1475ea946e8375be835bc2869642bf8527de62b4528edfcfae8d2a4b53381c34

Analysis

max time kernel
142s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22-07-2024 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WacomTablet_6.4.6-2.exe
Size

144.3MB
MD5

2119fcbd254ff84f9070f1ebdb9fa28e
SHA1

06aaaa7bd2ead2a51c1f0ca2cf6fd54659b9880a
SHA256

1475ea946e8375be835bc2869642bf8527de62b4528edfcfae8d2a4b53381c34
SHA512

59ebc97aa1d52a480ed4bac7670c58e04c40ab2297cb2c0d8b6bcdc20e57f275582b5fac7358f6afae6680553d2f3a8e0c5b2c3a8af740787a3293ac148434fe
SSDEEP

3145728:CtwwRS597l3kcuBN7JsJ1/VAsvAVz0Rs2CCMpl:OzRK9hUcSE/RAVz0R2CML

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2aaf1df0-eb13-4099-9992-962bb4e596d1} = "\"C:\\ProgramData\\Package Cache\\{2aaf1df0-eb13-4099-9992-962bb4e596d1}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Downloads MZ/PE file

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\desktop.ini	setup.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	VC_redist.x64.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{6a23a04f-4b5d-d846-9421-37bfa7b2baba}\amd64\SETE997.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{6a23a04f-4b5d-d846-9421-37bfa7b2baba}\SETE999.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a23a04f-4b5d-d846-9421-37bfa7b2baba}\amd64\SETE996.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{55f10d47-a2d8-4642-91aa-3d45d1f713dd}\SETE39B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a23a04f-4b5d-d846-9421-37bfa7b2baba}\ftdiport.inf	DrvInst.exe
File created	C:\Windows\SysWOW64\Wacom_Tablet.dll	setup.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e775aadc-7773-7243-8124-fc5bb1249243}\wachidrouter.sys	DrvInst.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_49b3e24305b20ada\amd64\ftdibus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8049092-6e6e-0d48-8bfd-305c61625290}\SETEB5E.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8049092-6e6e-0d48-8bfd-305c61625290}\SETEB5E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8049092-6e6e-0d48-8bfd-305c61625290}\slabvcp.inf	DrvInst.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\SysWOW64\WacomMT.dll	setup.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\amd64\ftdibus.sys	DrvInst.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8049092-6e6e-0d48-8bfd-305c61625290}\x64\SETEB4A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8049092-6e6e-0d48-8bfd-305c61625290}\x64	DrvInst.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\SETE7B5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\i386\SETE7C6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eefa9bf-276e-a04a-a657-98c4f27c0505}\wacpaper.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\amd64\SETE7A2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{01e3b9f7-c446-164e-9814-c77190580975}\wacomrouterfilter.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wacom_wusd.inf_amd64_f27427ac20ac5130\wacom_wusd.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ddf2145a-589f-ea4b-b2cf-cca81305bc27}\WdfCoInstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\amd64\SETE7A2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_49b3e24305b20ada\i386\ftd2xx.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{01e3b9f7-c446-164e-9814-c77190580975}\SETE1F4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{55f10d47-a2d8-4642-91aa-3d45d1f713dd}\wacom_wusd.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e775aadc-7773-7243-8124-fc5bb1249243}\SETDBBA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e775aadc-7773-7243-8124-fc5bb1249243}\wachidrouter_pro.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a23a04f-4b5d-d846-9421-37bfa7b2baba}\amd64\ftser2k.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{55f10d47-a2d8-4642-91aa-3d45d1f713dd}\SETE39B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\SETE7B5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wacomrouterfilter.inf_amd64_e3c1aadc6a2fdd94\wacomrouterfilter.cat	DrvInst.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wacom_wusd.inf_amd64_f27427ac20ac5130\wacom_wusd.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{55f10d47-a2d8-4642-91aa-3d45d1f713dd}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wacmultitouch.inf_amd64_9be0776015d5c37e\wacmultitouch.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\amd64\SETE7B3.tmp	DrvInst.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll	setup.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e775aadc-7773-7243-8124-fc5bb1249243}\SETDBBC.tmp	DrvInst.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ddf2145a-589f-ea4b-b2cf-cca81305bc27}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7eae4147-6f65-9e45-9960-65a4e677324c}\SETE7B4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{01e3b9f7-c446-164e-9814-c77190580975}\wdfcoinstaller01011.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6eefa9bf-276e-a04a-a657-98c4f27c0505}	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6a23a04f-4b5d-d846-9421-37bfa7b2baba}\amd64\ftcserco.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_90039b7dbf236588\amd64\ftser2k.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\slabvcp.inf_amd64_ab8310f5de07b344\x64\WdfCoinstaller01009.dll	DrvInst.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{e775aadc-7773-7243-8124-fc5bb1249243}\SETDBBB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{ddf2145a-589f-ea4b-b2cf-cca81305bc27}\SETE4D5.tmp	DrvInst.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 10 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ASBIcons\LightMode\01clicks13-pressureHold.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Trust Protection Lists\Sigma\Social	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\DarkMode\DTDisabled_Opaque.gif	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TouchIcons\LightMode\3fTap.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DevMainPageIcons\LightMode\MomijiTabletOrientation-3_Selected.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TransducerIcons\DTK-1651-pen.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Locales\en-GB.pak	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Microsoft.CSharp.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ASBIcons\LightMode\02keys12-delete.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\identity_proxy\win10\identity_helper.Sparse.Internal.msix	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\msedge_wer.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\System.Net.Security.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ASBIcons\DarkMode\01clicks02-leftClick.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ASBIcons\DarkMode\02keys26-six.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\StratoIcons\DarkMode\moreinfo_devicesettings.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Trust Protection Lists\Sigma\Staging	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Locales\nn.pak	setup.exe
File created	C:\Program Files\Tablet\Wacom\UserHelp\ja_offline.htm	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\CommonIcons\DarkMode\SoMe-Kaixin.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\FTEIcons\LightMode\FTEPenHoverVideo_Titan.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DevMainPageIcons\LightMode\battery-charging.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\DarkMode\DTCycle_LeftSkip.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TransducerIcons\Titan-pen.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU4FE0.tmp\msedgeupdateres_ml.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\identity_proxy\win11\identity_helper.Sparse.Dev.msix	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\api-ms-win-core-console-l1-2-0.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\System.Formats.Asn1.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DeviceSidebarIcons\DarkMode\sidebar-touchRing.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\identity_proxy\canary.identity_helper.exe.manifest	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\identity_proxy\win10\identity_helper.Sparse.Stable.msix	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\FTEIcons\FTEExpressKeys_Mars.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TabletIcons\sidebar-DTK1651.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Locales\ca.pak	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Microsoft.Internal.FrameworkUdk.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\System.Threading.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\DarkMode\DTCycle_LeftNone.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\OSSIcons\DarkMode\oss-keypad_highlighted.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\fi-FI\Microsoft.UI.Xaml.Phone.dll.mui	setup.exe
File opened for modification	C:\Program Files\Tablet\Wacom\WacomCenter\sk-SK	setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU4FE0.tmp\psmachine_arm64.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU4FE0.tmp\msedgeupdateres_et.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\System.ComponentModel.Annotations.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\LockScreenLogo.scale-200.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ASBIcons\LightMode\04creative17-artboard.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\Trust Protection Lists\Mu\Social	setup.exe
File opened for modification	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\MappingIcons	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TabletIcons\sidebar-DTU1031AX.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TouchIcons\DarkMode\5fSwipeDown.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Locales\pt-PT.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\VisualElements\Logo.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\UserHelp\ko_offline.htm	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\System.Windows.dll	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\FTEIcons\FTEPenButtons_Redwood.png	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\cookie_exporter.exe	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\CommonIcons\LightMode\SoMe-Weibo.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\StratoIcons\DarkMode\strato_virtualpage_nosettings.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TouchIcons\DarkMode\Disabled.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Locales\gd.pak	setup.exe
File created	C:\Program Files\Tablet\wacomrouterfilter.sys	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TabletIcons\sidebar-MomijiS.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TransducerIcons\Pro-pen-slim.png	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\VisualElements\SmallLogoCanary.png	setup.exe
File created	C:\Program Files\Tablet\Wacom\32\Remove.exe	setup.exe
File created	C:\Program Files\Tablet\Wacom\WacomCenter\mscorrc.dll	setup.exe

