dll" +A "CDDITCPIP.ext", number 1, 34 datablocks, 0x1 compression	5345EB273678FD2DD4E8DC2B7C055112	D90A14BE39C70925FE7E37E2FE1C578E40D647CC	B817A8D813A7ED2D0408BB1AC508FED4D065407E1B89CE4FF00776E3A4F6F8F6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CNWIDSCK.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	94E245BF34D4C83766CF328D4EF7E213	91B0528081D1D97858D7E8CED43D0AF79BB3AF57	7DBC955D53140260203B812242B104EDA9E492EB475068AF0BCFEC36436B02BD
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CNWIDSK.INI	Generic INItialization configuration [OLDCONFIG]	C53335E38FEC21A69224FA65D5CDD79E	605E6FE985E4A02FDA182EF79F831B4D4CD0A20C	EA6D482B496617B898CC91A4249636DCFD12017EF7700061F1696B6489B60342
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\XML\SLPDiscoveryGA1.xml	XML 1.0 document, ASCII text, with CRLF line terminators	B89F12CB729B3136A66047849C653F5E	7C11F551FF09F182F425234CB1A07916501C2CAC	C31E281476BEB78AED5239C2C4C531375AE0990EE38AC8682729019A71A1DC84
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\XML\SNMPDiscoveryGA1.xml	exported SGML document, ASCII text, with CRLF line terminators	6F53BB390AE0B248D3CCB9FBD476A8B6	4AE0B61CB0B99BF57AE6F83507ADA76198AE168A	DDF734D03ECC0DE8F91D41C22CF27BC06A13C9E55CFC45CF876AB1D5FDFFA243
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\cnwdsck6.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	6879B31B55636E320F304541B9E3FD58	593B2B2059B137DA0FB5AE39CDF7236EF397645F	B475293E34D84F58F0AAEF575547176D4636958EB31B1195F542982646265792
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\ENVINI.INI	Generic INItialization configuration [Canon iPF770_w32]	536BB649CAF3685E00CD4F7476AC3B68	861EF6F793377C510A7E385D4FB6B3BC4CF27DA4	D021402AFBA2B09826D60FA7496DBE3098A9A94C1824AAD4B2837FC38A7BAD41
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAC.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	823A6A78461CF7668C9085A45F726128	88FACB7F6B141043B4B827099B226D885DCFE578	FC4D3B3459F57C779581F32046A51D530DA81561B8E70E98CFB230DAE6045384
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAF.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	0158E4C3425FAA2B1E81FAA36E21E6DB	03C806C46FF886E9937FB86C6B2DE39BF23FAE87	9BD973A7F60FBD949EBBCD83A9416D55FFEB3C26AA10F5472CDA6D44AD496045
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAG.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	A7963AC2C1FDBB2C0089CBC56D48968C	290AF6804425DB36CB2A84911E04E512A2CBD401	5348B976A994511050EBB50E1B0E96E9F5AB75A9C1953E0426A491E71E83079E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAI.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	2FA3092ABA23850C08229C36F1C9E7EE	37D2F45BACE19DD86280F5121F6D0D8250982611	1B2D73B1C2D1A4909B8479F50F184B97A5FC659C2B1EAA6ECB3DCDBBBABFC5E8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAJ.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	65E53E0B63282B33B8C3D5BAE03954F5	4DBEF40DB2BD1701BB7E641B6309A1A96280D690	C83D17D15D690D826259A95138C4B31EEC1C68F60061882C166EA44CCFEB068B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAO.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	D8DDE4E10950F459E8028B29F795157D	29527C54365B3833AD1063DA5E3F0103EB443AEA	994C3FA0FF03AEE24A034ED136F51F9D1176F19A05DF015DDA2271D363A6BACB
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAP.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	A560059226C6035D867B6D564B5602C2	29BA6730627DA2A5DA6A6BB935E617ACAD0800CE	E607CB01C4107ADB38DD18837626D603199B6A8BC8B0BC020F05F7E6524F8717
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAR.RTF	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	B8A4F24A17897032E8C1621D888A2338	2EA232EB2256ABC6DBF5DC32A7D069EA1071A126	8C9D66AB7B54BAD8F49FF9F0729DDF1351636B3A85DE3774E57FBF9127B4CAE6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAS.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	7E3E11D6FE902B5D1FF210914C4CEBF5	33B3944B16F5042E9A39EED7AC3811BEE53AD392	90409140C39E883039462CF3AE9A4D399FE7ACE16762E274C6D223981485D2DE