Drops file in Windows directory 49 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File opened for modification	C:\Windows\inf\oem7.inf	DrvInst.exe
File created	C:\Windows\inf\oem7.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File opened for modification	C:\Windows\inf\oem9.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File created	C:\Windows\Installer\SourceHash{A977984B-9244-49E3-BD24-43F0A8009667}	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e58400a.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File opened for modification	C:\Windows\Installer\MSI49B9.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem6.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI4737.tmp	msiexec.exe
File opened for modification	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\Installer\SourceHash{A181A302-3F6D-4BAD-97A8-A426A6499D78}	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File created	C:\Windows\inf\oem10.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\inf\oem10.inf	DrvInst.exe
File created	C:\Windows\Installer\e583fe2.msi	msiexec.exe
File created	C:\Windows\Installer\e583ff4.msi	msiexec.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\e583ff5.msi	msiexec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI4477.tmp	msiexec.exe
File created	C:\Windows\inf\oem6.inf	DrvInst.exe
File created	C:\Windows\inf\oem8.inf	DrvInst.exe
File created	C:\Windows\inf\oem9.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File opened for modification	C:\Windows\Installer\e583ff5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e583fe2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4205.tmp	msiexec.exe
File created	C:\Windows\inf\oem5.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DevInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem8.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Executes dropped EXE 36 IoCs

pid	Process
4688	setup.exe
1392	WTabletServicePro.exe
4648	DevInst.exe
4880	DevInst.exe
3624	DevInst.exe
2400	DevInst.exe
4460	DevInst.exe
5044	DevInst.exe
4684	DevInst.exe
4176	DevInst.exe
208	DevInst.exe
2328	DevInst.exe
3720	DevInst.exe
5064	DevInst.exe
3660	DevInst.exe
3336	DevInst.exe
3240	DevInst.exe
1116	DevInst.exe
3484	VC_redist.x64.exe
1212	VC_redist.x64.exe
2232	VC_redist.x64.exe
4932	MicrosoftEdgeWebview2Setup.exe
4308	MicrosoftEdgeUpdate.exe
4948	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
3416	MicrosoftEdgeUpdateComRegisterShell64.exe
2820	MicrosoftEdgeUpdateComRegisterShell64.exe
4448	MicrosoftEdgeUpdateComRegisterShell64.exe
2524	MicrosoftEdgeUpdate.exe
2668	MicrosoftEdgeUpdate.exe
2320	MicrosoftEdgeUpdate.exe
3976	MicrosoftEdgeUpdate.exe
3416	MicrosoftEdge_X64_126.0.2592.113.exe
4448	setup.exe
4032	setup.exe
3884	MicrosoftEdgeUpdate.exe

Loads dropped DLL 36 IoCs

pid	Process
4688	setup.exe
1392	WTabletServicePro.exe
4648	DevInst.exe
4880	DevInst.exe
3624	DevInst.exe
2400	DevInst.exe
4460	DevInst.exe
5044	DevInst.exe
4684	DevInst.exe
4176	DevInst.exe
208	DevInst.exe
2328	DevInst.exe
3720	DevInst.exe
5064	DevInst.exe
3660	DevInst.exe
3336	DevInst.exe
3240	DevInst.exe
1116	DevInst.exe
1212	VC_redist.x64.exe
4368	VC_redist.x64.exe
4308	MicrosoftEdgeUpdate.exe
4948	MicrosoftEdgeUpdate.exe
1980	MicrosoftEdgeUpdate.exe
3416	MicrosoftEdgeUpdateComRegisterShell64.exe
1980	MicrosoftEdgeUpdate.exe
2820	MicrosoftEdgeUpdateComRegisterShell64.exe
1980	MicrosoftEdgeUpdate.exe
4448	MicrosoftEdgeUpdateComRegisterShell64.exe
1980	MicrosoftEdgeUpdate.exe
2524	MicrosoftEdgeUpdate.exe
2668	MicrosoftEdgeUpdate.exe
2320	MicrosoftEdgeUpdate.exe
2320	MicrosoftEdgeUpdate.exe
2668	MicrosoftEdgeUpdate.exe
3976	MicrosoftEdgeUpdate.exe
3884	MicrosoftEdgeUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DevInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DevInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DevInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DevInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DevInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DevInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DevInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DevInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\Wacom\Eraser\VsTextEditPane = "3"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@%SystemRoot%\system32\dnsapi.dll,-103 = "Domain Name System (DNS) Server Trust"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Wacom\Parameters\WacomDocLocation = "C:\\Program Files\\Tablet\\Wacom"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\Wacom\Eraser\WPDocClient = "6"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wacom.ExpertSettings.1\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00F9\Shell\Item2	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\ = "IProcessLauncher2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0378\Shell\Item2\Command\ = "C:\\Program Files\\Tablet\\Wacom\\32\\PrefUtil.exe"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0379\Shell\Item2\Command	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_033C\Shell\Item1\MUIVerb = "@C:\\Program Files\\Tablet\\Wacom\\WacomI18N.dll,-202"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_003F	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0374\Shell\Item1	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00B1\Shell\Item2\Command\ = "C:\\Program Files\\Tablet\\Wacom\\32\\PrefUtil.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00B7\Shell\Item1\Icon = "C:\\Program Files\\Tablet\\Wacom\\Professional_CPL.exe,-101"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\ = "IGoogleUpdateCore"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{177CAE89-4AD6-42F4-A458-00EC3389E3FE}\ = "ICurrentState"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods\ = "4"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0317\Shell\Item1\DefaultAppliesTo	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00B4\Shell\Item2\Command	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\MONITOR#WAC1048\Shell\Item1\Command\ = "control.exe /name Wacom.WacomTablet"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0302\Shell\Item2\MUIVerb = "@C:\\Program Files\\Tablet\\Wacom\\WacomI18N.dll,-210"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00F6\Shell\Item1\DefaultAppliesTo	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E0F701A5-FD1D-4C2C-B605-66740F93ABC4}\InprocHandler32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00B1\Shell\Item2\Icon = "C:\\Program Files\\Tablet\\Wacom\\32\\PrefUtil.exe,-110"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_032A\Shell\Item2\MUIVerb = "@C:\\Program Files\\Tablet\\Wacom\\WacomI18N.dll,-210"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\CLSID\ = "{77857D02-7A25-4B67-9266-3E122A8F39E4}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0376\Shell\Item1\Command\ = "control.exe /name Wacom.WacomTablet"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00C0\Shell\Item2\Command	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\NumMethods\ = "5"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7584D24A-E056-4EB1-8E7B-632F2B0ADC69}\ = "IPolicyStatusValue"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0374\Shell\Item1\MUIVerb = "@C:\\Program Files\\Tablet\\Wacom\\WacomI18N.dll,-202"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_002A\Shell	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00B9\Shell\Item1\Command\ = "control.exe /name Wacom.WacomTablet"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ProxyStubClsid32\ = "{2FA44F43-D422-4F90-91EF-E6F067BCB947}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_033C\Shell\Item2	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00B8\Shell\Item2\Command\ = "C:\\Program Files\\Tablet\\Wacom\\32\\PrefUtil.exe"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00BB\Shell\Item1\Command\ = "control.exe /name Wacom.WacomTablet"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\CLSID\ = "{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_00F8\Shell\Item1\Command\ = "control.exe /name Wacom.WacomTablet"	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{2FA44F43-D422-4F90-91EF-E6F067BCB947}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ProxyStubClsid32\ = "{2FA44F43-D422-4F90-91EF-E6F067BCB947}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0377\Shell\Item1\Command	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0303\Shell	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_033E\Shell\Item2	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\MONITOR#WAC1048	regedit.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{2FA44F43-D422-4F90-91EF-E6F067BCB947}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachineFallback\ = "Google Update Policy Status Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\DeviceDisplayObject\HardwareId\USB#VID_056A&PID_0315\Shell\Item2\MUIVerb = "@C:\\Program Files\\Tablet\\Wacom\\WacomI18N.dll,-210"	regedit.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods	MicrosoftEdgeUpdate.exe

Runs .reg file with regedit 1 IoCs

pid	Process
1808	regedit.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4688	setup.exe
4688	setup.exe
4688	setup.exe
4688	setup.exe
4688	setup.exe
4688	setup.exe
4688	setup.exe
4688	setup.exe
4688	setup.exe
4688	setup.exe
3972	msiexec.exe
3972	msiexec.exe
3972	msiexec.exe
3972	msiexec.exe
3972	msiexec.exe
3972	msiexec.exe
3972	msiexec.exe
3972	msiexec.exe
4308	MicrosoftEdgeUpdate.exe
4308	MicrosoftEdgeUpdate.exe
4308	MicrosoftEdgeUpdate.exe
4308	MicrosoftEdgeUpdate.exe
4308	MicrosoftEdgeUpdate.exe
4308	MicrosoftEdgeUpdate.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeAuditPrivilege	2880	svchost.exe
Token: SeSecurityPrivilege	2880	svchost.exe
Token: SeBackupPrivilege	4152	vssvc.exe
Token: SeRestorePrivilege	4152	vssvc.exe
Token: SeAuditPrivilege	4152	vssvc.exe
Token: SeShutdownPrivilege	2232	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2232	VC_redist.x64.exe
Token: SeSecurityPrivilege	3972	msiexec.exe
Token: SeCreateTokenPrivilege	2232	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	2232	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	2232	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	2232	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	2232	VC_redist.x64.exe
Token: SeTcbPrivilege	2232	VC_redist.x64.exe
Token: SeSecurityPrivilege	2232	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	2232	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	2232	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	2232	VC_redist.x64.exe
Token: SeSystemtimePrivilege	2232	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	2232	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	2232	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	2232	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	2232	VC_redist.x64.exe
Token: SeBackupPrivilege	2232	VC_redist.x64.exe
Token: SeRestorePrivilege	2232	VC_redist.x64.exe
Token: SeShutdownPrivilege	2232	VC_redist.x64.exe
Token: SeDebugPrivilege	2232	VC_redist.x64.exe
Token: SeAuditPrivilege	2232	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	2232	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	2232	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	2232	VC_redist.x64.exe
Token: SeUndockPrivilege	2232	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	2232	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	2232	VC_redist.x64.exe
Token: SeManageVolumePrivilege	2232	VC_redist.x64.exe
Token: SeImpersonatePrivilege	2232	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	2232	VC_redist.x64.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeBackupPrivilege	3996	srtasks.exe
Token: SeRestorePrivilege	3996	srtasks.exe
Token: SeSecurityPrivilege	3996	srtasks.exe
Token: SeTakeOwnershipPrivilege	3996	srtasks.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 4688	4092	WacomTablet_6.4.6-2.exe	92
PID 4092 wrote to memory of 4688	4092	WacomTablet_6.4.6-2.exe	92
PID 4092 wrote to memory of 4688	4092	WacomTablet_6.4.6-2.exe	92
PID 4688 wrote to memory of 1808	4688	setup.exe	94
PID 4688 wrote to memory of 1808	4688	setup.exe	94
PID 4688 wrote to memory of 1392	4688	setup.exe	95
PID 4688 wrote to memory of 1392	4688	setup.exe	95
PID 4688 wrote to memory of 4648	4688	setup.exe	98
PID 4688 wrote to memory of 4648	4688	setup.exe	98
PID 4688 wrote to memory of 4880	4688	setup.exe	99
PID 4688 wrote to memory of 4880	4688	setup.exe	99
PID 4688 wrote to memory of 3624	4688	setup.exe	100
PID 4688 wrote to memory of 3624	4688	setup.exe	100
PID 4688 wrote to memory of 2400	4688	setup.exe	102
PID 4688 wrote to memory of 2400	4688	setup.exe	102
PID 4688 wrote to memory of 4460	4688	setup.exe	103
PID 4688 wrote to memory of 4460	4688	setup.exe	103
PID 4688 wrote to memory of 5044	4688	setup.exe	104
PID 4688 wrote to memory of 5044	4688	setup.exe	104
PID 4688 wrote to memory of 4684	4688	setup.exe	105
PID 4688 wrote to memory of 4684	4688	setup.exe	105
PID 2880 wrote to memory of 4524	2880	svchost.exe	107
PID 2880 wrote to memory of 4524	2880	svchost.exe	107
PID 4688 wrote to memory of 4176	4688	setup.exe	108
PID 4688 wrote to memory of 4176	4688	setup.exe	108
PID 4688 wrote to memory of 208	4688	setup.exe	109
PID 4688 wrote to memory of 208	4688	setup.exe	109
PID 2880 wrote to memory of 1864	2880	svchost.exe	110
PID 2880 wrote to memory of 1864	2880	svchost.exe	110
PID 4688 wrote to memory of 2328	4688	setup.exe	111
PID 4688 wrote to memory of 2328	4688	setup.exe	111
PID 2880 wrote to memory of 4652	2880	svchost.exe	112
PID 2880 wrote to memory of 4652	2880	svchost.exe	112
PID 4688 wrote to memory of 3720	4688	setup.exe	113
PID 4688 wrote to memory of 3720	4688	setup.exe	113
PID 2880 wrote to memory of 936	2880	svchost.exe	114
PID 2880 wrote to memory of 936	2880	svchost.exe	114
PID 4688 wrote to memory of 5064	4688	setup.exe	115
PID 4688 wrote to memory of 5064	4688	setup.exe	115
PID 2880 wrote to memory of 4372	2880	svchost.exe	116
PID 2880 wrote to memory of 4372	2880	svchost.exe	116
PID 4688 wrote to memory of 3660	4688	setup.exe	117
PID 4688 wrote to memory of 3660	4688	setup.exe	117
PID 2880 wrote to memory of 2896	2880	svchost.exe	118
PID 2880 wrote to memory of 2896	2880	svchost.exe	118
PID 4688 wrote to memory of 3336	4688	setup.exe	119
PID 4688 wrote to memory of 3336	4688	setup.exe	119
PID 2880 wrote to memory of 1624	2880	svchost.exe	120
PID 2880 wrote to memory of 1624	2880	svchost.exe	120
PID 4688 wrote to memory of 3240	4688	setup.exe	121
PID 4688 wrote to memory of 3240	4688	setup.exe	121
PID 2880 wrote to memory of 1360	2880	svchost.exe	122
PID 2880 wrote to memory of 1360	2880	svchost.exe	122
PID 4688 wrote to memory of 1116	4688	setup.exe	123
PID 4688 wrote to memory of 1116	4688	setup.exe	123
PID 4688 wrote to memory of 3484	4688	setup.exe	126
PID 4688 wrote to memory of 3484	4688	setup.exe	126
PID 4688 wrote to memory of 3484	4688	setup.exe	126
PID 3484 wrote to memory of 1212	3484	VC_redist.x64.exe	127
PID 3484 wrote to memory of 1212	3484	VC_redist.x64.exe	127
PID 3484 wrote to memory of 1212	3484	VC_redist.x64.exe	127
PID 1212 wrote to memory of 2232	1212	VC_redist.x64.exe	129
PID 1212 wrote to memory of 2232	1212	VC_redist.x64.exe	129
PID 1212 wrote to memory of 2232	1212	VC_redist.x64.exe	129