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAU.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	3226AE0CE8A64A73AB498D01896C9DED	0A6EB6F5C8629575270F09285E742964879CFBB8	B5586415BA1417AAA6A67F2A5A83D33160EBD8015B6B3E83C53D5FDB069991C6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\INSDRV.INI	Generic INItialization configuration [DriverSetPath]	2185AB41962B0390F0631E2A4B8F0A3B	6325EE4058FD23C0506CEA20AFB30CD8745BD5B2	719B3FB4C20E8F86B3BE8D37A1C4E057847AC974A95413A0965965016E48FE81
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\InsCmn.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	CF41E424AC8D4DF79DBCA9E72DAD0CE6	92C1AB5127589B6BCDCF82B070867515810E709F	3D9A3D5708B938A7AE880A0873B6799E5FCEC21BC73EEADF6C05015CE20C337E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIC.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	9DC607932558BE5C0DD25E242C19C6AF	5AA9C2B3A7AA10E8270927A8600CC0A5968D6FE2	E683FCA0F00017F87303F9D977E30261E0929B862F86D4F3469298BB0FF4C537
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIF.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1B95C1172DA3DA9E8FBFD7420DA17779	4060AC9C6DFC4C6DAF9B53108FD4EC0679FA970E	BF6356B095F247F3471130916BB22388D73EDD3D84F55BF2CB723E88F91533DC
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIG.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	90812D76A5F8B8C31C1207734467ECB6	78E0BF42C9B9D4201FA8A20783B7431DCD54AA3C	7E19B339C512565A225D97BDF17DB51C2DC3451FE68534AEC6E5401E13019850
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUII.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1104C44DD82D9AF0E39873D35EEC6EDC	8FAC7AB95D16460A7DF7E0133AC33CF6F332134C	0EC937955B7A7358B95CB805F4F41A88810AA48C4CB3A3DDD00CA67227894CB8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIJ.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	64F91E7298BB2261D54BD3B80337558B	A3D5B5CA5498AE5AB1942CA8FFE17F08508AA7F8	A576B0BB889D9C70331EB7BCD46DE54CB84D24E6AA069463ECA9BD762EE1B3F8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIO.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	AF55574F4772A5D2603E5FAA6B2E2F07	6EC24041F4B24569CEA0A53E8C303A4BAB1BAE81	6421E483ADC32D95F4B1139CF82D39CD342F51E01AFBF3305BB1FAD26C30DC4B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIP.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	37F7F72B11951DB3E391B3C66093859B	4C2B23195FCC6709DF87391FC35590AC1D3E6DE9	1944780761198E07A1E100FDC7787AEDD92D3E80B5E9D23C29D4DDBB69EBB9F8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIR.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	458B71778D9AC26B4873DD30F7A2AF0F	FAD1D7E430AD1ED07A6BBC0D5D2F9FA0DCE3DD9F	381E4C1D8DB8AE6D3F4D5F6D1D757A839A29098D9EDD9D3B542EDD64825645FD
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIS.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8E0C2043B882DA726AEFA351ADD4FCCD	DBDC6C69E55BBC4CD49368C0EC4B04F70F84DA33	7DFE056465AF2EB7BA35A51013578F4636076555E84A240E76F20B20555B7298
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIU.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	67DFEDBAAD5A159F769A97835154DE55	E9D46F071A3B60F72D20D20BA878E0E0FFA2E567	243C39B86A15541E1FB54C3791CE084EAEEACED8DD3B6817833682D49C9D2C2A
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	PE32 executable (GUI) Intel 80386, for MS Windows	A501BFD940219B5C0F6B28665A607805	48652048EF3313BF74E227D60D9CA38A60ADBC23	A1EB3878BC14441399B943A57109A4E5619D1F3EEEE339A7CD1A5A5E15C3779D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIC.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	88F9BEF61E96EBD493EEEB3EF33D9559	CB21325C110C79A60CC7D7878C04DFE8EE5CA860	D61785C28E05E035A6B9B97AFBFC32F063A5587FD5EF3AC59520C5B842904CFC