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\WacomTablet_6.4.6-2.exe
"C:\Users\Admin\AppData\Local\Temp\WacomTablet_6.4.6-2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\setup.exe
  .\setup.exe
  2⤵
  - Drops desktop.ini file(s)
  - Checks computer location settings
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4688
- - C:\Windows\regedit.exe
    "C:\Windows\regedit.exe" /s DPInstall.reg
    3⤵
    - Modifies registry class
    - Runs .reg file with regedit
    PID:1808
- - C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    "C:\Program Files\Tablet\Wacom\WTabletServicePro.exe" /i
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1392
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" Remove HID\WACOMVIRTUALHID&Col04
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4648
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" Remove HID\WACVIRTUALHID&Col04
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks SCSI registry key(s)
    PID:4880
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" Remove ROOT\WACOMVIRTUALHID
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks SCSI registry key(s)
    PID:3624
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" Remove ROOT\WACVIRTUALHID
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks SCSI registry key(s)
    PID:2400
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" RemoveDriverPackage USB\VID_056A&PID_03C0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4460
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" RemoveOEMInf wachidrouter.inf
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5044
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf wachidrouter_pro.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4684
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" Remove ROOT\WACOMVIRTUALROUTER
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks SCSI registry key(s)
    PID:4176
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf wacomrouterfilter.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:208
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf wacom_wusd.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2328
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf wacmultitouch.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3720
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf wacpaper.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5064
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf ftdibus.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3660
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf ftdiport.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3336
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" CopyOEMInf slabvcp.inf
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3240
- - C:\Program Files\Tablet\DevInst.exe
    "C:\Program Files\Tablet\DevInst.exe" Update "USB\VID_10C4&PID_EA60" "C:\Program Files\Tablet\slabvcp.inf"
    3⤵
    - Drops file in Windows directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks SCSI registry key(s)
    PID:1116
- - C:\Program Files\Tablet\Wacom\VC_redist.x64.exe
    "C:\Program Files\Tablet\Wacom\VC_redist.x64.exe" /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3484
  - - C:\Windows\Temp\{29AF51AA-B1AE-4405-98B5-49A1FC7222F4}\.cr\VC_redist.x64.exe
      "C:\Windows\Temp\{29AF51AA-B1AE-4405-98B5-49A1FC7222F4}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Program Files\Tablet\Wacom\VC_redist.x64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576 /quiet /norestart
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1212
    - - C:\Windows\Temp\{55A02C24-04D7-4D8A-9454-ED23AEA6C803}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{55A02C24-04D7-4D8A-9454-ED23AEA6C803}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{AACC18EF-1FBE-418F-907E-688452D9B4E7} {E411EBC2-5875-4956-A734-F5C126221AAF} 1212
        5⤵
        Adds Run key to start application
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:2232
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{AFF0E7FC-F345-4F91-B3D7-15DDF900E805} {43C972A4-E7D2-4A84-A0A1-68A8CA04679C} 2232
        6⤵
        
        PID:1656
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=580 -uninstall -quiet -burn.related.upgrade -burn.ancestors={2aaf1df0-eb13-4099-9992-962bb4e596d1} -burn.filehandle.self=1068 -burn.embedded BurnPipe.{AFF0E7FC-F345-4F91-B3D7-15DDF900E805} {43C972A4-E7D2-4A84-A0A1-68A8CA04679C} 2232
        7⤵
        Loads dropped DLL
        
        PID:4368
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{38305F56-98B4-4FEA-9ADF-8BBF63915B9B} {85F0D13D-A1C4-4D95-9073-DF92512C10D7} 4368
        8⤵
        
        PID:4676
- - C:\Program Files\Tablet\Wacom\MicrosoftEdgeWebview2Setup.exe
    "C:\Program Files\Tablet\Wacom\MicrosoftEdgeWebview2Setup.exe" /silent /install
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    PID:4932
  - - C:\Program Files (x86)\Microsoft\Temp\EU4FE0.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU4FE0.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Checks computer location settings
      Checks system information in the registry
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4308
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4948
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1980
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3416
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2820
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.165.21\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4448
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDlGNjJDRDEtRjAzRC00NEFFLTlCNEItMzNDNTU3MERCMDA4fSIgdXNlcmlkPSJ7RjdGOEEwNEItNkY5Qi00QjNCLUJBMTgtNTdFQTk2MkI1OUQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InsyRDFFRUI5OS1CRDMzLTQzN0QtQkVCMC0yNjdFQzI1NDAwNjV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNDcuMzciIG5leHR2ZXJzaW9uPSIxLjMuMTY1LjIxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjQ1MDk0MzQ2IiBpbnN0YWxsX3RpbWVfbXM9IjQzOCIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Checks system information in the registry
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2524
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{D9F62CD1-F03D-44AE-9B4B-33C5570DB008}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5b594d5e-13bb-6b4b-92fe-17d4b4d56857}\wachidrouter_pro.inf" "9" "4229284a3" "0000000000000138" "WinSta0\Default" "0000000000000150" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4524
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{bd50d075-e3d9-5643-bb88-33d763c16ebf}\wacomrouterfilter.inf" "9" "42f69c2cb" "0000000000000150" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1864
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2d061fd2-7ff6-5e46-ac42-a973a017938b}\wacom_wusd.inf" "9" "413c24e63" "000000000000014C" "WinSta0\Default" "0000000000000140" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4652
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{ccc1b13c-447c-5448-8fc2-a38b92e86b1d}\wacmultitouch.inf" "9" "48026993b" "0000000000000140" "WinSta0\Default" "0000000000000138" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:936
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5709342b-3037-d241-b4f8-d4f60d4a370c}\wacpaper.inf" "9" "4f9c8405f" "0000000000000138" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4372
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{ea35c46e-234b-b343-8982-3f585aaec633}\ftdibus.inf" "9" "482460807" "000000000000014C" "WinSta0\Default" "0000000000000140" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2896
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e97cb659-40ba-874f-b1fb-bd756e7cef14}\ftdiport.inf" "9" "4acc92977" "0000000000000140" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1624
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{9dcbdc2e-8e9e-bd4a-9295-22da7b5ae74d}\slabvcp.inf" "9" "43754da93" "000000000000015C" "WinSta0\Default" "0000000000000154" "208" "C:\Program Files\Tablet"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1360

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4152

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3996

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3972

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:2320
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDlGNjJDRDEtRjAzRC00NEFFLTlCNEItMzNDNTU3MERCMDA4fSIgdXNlcmlkPSJ7RjdGOEEwNEItNkY5Qi00QjNCLUJBMTgtNTdFQTk2MkI1OUQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDOEI3MjFBNi0wRjdELTQ0OEUtQTc1RC03NjFDRDUxOTM3NTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTA2IiBuZXh0dmVyc2lvbj0iMTIzLjAuNjMxMi4xMDYiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjQ4Mzc1NTQ0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:3976
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\MicrosoftEdge_X64_126.0.2592.113.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\MicrosoftEdge_X64_126.0.2592.113.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:3416
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\EDGEMITMP_52E10.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\EDGEMITMP_52E10.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\MicrosoftEdge_X64_126.0.2592.113.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    PID:4448
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\EDGEMITMP_52E10.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\EDGEMITMP_52E10.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.183 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C5461823-AA80-4DF1-AC1B-6AAF4D7F0EDC}\EDGEMITMP_52E10.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.113 --initial-client-data=0x248,0x24c,0x250,0x11c,0x254,0x7ff67dd6aa40,0x7ff67dd6aa4c,0x7ff67dd6aa58
      4⤵
      Executes dropped EXE
      PID:4032
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjUuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjUuMjEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDlGNjJDRDEtRjAzRC00NEFFLTlCNEItMzNDNTU3MERCMDA4fSIgdXNlcmlkPSJ7RjdGOEEwNEItNkY5Qi00QjNCLUJBMTgtNTdFQTk2MkI1OUQzfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9InswM0Y4QjRGNy0yMDA4LTQ0RUMtQkFBMy1DQTg1QjFCREI0OTB9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyNi4wLjI1OTIuMTEzIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iLTEiIGluc3RhbGxkYXRlPSItMSI-PHVwZGF0ZWNoZWNrLz48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjU2ODc4OTgyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI1Njg3ODk4MiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0ODIxOTE1MzAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5mLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzAxYTAyZDBlLTlkOGQtNDdhMy04YzM2LTliZjM4ZGFiZTIxYT9QMT0xNzIyMjM1MDgzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWN0d2t4ZlZOd2dsdXU2WFZXOFlOV3F6YnZud1Z0empDS25vMTZHU25lVExid3l5cnp5QVZ1MmhQbjhCWmxyT2xGTTc2JTJmcEF3ZWtlVlY3UlpUMVJOUGclM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzMxNDg2MTYiIHRvdGFsPSIxNzMxNDg2MTYiIGRvd25sb2FkX3RpbWVfbXM9IjE2MjAzIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQ4MjM0NzgyMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjYiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU0OTYwMDg5NzUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjU5MTY2NjYwODkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIzNjYiIGRvd25sb2FkX3RpbWVfbXM9IjIyNTQ3IiBkb3dubG9hZGVkPSIxNzMxNDg2MTYiIHRvdGFsPSIxNzMxNDg2MTYiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjQyMDY2Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Checks system information in the registry
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e583fe7.rbs

Filesize
19KB

MD5
4fcd193f90a198931f18eae89c4d98bc

SHA1
d12ebc5830282f76ae550beb57172570f7ba4177

SHA256
4870c87a9c2b296b0a8c2ea00f78878d988f210953a3615e68924204bd171334

SHA512
37bf407b11069b6c4e5df44bf5d96028bbe2df917f0b5ebd5e0faf1d2d3ed96682caac5aaa06ccc128a09c68d2912aea99bf390c292ad9d123a2b52ed79f60fa

Download Submit
C:\Config.Msi\e583ff3.rbs

Filesize
19KB

MD5
76df880e45f146597a28121dcb7f7bb7

SHA1
dfaf8d83eb71564584fd2e453fa295a67d27215e

SHA256
53d2f2a2c5d02244dbbfeb51d54829cb2aa6c80f4f0c54aae23d84d2c3eb9abb

SHA512
b81247eb086fadd2b20039edff4b87e427df7c3e165bf0b3b086ed835e7790d76ed5b708fa5f212e729fecfbe04c5afa9b2ddedc81a4416502669ded791b6946

Download Submit
C:\Config.Msi\e583ffa.rbs

Filesize
21KB

MD5
5398df1976fa7ed2f1d9f15a2dd15917

SHA1
9e5b42d640ed701802c2453da48b709a38548f1a

SHA256
984a224a0e88e731d1eb5749cf6bef6b2f989ddc49790308e2d6e8358d6675a0

SHA512
2c6b90e509efebcb6c8208c3df3d7e385d06d5910030cd2fdf3e05ff00509230a9a678fae0c7f6672020c70a3e5a28d01fd34a8c375d83f4828075b865c3f611

Download Submit
C:\Config.Msi\e584009.rbs

Filesize
21KB

MD5
983269c79412113e621e677074b57713

SHA1
8b091141d2a485371336010510168417990de6ae

SHA256
d0f366fa825dad4ddcae31d97b2d3dc0809df0064cd520691e8cbf20b4c38690

SHA512
86b128f0bfc6054b0d0cbca7a63a9f2b9729db3fd5a703d3c6ac520e5e0db5a7e724dc6771643eb9c70e4f69fa5b3185d3816446fabca3bc2f72ef27429bc7c5

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\126.0.2592.113\Installer\setup.exe

Filesize
6.5MB

MD5
4dda37fd043902a07a4d46dd8b5bc4aa

SHA1
aeecafae4cca3b4a1e592d93b045de19d09a328e

SHA256
806500bb5e7a3e4a2a84d4d08e97d1872dc7ee8f8c255e3c6c2d39437c9779ac

SHA512
903280cf47888fcd491b5aa70ffc4de60458fe8fce6e164a02118308cbd36ef0d2e6ecd418d19242d605f9c516598fe723908e28baf702c4c65a284fabc60111