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIF.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C3FEF4715B08EF7D3F287A13304CAFD2	23E2AEC45C30634A2B9BFC9B8A665F4A4090FD9E	AB8460EAC740239FD7F8991C369A5FA5F127808D0C0FC4046223A3BD1BAB9FA8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIG.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	641AC23DA78F9DCA75D5F2539F1DA4A2	53D4BC233E44B38344754B36826B1F77FBFB6039	4A48C7F331C911929A1E5821B80E2F5C422F9D7E2B52F8DA85F97191F88D12A9
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUII.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7DE973902B808D347931CEC17D7D7AF8	76D112B521048DF4742BA431C066B72BC3329721	4D3B3C54FBBCD63576CD4572869B8F0DF6F52965A2DEA39C807701CB7B54F724
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIJ.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	73D35515C02CC3614251C29FF13886D2	80625FF5C9847E643B4F5C749BC2BD270377AEE7	1DA809E85322070780BDB8C2EB064107F44ED585D756C3F227C4C5DF3B28649D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIO.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	F75451FC66BAA86696B144F9754704A9	07E2EFB7EBB3009D22664602861119FA9E395B3C	44A0AF41DF6009DAD809053861A465CA84208EDAA515E6E8BECAE81424189747
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIP.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	E0F4D906C83EC0EF1BDCAD0A75C3C05F	04F8512ED6B32A2DD87A7E505B8598AB19D65AD7	1CF80B3AD2879122D9137B5469BC8A94255966B9125FEE0453A9BA17964D2EAA
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIR.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	90CC214B579ABC6A5C04A9A3A9812C53	C0BB8F310549094DAED2CCA1290EBAF51C06EAF9	5677D351CD23B3563F52BF0BD98DCAC219E62C161011543B99D955681EF0F8E4
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIS.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	24FC24FA7EB0EF396CE5A4E7B5D2E36F	26997347B9B38F70113C9041C0D058CDE3AD6C48	9334A71A66514F097D6DB3DF8734B691C7CCAA26843F9BB2861A91DF857E5E6C
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIU.dll	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	15C8BE2E50ABB6204F47635B125E40AA	FA7A0DBE5E94F0B068E6CE20E0BAD4DE2AA14559	B9E234FDB7A3F7E99C30F3894A1649995E2ADDF634819143DA5FF2329E2995D5
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\Uninst.ini	Generic INItialization configuration [Profiles]	58BBB1B3C74C27718C8B952B78C5F61D	2EB531B06A33A869986F31545700BE09342C7263	F4A6BCC396A8B199D90C49E12B3F41C1B0C78A7474E71DADF06DAF8D908BF1A7
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\CHECKSUM	ASCII text, with CRLF line terminators	EC3E7307716B633F79F4BF7F2DC58A71	91CFCDFEB82553B91DC0BD1B6284ACD91D742007	288A05A6D6E7EFD6E27A9D8961E03D419CB4D976163074677177922A90A83C1E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\100\cnwgdi10.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	7E237632336BD8CBB2B6F28C22658BBC	B25E960F819AE31AC008CC646F227B1DE7DC6D83	C7CD70A4101312710B6A3C097B6A0761FDE4D4CA2CF5EEA2B9A7CE74B9B412BA
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\101\cnwgdi10.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	B069A3FC20E053AF58D935C10D0262B7	697BA3A329CFC39CC87514EF485203976B56AE72	55E193D841F3D95D316D5C975882230A106748894DBE47F2DE504152D5927852
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\102\cnwgdi10.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	CFB32A2CDA097E47BE3A45DD933417D3	A101B70276D06EB6CF37D92ADB1170FC10092A06	4332E979FB146AD9D76A7A6E6BBB86ECE953FA33CF1224016D8F10CEF92C96D6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\110\cnwgdi11.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	19A79555EA6FCE9B1AD14A7D20D6C136	4BF26A8E3B596B0484D9513A048247055EDC787A	927CABE023DC1B25938C439C6A390D2D7E8623E11DC26037AE4728D523CC5566