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
200KB

MD5
b0963137e6f5267ad56defb1bb76285c

SHA1
58153c1cf688feb6dbb40646d992f033d80de308

SHA256
31a1c80cc73b9b698e6eb437df5fa77d3e18cf529cad90367989a824bd6b0700

SHA512
cc412584761dc717c01776387c0f342c0d8da6811826d05e122483cc031dcf0639590b2283c2087cdeb563bcbfb97db943992ae20b63e50fa4549a0694c885a9

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
c837d695b5d00c496f6dbb30d9d05645

SHA1
d0d0bfe68f3d16696ad5f19a5a0767a2d7bdcde4

SHA256
3ba45a2e8b7e066985bf05fad0d3fe106d0fbdf7b1925daa946e60106a41b521

SHA512
6855e747f13f9a26db482345b0cfcb7ec5abf20c6cdcd10b8fe5cb671fa70bd4541c2ae72f0d6dedd0fafda09c9e206415e3dd662966fba0df6070cbeeea9e4b

Download Submit
C:\Program Files\Tablet\Wacom\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
d026fd41f16ff7ca48fd0d06927ef155

SHA1
d9bc4f397a42430b1cadf0865d54eefdbc9f6007

SHA256
3428bc17add9e8135b79b17d9a2ed14ae7b856dda4cf16581ecad9ed957817d0

SHA512
10109c09d3e546fa3a171e926b509e2dd8bb57452fa2d59da413328317eafa7da411f09d5d9179ddb38f2cc07fe7299cce718c37302fd0eedb3292978594862c

Download Submit
C:\Program Files\Tablet\Wacom\Professional_CPL.exe

Filesize
11.7MB

MD5
6cdb62f48d61b351d95fcb51d635d487

SHA1
2854e168008278f6df8c15be4c17ab23760db577

SHA256
04c10b28d97f07865f38f78dd3abe4e5d55c5fbae042a9ed84fbf0533a6b052a

SHA512
bcc8a4445209a16f647c156f960d0d0ed4274ad44a484684c57a51ebd7359d89e1a2dfad9b2f95cbf4f92f5cea5c541a40b5c88e5208cd24f843e05d6ed04015

Download Submit
C:\Program Files\Tablet\Wacom\UserHelp\en_offline.htm

Filesize
397B

MD5
d0cfcf47bad523895996ae5595ce7978

SHA1
4e16aa93ce803ef5c08d397a82743e25f61430cb

SHA256
57860303a03c4e94ac7ba0198058f8631ad35e8825a36192464ced30ceec1146

SHA512
3946ceb8ccdaef9cc638cd65a85edf2487a465efd65c8df319ac52e519780b5bfe9053491496a95d772dd70d9dc80086cc996d88b4e9839c5828212b969ad85f

Download Submit
C:\Program Files\Tablet\Wacom\VC_redist.x64.exe

Filesize
24.1MB

MD5
4a85bfd44f09ef46679fafcb1bab627a

SHA1
7741a5cad238ce3e4ca7756058f2a67a57fee9d1

SHA256
37ed59a66699c0e5a7ebeef7352d7c1c2ed5ede7212950a1b0a8ee289af4a95b

SHA512
600e61332416b23ef518f4252df0000c03612e8b0680eab0bdf589d9c855539b973583dc4ce1faab5828f58653ed85a1f9196eb1c7bbf6d2e3b5ab3e83253f98

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ASBIcons\DarkMode\01clicks06-4thClick.png

Filesize
8KB

MD5
2428c41fb0e4c11946e0df6b824e08bc

SHA1
671cbbf64655f21b1ca5f91b3eeab33fca405e40

SHA256
80a26600bfb60ac9c05a0895694aa301b7a4664965283000f6c454d6949c4bae

SHA512
f4d96033c92522cab5f141769abdffe884895cdb915481f3d89bc86858e00c7c51e5d7def9ab2bf28ea058b70416cefbb41489a46fef882ef85004d547ede6f1

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ASBIcons\LightMode\01clicks06-4thClick.png

Filesize
6KB

MD5
83ca7d7a0ea1f49bb91e9b407ae11bbb

SHA1
9382369bf9d8fea6e99e30f43db1b7ace40f2e80

SHA256
fe23208ce73645637799d285c430677c01af32189132e61bccfadb0945b36b26

SHA512
f476502a3d2509181b2093ac3bee5facc6e2835e42ef07c22e8f0f37d2df15e830706a29ae61886a7dc5b7f51e07ee86a06704042ac6de8edd4b79badbf51604

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\CommonIcons\DarkMode\Wacom-Center_app-icon_96x96_B.png

Filesize
10KB

MD5
c0688bee29eb6318838a85f230b1d5c2

SHA1
89ebf3a60af9c2cfc2660cb70ebfe1b862747220

SHA256
c008ec51c99932de24b59589d6f4515fe6bcf51d591dcf132df87e1abda8914b

SHA512
4fa9ef61ff2284d891bfc4f90dd62f7b89d57261f6329e5ef84e5c81a3f9ab2b168b12ed10c68ad614decdef66aaa58c32d0dae3ef51519df93a6b01e0280b5f

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\CommonIcons\DarkMode\edit.png

Filesize
1KB

MD5
45cac569eec03b14629ab1b71f2849e5

SHA1
04aaea08f9f05e27bb0a57fbd8efb163cf020669

SHA256
629ec823d594f58d90d6df07467a2f2eb5a99c2eedc0dd34d1804a3092cdaf14

SHA512
84e71d6fc26be27e992d5f2887265d5cbb1bdef1adbe3b3fe365d9765b83b7392aea9f0256e41427e1250e23f4f29be8e9eac248c138e3dc8ea1935ed29c2a21

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\CommonIcons\LightMode\edit.png

Filesize
1KB

MD5
5ab56811834280c0da369de0080369d6

SHA1
f07cfdad031cd56df7e50939a9e28f1872e7998e

SHA256
5b84070761f11d18de4bf4852ab2d1caf5abde0885d223b8570c98a1a0c385b2

SHA512
4df0ef7989c3284a4c60d5caa3cfebcdb2399a5271391b96a4154ff82bab4f8d0f612a73089f971dfd3487e91fceeba7939c6cff3a0f2d9f0a3472d061429f4c

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DevMainPageIcons\DarkMode\Bluetooth_Selected.png

Filesize
57KB

MD5
cb77f9dd4c1fb597f05314e9d4014a30

SHA1
c3c98e0725c6e84638f45a38341e9242cc8bbeb5

SHA256
ac4c3e5e892688a3799d05d7c74ab7f945a9b12b8602bf8a8427e8ece7404925

SHA512
3b24c315af9809415a7b5f48ac775742fd07255f4cd00a50ef04c2fa7eee34cdc6e17e8d10bc431f5cd62f44a5519f49463836cbe8865e6f68c6c20698edf7f3

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DevMainPageIcons\DarkMode\MomijiTabletOrientation-1_Selected.png

Filesize
30KB

MD5
49aac95e3692bff4dbf3fe6318a24373

SHA1
1af0ee65ae188418eeefdcf74051cf0b5b5e511b

SHA256
694207c60c4aa64bbe121b0dad332b483bbad98d0212ae8dea0981ebd4ab058d

SHA512
57ddf02591add3f50937cca00090e90fb524befad27146ba93cd7ccc3ddfa5ace4818bd5214ab298136e31c65765b1a9362a782605689647215bbf8e30fe1281

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DevMainPageIcons\DarkMode\MomijiTabletOrientation-2_Selected.png

Filesize
32KB

MD5
ab9e8bcc15f1cc5ab03dc5171a3e45f1

SHA1
a6aa6c26268dbcbbcdaeba3abf18f798d368cf72

SHA256
d2de68ec5af20a83ca221dcea604ca652c06ce9be3aa26d092f255dfcfd49cd0

SHA512
ce2cd2b872df81cfdc70bf0e0918bd7cb99aaed28e31260a2dc327060ce4a91bc87b488dc2565a75534a470fd314adecf334f809f4329dbc0aa2ab342c7571b3

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DevMainPageIcons\DarkMode\MomijiTabletOrientation-3_Selected.png

Filesize
30KB

MD5
31f86a4c2df23a9941daed265235114d

SHA1
ff1256b9ef6db63ff82db29ce977c509ed711dfb

SHA256
b2e3491b2697765e1e0ab3a718ae9088cc055c22bff5eb8a37e652d82630986f

SHA512
65208741eedd52726aecc44cd17794ec00db8ede2c53b2b80370af50200fdb67f7fae3c4c52df4d1b283f500efd133ee6ddc89add24d94d167f4d9cdf9c951b0

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DevMainPageIcons\DarkMode\MomijiTabletOrientation-4_Selected.png

Filesize
32KB

MD5
87762ef4df2428f09309a92a5d3b6b87

SHA1
e9438aa862c2b2492dd367349a7d76fa2b6024e0

SHA256
3a0b25352b1ebbb04a563106646013d16d7a1d6db134dacc08a3bffd374cdb6a

SHA512
fdf35fca40f1fac059336ae181bec46bd033b0f79e9efc59aa00493ec299f3952f50f9ca51fad9587ec3bdb472c1beb3111d3a6cfdc92b90863cd0355c180785

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DeviceSidebarIcons\DarkMode\sidebar-expressKeys.png

Filesize
1KB

MD5
f01477300afa8dac717a8196772786f1

SHA1
5d1afb309c4f8f82029a9e0e2624b217e43b11a8

SHA256
eb326d24349c000991bf30aad84ea0114ce43119a5fa53661021b46d31386337

SHA512
6265e786b07d0e34c9dbe8b9b0a01ce470d9c1a4359ca07d30093c6dc64792f4c570c462fd7673cb688f140521386ef8b045219b36d19ab5ba4ff250259fd22f

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DeviceSidebarIcons\LightMode\sidebar-expressKeys.png

Filesize
2KB

MD5
b299157471279478ada02b71aebd120e

SHA1
7ef99946914bff5eb6d75819a7e021da9fc0cfeb

SHA256
e5dd80bdbc73ee58e4734ef7ca44c82bedfc88e11b1a6149db69c3f37e57261d

SHA512
cf46a718f107eec5c28bc9455a3fb9dcd716452805af5b6bde2873d472b8cf59f117d9155050bcae3a3b9a927c7ed381113ea11479866a66c9f223aa2c2fe76a

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\DarkMode\DTCycle_LeftNone.png

Filesize
184B

MD5
7bf0b4486baadf459f74c0680461f17e

SHA1
88e57960ed59eed8ff30be604045f54a48a37c51

SHA256
ae8e3db580c405aa949b17c838cd359680c8994716bf650e8a31f3bb9c461aae

SHA512
d171ca5095d4c542c60da705984eac645bab123b9490e2254123b9923f252f277fdbf7bce2206ce2271556d7022f1bd8232171d9fb7094fa23a802a116f9b59b

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\DarkMode\DTCycle_RightNone.png

Filesize
184B

MD5
edd8faf2fb81a844992e6e87ef271329

SHA1
84aab3cf7ae5685540b0b1996f1e788a169a20cc

SHA256
6ebb70c8b99002ccc8d012e2e51f5d29b34c0c9a1ed1078613d106f3fd7d8f8a

SHA512
31ed1274bed60ccdd3a8bf4e3f4af399506912b13779b0adc4be27c5b4bb8686d932fc2e5dc8d100790140514cda3fa4458d84eabd05d9529e5528ed992aae72

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\DarkMode\DTDisabled_Opaque.gif

Filesize
2.7MB

MD5
9df2c6a78e3f0229f8df12697957b0da

SHA1
f417b5767095e9e4aff4237ef92a752e9b3de879

SHA256
3ceabb0d6e0b0aa2d7c338c073d345aebaeb0f63f8034ed0bdb7d367ebfe1529

SHA512
f3c0323553720374eca4103649b982907bd1dd33f258cb344701e764655d3e4e780111e90c39c57bfcd59ef3791fc48dd52259d66d5a5fcd1e885cfa9e4353c4

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\LightMode\DTCycle_LeftSkip.png

Filesize
257B

MD5
b2de3514b8db183f38b66343cba7f39f

SHA1
67d92211674ace92950a702c0f1604427c9c2cff

SHA256
ad0485ad3c63588725005ef75cf17eb1e9b42024ac5786c8115951c3e6e52e3e

SHA512
a4fb573a2cb456c707e45472aac5103e96b8a844f9b086760fb90ac176af9d4b68c7f20453da6236fe34dba07129b19cc3221c56ca09b835a14644851245ad5e

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\DisplayToggleIcons\LightMode\DTDisabled_Opaque.gif

Filesize
2.7MB

MD5
38a406617102c65759bb262bd43f06f2

SHA1
73d23f1ce318511dc606d0c69b103db1282a2fce

SHA256
5cf79dde766a0a93496243986101e0dfcddfe168c2e703fca3269eb52f7cc10d

SHA512
8fdd55f089a434ea3de763c4ce9286df40d1a25432ef728cdf835974d171be402fed3077f9c127dfd42f5c9255d338901a652e02ca46177dbd26dc1cc616dc46

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\ImageResources.resw

Filesize
115KB

MD5
79755eee7748a9760db673042a032588

SHA1
2c709d8d3a3e8d3eafcb781b4d331e3f8efb483f

SHA256
7b89fd77e98d15cc28c71a7db73ab04fa825924818c44a477f5e5c964a462667

SHA512
853ba329ab91e2643dfc6ca0d01d02604fd864bdfa863979f5ec0fa223b0f70a53413a5cd68416d0d60df1037708c31982aeda822903a3fc2ab3b72ff62eab13

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\OSSIcons\DarkMode\oss-1column_highlighted.png

Filesize
2KB

MD5
cb8ceb7b6559977811d4dab84baa4b9a

SHA1
07995d419c84a3f90299e2085a946d87a523d45f

SHA256
95f51011f5870de0f2ce108a8233bb9a9d7f1a29384ea43bc06afcb7ac35bceb

SHA512
19e41b4ad09f06bcbb0071f873e7469fa1ce02ab087a9d96b78139ea45b004d9f7f3178b612491ad3f71bfb42097f104a7f951f0e91be13c33f9dbdd55fafdf6

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\OSSIcons\DarkMode\oss-1row_highlighted.png