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\111\cnwgdi11.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	C6BB95CCD1AC18CA234EDDFE58CFCDBE	0CDD7BF8491E2793F8011757D2D55B6FEB6EA49E	D1139000D6616D463C435CD9D95C3C620AB5A2B6843FE80542BFFC82A6F8C346
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\120\cnwgdi12.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	1E80BD6B350F4828AF2D724B6C15E4FC	D052561AE74EC777E0C7808506463ABCD7664481	1A662287D9024E3355904EB13D8A9D55DF058277D5194C66705E7100F79D4DD3
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\91\cnwgdi9.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	023DE967A3F46EE75924AC3EF5A85929	0618B1E398F5BB5337F1F795D13F25AEE5F52A8D	3DEA9EF4B6CC3F194C528CAF9D47243BF4ECEFF586DDDA03C91CCDC006F750FC
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\92\cnwgdi9.hdi	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows	8819FE7A69364D721CF5BCF915FA2E25	91112D843318CEB71A0823B360BE0BE4279FA985	F52529F9912742A7624B993DDC2E47EB055730C86E0F2B73B40398CEBEC4A106
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_C.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	823A6A78461CF7668C9085A45F726128	88FACB7F6B141043B4B827099B226D885DCFE578	FC4D3B3459F57C779581F32046A51D530DA81561B8E70E98CFB230DAE6045384
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_E.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	3226AE0CE8A64A73AB498D01896C9DED	0A6EB6F5C8629575270F09285E742964879CFBB8	B5586415BA1417AAA6A67F2A5A83D33160EBD8015B6B3E83C53D5FDB069991C6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_F.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	0158E4C3425FAA2B1E81FAA36E21E6DB	03C806C46FF886E9937FB86C6B2DE39BF23FAE87	9BD973A7F60FBD949EBBCD83A9416D55FFEB3C26AA10F5472CDA6D44AD496045
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_G.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	A7963AC2C1FDBB2C0089CBC56D48968C	290AF6804425DB36CB2A84911E04E512A2CBD401	5348B976A994511050EBB50E1B0E96E9F5AB75A9C1953E0426A491E71E83079E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_I.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	2FA3092ABA23850C08229C36F1C9E7EE	37D2F45BACE19DD86280F5121F6D0D8250982611	1B2D73B1C2D1A4909B8479F50F184B97A5FC659C2B1EAA6ECB3DCDBBBABFC5E8
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_J.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	65E53E0B63282B33B8C3D5BAE03954F5	4DBEF40DB2BD1701BB7E641B6309A1A96280D690	C83D17D15D690D826259A95138C4B31EEC1C68F60061882C166EA44CCFEB068B
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_K.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	D8DDE4E10950F459E8028B29F795157D	29527C54365B3833AD1063DA5E3F0103EB443AEA	994C3FA0FF03AEE24A034ED136F51F9D1176F19A05DF015DDA2271D363A6BACB
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_P.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	A560059226C6035D867B6D564B5602C2	29BA6730627DA2A5DA6A6BB935E617ACAD0800CE	E607CB01C4107ADB38DD18837626D603199B6A8BC8B0BC020F05F7E6524F8717
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_R.RTF	Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033	B8A4F24A17897032E8C1621D888A2338	2EA232EB2256ABC6DBF5DC32A7D069EA1071A126	8C9D66AB7B54BAD8F49FF9F0729DDF1351636B3A85DE3774E57FBF9127B4CAE6
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_S.RTF	Rich Text Format data, version 1, ANSI, code page 932, default language ID 1033	7E3E11D6FE902B5D1FF210914C4CEBF5	33B3944B16F5042E9A39EED7AC3811BEE53AD392	90409140C39E883039462CF3AE9A4D399FE7ACE16762E274C6D223981485D2DE
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Chinese_Simplified.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	8E7FD88E0EAFE471855FF5B21EF7AA3D	6740208A5C341BD72831742B8E4D1783AB03E23B	160DDB47E3710FCFB90D6A3610D5060DBFDAEB3AFED8489AAC9BAE51CA2BCC7D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_English.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	C130104B083B1013B837413D0C75F34E	786F15C5BD78304DFB940C2DE321AD625CF5EED4	F0A0E2D9A714D88AEEC2089376B73E530845429EA0C6BA9937AF6D060E1FE1A4
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_French.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	9622C6E24FC176F4B3C46654703967EF	32B16ACEE8DF0035E0403E6D3CACEA1D409E03BA	4B7F45F9823B9D6AFA7C6283040A338A458D94900A14C0D45988FFDB7AB0CCA2
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_German.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	3C216AAE84CEBC97CE7B640A0771F5A5	59887DD4D1B20FCE99A7B97E5BBB38216229B3EA	A5023E672DDFC0E820739DBB4F2C60DA62872DEA56FFED1354DC5C0AFF20E223
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Italian.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	F6746F861250E1906852193712052AB9	BEEE10F16D3BD5007318F36E5A23C2AE96BB4642	719CB2AD0CA1C69473523FC1958196E6168C7ED4228B6DF39E28990E06C89F66
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Japanese.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	046220D1869A2041535B5D86A42B05A2	DE01E00E5DF8ABF85A88A1073424094F49A25288	3D6D4C27139EB9C3B3DB544DF56A7F95126F76AFD91D7836A7CEF97389C7AFEE
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Korean.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	320DDB44BE1FDB827130678F98D7AE04	48BB0C37939D5536F7E05C406C3136FF2C26E52C	E7F765083882D30DC6680E614AEBC2A833FB1D8C649EED18310C03FBC77A1B31
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Portuguese.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	503216C25A4054B772F348DCEF185AC3	4D303E9967D502C4993F830123857D48F6A32824	D96F002E541EA03D10BD99BFC995BFECDD17DBFD4097D1C9DC0C64DFF55E245E
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Russian.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	C66D6112AD7B70C6A49A101968342D54	27A40EAAE72EEAF8AD888D045A67E6441080F12B	BC52C0CF510111B5A0402426EFAFCBE4716E805231CF9047D27A2914EC23BE9D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Spanish.txt	Unicode text, UTF-16, little-endian text, with CRLF line terminators	D6DD1E6680FFB326F64B8DD7814D9521	54CE2C7C0D4092F802FF2CA73EA71F5B1D864DEF	C03B9ADA3DC7D8D2F10F28AD6578AE00BD5688D375C679C3E15DF0DA5AA11FDD
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	6EED6F77971B74A821408307CFB42890	B9A4A7F04EB791DFD49F7D891FFFD338A41A5937	8107DE9D9F773CBE73C5D3094B3F3D9E12D52E3BFBB6A2C4086FF33C42EA609D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	PE32 executable (GUI) Intel 80386, for MS Windows	2FA439CD5D0B678AABB712C37C4B90F2	797884F52790388D34522E94FCB3BAF8FB3CB7A5	7CDA1E047B762BEC048D2A6345E23D48BE1791C54AFF7A8B83AA8F93B1AB48D3
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	PE32 executable (GUI) Intel 80386, for MS Windows	015C347A361F9EE29D75E9E07F883995	7BFFD11D408858CEA75B11DF5DF3D14C34B0196C	36A9C817069015F156C7076AABAF30859FAE26BEC63A6F0E29C17B157B7C8A46
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.ini	Generic INItialization configuration [SupportLanguage]	58A15B30E0509219065A8D719EDD136E	909D3CEE75A1F5F3A7AA790A8B2128C49F9BED98	75A06A3ED5645CD907A240E2B0C622F6935DF1400B6DED89E1E83620E359B735
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	PE32 executable (GUI) Intel 80386, for MS Windows	A51AD89CEB7A52E4DC25164D7684CBFF	2E7086BD550EEB7A5AB3CC44E0DE7234E7C00EC3	B94C725111E4A0C3C563A379D44494A4DCCEE99B1DCB750C6DF76E657676B93D
C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.ini	Generic INItialization configuration [SupportOS]	0A46D986648942B57019570DC8C587A4	FA040DB364CBE5D95A36929C997C7804F03ABA52	ADE3983A50E30C78F5FF73418A0C0CA843551017AD80918153644D253D69B8C2

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	EXE: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to behavior

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAC.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAF.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAG.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAI.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAJ.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAO.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAP.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAR.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAS.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAU.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_C.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_E.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_F.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_G.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_I.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_J.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_K.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_P.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_R.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_S.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Spanish.txt	Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: certificate valid

Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb source: Setup.exe1.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallressp\release_32bit\UninsUIS.pdb source: UninsUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdb source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\Uninstaller\UninstExec\Release_32bit\UNINSTALLER.pdb source: UNINSTAL.exe.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_32bit\UninsUIR.pdb source: UninsUIR.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdb source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresus\release_32bit\UninsUIU.pdb source: UninsUIU.dll.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_32bit\SetupUIS.pdb source: SetupUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_32bit\UninsUII.pdb source: UninsUII.dll.1.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_32bit\SetupUIJ.pdb source: SetupUIJ.dll.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_32bit\SetupUIC.pdb source: SetupUIC.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdbP source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb85bd source: Setup.exe1.1.dr
Source:	Binary string: E:\DrvSrc\savesetting\FileSucceedPlus\Release\cnwiicef.pdb source: cnwiicef.exe.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\workspace_perforce\drv\win\DriverInstaller\V4.80_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResPT\Release_32bit\SetupResPT.pdb source: SetupUIP.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA\| source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdbT source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\OptimizedDriver\V1.13\_Installer\bin\win32\release\Setup.pdb source: Setup.exe0.1.dr

Spreading

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\	Jump to behavior

Networking

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp, Setup.exe0.1.dr, Setup.exe1.1.dr, UNINSTAL.exe.1.dr, cnwiicef.exe.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 2WW77JM.INF.1.dr	String found in binary or memory: http://www.canon.com/
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	String found in binary or memory: http://www.winzip.com

E-Banking Fraud

Drops certificate files (DER)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\2WW77JM.cat

Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Writes many files with high entropy

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data1.cab entropy: 7.99898791615	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data2.cab entropy: 7.9984126627	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_satinphotopaper170gsm.ic_ entropy: 7.99661565766	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg170.ic_ entropy: 7.99730308238	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_semi-glossyphotopaperhg255.ic_ entropy: 7.99628257576	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw407.dl_ entropy: 7.99922915959	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw409.dl_ entropy: 7.9992325901	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw40a.dl_ entropy: 7.99920077777	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw40c.dl_ entropy: 7.99922424229	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw410.dl_ entropy: 7.9993062281	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw411.dl_ entropy: 7.99909118806	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw412.dl_ entropy: 7.9992514384	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\aussdrv.dl_ entropy: 7.99579648386	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaper170gsm.ic_ entropy: 7.99696080557	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaperhg170.ic_ entropy: 7.99750379964	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_glossyphotopaperhg255.ic_ entropy: 7.99631361308	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_photopaperplussemi-gloss.ic_ entropy: 7.99655226464	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_premiumglossypaper2-280.ic_ entropy: 7.99675445331	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cn_ipf770_series_premiumsemiglossypaper2-280.ic_ entropy: 7.99654459165	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw416.dl_ entropy: 7.99914969582	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw419.dl_ entropy: 7.99936386754	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnw804.dl_ entropy: 7.99924980407	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ac.ch_ entropy: 7.99905966223	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15af.ch_ entropy: 7.99898735292	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ag.ch_ entropy: 7.99892123794	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ai.ch_ entropy: 7.99880867066	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15aj.ch_ entropy: 7.99896393661	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ao.ch_ entropy: 7.99859875631	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ap.ch_ entropy: 7.99888599007	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15ar.ch_ entropy: 7.99893916265	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15as.ch_ entropy: 7.99880078106	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwa15au.ch_ entropy: 7.99888576809	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfcgco.dl_ entropy: 7.99894945879	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfdpkj.dl_ entropy: 7.99292243382	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwfdpkk.dl_ entropy: 7.99292021064	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwiosif.dl_ entropy: 7.9929455418	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwiwebi.dl_ entropy: 7.99401734475	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwm.dl_ entropy: 7.99949090904	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CAB1.CAB entropy: 7.99762462343	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwmui.dl_ entropy: 7.99890767576	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwp0rsw.dl_ entropy: 7.99860580628	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwp0rsx.dl_ entropy: 7.99725814889	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvprev.ex_ entropy: 7.99872123548	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr407.dl_ entropy: 7.99412143724	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr409.dl_ entropy: 7.99299784995	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr40a.dl_ entropy: 7.99381711537	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr40c.dl_ entropy: 7.99407923623	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr410.dl_ entropy: 7.99362085734	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr411.dl_ entropy: 7.99341760079	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr412.dl_ entropy: 7.99382397339	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr416.dl_ entropy: 7.99485451015	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr419.dl_ entropy: 7.99333128735	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnwvr804.dl_ entropy: 7.9939176795	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cnww77jm.ci_ entropy: 7.99738783352	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10dw1.ex_ entropy: 7.99882424278	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10ew1.dl_ entropy: 7.99899187399	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10qw1.ex_ entropy: 7.99922297001	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10sw1.dl_ entropy: 7.99612105952	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc10vw1.ex_ entropy: 7.99874352262	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1csw1.ch_ entropy: 7.99113453055	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1csw1.dl_ entropy: 7.99392929791	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1dew1.dl_ entropy: 7.99388734601	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1esw1.dl_ entropy: 7.99318493668	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1frw1.dl_ entropy: 7.99418596704	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1itw1.dl_ entropy: 7.99363122128	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1jpw1.ch_ entropy: 7.99083568923	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1jpw1.dl_ entropy: 7.99391148715	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1krw1.dl_ entropy: 7.9924551554	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1ruw1.ch_ entropy: 7.99000288079	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1ruw1.dl_ entropy: 7.9932407923	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\cpc1usw1.dl_ entropy: 7.99346552348	Jump to dropped file

System Summary

PE file contains executable resources (Code or Archives)

Source: SetupUIG.dll.1.dr

Static PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped

PE file does not import any functions

Source: MUI.dll.1.dr

Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421556789.0000000003084000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1419467757.0000000004A2A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe
Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe, 00000001.00000003.1421603538.0000000003084000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSetup.exe\ vs SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Uses 32bit PE files

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: sus25.rans.winEXE@1/223@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491

Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

File written: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\UninstFiles.ini

Jump to behavior

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: certificate valid

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static file information: File size 45428392 > 1048576

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: Raw size of _winzip_ is bigger than: 0x100000 < 0x2b2e000

Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb source: Setup.exe1.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallressp\release_32bit\UninsUIS.pdb source: UninsUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdb source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\Uninstaller\UninstExec\Release_32bit\UNINSTALLER.pdb source: UNINSTAL.exe.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresru\release_32bit\UninsUIR.pdb source: UninsUIR.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdb source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdb source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresus\release_32bit\UninsUIU.pdb source: UninsUIU.dll.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\setupexe\setupressp\release_32bit\SetupUIS.pdb source: SetupUIS.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2008\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA source: cnwgdi9.hdi.1.dr
Source:	Binary string: c:\documents and settings\canon\desktop\workspace_perforce\drv\win\driverinstaller\v4.80_[10_0603]base510_garo460\instwork\uninstaller\uninstallresit\release_32bit\UninsUII.pdb source: UninsUII.dll.1.dr
Source:	Binary string: \canon_a_2006_p14137\uenishi_a-2006-p14137\drv\win\driverinstaller\v4.70_[10_0603]base510_garo460\instwork\setupexe\setupresjp\release_32bit\SetupUIJ.pdb source: SetupUIJ.dll.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\canon_a-2006-p14137\drv\win\DriverInstaller\V4.70_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResCS\Release_32bit\SetupUIC.pdb source: SetupUIC.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2014\x86\Heidi\bin\i386\Release\cnwgdi11.pdbP source: cnwgdi11.hdi0.1.dr
Source:	Binary string: c:\source\drv\win\DriverInstaller\V4.91_[14_0528]BASE510_GARO490\InstWork\SetupExe\InstExec\Exec_Base\Release_32bit\Setup.pdb85bd source: Setup.exe1.1.dr
Source:	Binary string: E:\DrvSrc\savesetting\FileSucceedPlus\Release\cnwiicef.pdb source: cnwiicef.exe.1.dr
Source:	Binary string: c:\Documents and Settings\canon\Desktop\workspace_perforce\drv\win\DriverInstaller\V4.80_[10_0603]BASE510_GARO460\InstWork\SetupExe\SetupResPT\Release_32bit\SetupResPT.pdb source: SetupUIP.dll.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2009\x86\Heidi\bin\i386\Release\cnwgdi9.pdbA\| source: cnwgdi9.hdi0.1.dr
Source:	Binary string: C:\Users\canon\drv\win\OptimizedDriver\V1.12\DDK\2012\x86\Heidi\bin\i386\Release\cnwgdi10.pdbT source: cnwgdi10.hdi1.1.dr
Source:	Binary string: c:\source\drv\win\OptimizedDriver\V1.13\_Installer\bin\win32\release\Setup.pdb source: Setup.exe0.1.dr

Data Obfuscation

PE file contains sections with non-standard names

Source: SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Static PE information: section name: _winzip_

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\cnwdsck6.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CNWIDSCK.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\instpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\InsCmn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\MUI.dll	Jump to dropped file

Drops files with a non-matching file extension (content does not match file extension)

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\License_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Driver\ReadMe_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Readme_Spanish.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAC.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAF.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAG.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAI.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAJ.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAO.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAP.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAR.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAS.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\EULAU.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_C.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_E.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_F.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_G.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_I.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_J.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_K.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_P.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_R.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Eula\EULA_S.RTF	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Chinese_Simplified.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_English.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_French.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_German.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Italian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Japanese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Korean.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Portuguese.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Russian.txt	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File created: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Readme\Readme_Spanish.txt	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\cnwdsck6.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIO.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\91\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\92\cnwgdi9.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\DDI\CNWIDSCK.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\111\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\instpack.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIU.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\120\cnwgdi12.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\InsCmn.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIC.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UNINSTAL.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\cnwgdicp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiicef.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\Data\cnwiidci.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUII.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\110\cnwgdi11.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIP.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\100\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\101\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Uninstal.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIS.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIR.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIF.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Drv\102\cnwgdi10.hdi	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\SetupUIG.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\OptDrv\Setup.exe	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\MISC\UninsUIJ.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	Dropped PE file which has not been started: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\MUI.dll	Jump to dropped file

Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\Extra\res\STRING\	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe	File opened: C:\Users\user\Desktop\iPF770Series-Drv-Win-491\32bit\	Jump to behavior

ID:	1430331
Product:	CloudBasic
Start time:	14:39:19
Start date:	23.04.2024
Sample:	SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	4f5f177604def1f099b2c6612cc919f2
SHA1:	c96214d34e9e50703518e7ec501ca3921874349f
SHA256:	49924087e1c13a0bdca2836c7ae899a6d51f0f3c7312f7c6da24b5b9838369a2
Filetype:	Win32 Executable (generic) a (10002005/4) 99.30%

Windows Analysis Report SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

Privilege Escalation

Compliance

Spreading

Networking

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.BScope.Trojan.Midie.4996.30257.exe