Filesize
2KB

MD5
9c199113d743b3abce40570b4b40f4e5

SHA1
c163b624b0c300d11eaa06df862c877bc7b1c6d1

SHA256
08248ca32e555727d4d085dbc858974b68c0e5f799c053ac3623fe358efb1fd0

SHA512
120633fbc28c82f7a4deb16f2dd14b9f4df834425188e56067f328a7fcf1984de6a7e8388ad899e063c4740b39953d8120361aecba898dfeb5ff766ffb6ef474

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\OSSIcons\DarkMode\oss-2columns_highlighted.png

Filesize
5KB

MD5
0b93d8f3d366b8172c90dc972498ed91

SHA1
79464efb954a1c1a32778040cd9cfa4c858a84ae

SHA256
b0599090025c9158ba5baa098ea24dcc0a4f90194822f5589c319cd848f483b6

SHA512
b414b2f0201b46a8e62f088f434c886439c80ef9658bcb1ee8845a64d326c568efdca0ed757300d13a83879c84bea831135c1df1c9b40f9f173c94273511f6a8

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\OSSIcons\DarkMode\oss-2rows_highlighted.png

Filesize
4KB

MD5
be3b8ebefb4a1c09e7d3cbffe6bd86f2

SHA1
b2a6817a038c150153778dadcafeeef0b040ce7d

SHA256
c1c224a4fa8eb096219a151632abbdacaf221b17297cf5f2d4ae6253b5233a8f

SHA512
a87d978dae5072e6425f64287bd64aba975065f8dde55a409c144521ed42f1d41f0ef4e105333da94bc860778e9c46d69e07c39f3d50ecd4bfe4a59cca57e885

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\OSSIcons\DarkMode\oss-keypad_highlighted.png

Filesize
4KB

MD5
dce7072630b69504e83667a39b07941e

SHA1
67b351debe6064f2353ee927cdc4da2ee685e3a3

SHA256
1fc631bbdc8e4091a53b7fbf45ad98509d56348c0c6b2bf3f09cf007b56d62b7

SHA512
9e6d05338ceb0147c9e81e74ff7ce79bc58ea28ca8686826cae2022af84fa45e76bb0d9e3230805b6e31608ffc677a2a1b5d5cecd590965554b515efb3338d5c

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\StratoIcons\DarkMode\RZ_wac_wacom_center_Instant_Ink_empty.png

Filesize
64KB

MD5
1afc45c8afdd3bb146320cf33750f9c3

SHA1
08bae7f30fedbb1e21ac07926ef6efc9fb2656f9

SHA256
de5676b1e883e62f3619fd11ece20a4c80241c03bdb920c9ef5745d6e6e72094

SHA512
8ea0a0de2223e2a78a010b34ebe7eea217102e69d7eb29735439d6e014452f5e1b0aee30f1d5d56df17b24db5f799aa0a79371a185c445024a7ace7656ef1144

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\StratoIcons\DarkMode\RemoteDevice.png

Filesize
50KB

MD5
e41a6d99443b42bc05afabdc78ee4e5a

SHA1
c6689576a582189530011a741c9bb3d45f461906

SHA256
058db9b07cfa067caf3c96dc156f49ecb305733748de833abd32bdcb5e6eba9b

SHA512
07eb316c27050aa96cce0a51eef3aee3cbabce9e426d9a75587b3ab3a860d190d59eba2882023323ad6d3e36861640cf267c582306e113e9fe9b1c86c5cfedb4

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\StratoIcons\DarkMode\moreinfo_devicesettings.png

Filesize
5KB

MD5
fcc70603f6bd5bf50147fddc8e5902db

SHA1
2ce54346d4e8ecea94743cea902a65a505207425

SHA256
b6f761db845b12c5853872ec1838bf9035362addba1dedaf5ed2dc011ef3cf91

SHA512
38b5dd83af6d0ac5c522266a3d0a0848b245bad979d9b1678e48d3f4a4c69c546e8f37d0eed1a66616aa06846396898fcfdb5ac0ff0257a574c1c38a01f9cc45

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\StratoIcons\DarkMode\moreinfo_localscreencursor.png

Filesize
3KB

MD5
037097771ea6cf78f8e500a12013567f

SHA1
d2a14cf17e141073903b3c0216c3d8d402927ef6

SHA256
43b99d41d992d16abe57aaf9fe60ba20faf2cfedf8b301671ade158a2d9bc727

SHA512
42fed3df990a4d0e929adcdc1428984be542f8bc0b593da528cabe04fe2d4dfa57ccd2e6c682cd9f86230da4636965657bf26a48d9a333e450b7b3d3319c366e

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\StratoIcons\DarkMode\moreinfo_stratoinkline.png

Filesize
4KB

MD5
a460a3d12d43b251e422ff3ad22aff69

SHA1
951ee046ca8e43bd44ba80ea71f8133fd44f663e

SHA256
a7e41122323b29bb5d90549f99f8ec45c61b9d1e9c12d011cde9193714f492b7

SHA512
3abf26c7ec33b26d2278b874ddfb60af129fa3d9454203990a1f433214365b853a4a1845a824712a497ce7a575ebdc195e26ed5d8c4e1b5de458eb5c0dc9cf01

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TouchIcons\DarkMode\TouchGesture_3fSwipe.png

Filesize
119KB

MD5
7f5d0261c8b577384fe41ae109f21d04

SHA1
0ea29adcbb090fda1c08cd7c54356189241971f8

SHA256
bb36e48c2625a5605977f1e9e0e31718db2fcb07c164b7708b86576f060077c2

SHA512
80e363d344554bea53cee67edb9064057643da0a01e34fbadacf720439b41a4e2a5f5ceb1f5b6e95ca52420e7bd46cf58789dc6815a4fd555ba6cc322a9e520e

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\Assets\TouchIcons\LightMode\TouchGesture_3fSwipe.png

Filesize
130KB

MD5
a54237e69d2aa3e1f538be5c8fe5c5e8

SHA1
3cd7fcf8e2026104ed4edeb0f1ec0b864b3bad31

SHA256
a3a07e1234fca55f95f5378c7a3c0ea796cf92251f84798d1631bcca6117be47

SHA512
d63230313788486dd2c035bb5f85110ab195cb57d4a7a5530267b4b35f1ca5a46f21bcc47e44ca2189b8fa8551525cb807bc0b801c85867aa04c5a3d6e615f0d

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.exe

Filesize
327KB

MD5
7f7e97d6443b34227651711d3f6a43fd

SHA1
0c5fb86f128c65bbccb48ff61ed351a9696960a9

SHA256
bd75ed5e3cc8b58318c7f4922c18ef2f86cb3c4614dc44de811036d6980424fb

SHA512
08180e85f5fcb6bfc58fa7cff52fb5db588cfd3fa1b23ad1d20329cb8a041453794518fd6d78a728f614f5693025d36cb982d6f3763979c78a93f347a38e14c2

Download Submit
C:\Program Files\Tablet\Wacom\WacomCenter\mscordaccore.dll

Filesize
1.3MB

MD5
ae1ef1ff8cc1d740bfb73a6fd2960a0a

SHA1
14927062d9ab8c8d2ce20121535a669c89383705

SHA256
4d2ab1560a52be1e6cd725035dd38689fb43a7444eba4962d6839829ce4ab463

SHA512
b89f93df5ffa54accdb90ac677010867d457e743ceb46a2374a8937207b34820baff8a16d6229415cb2caf1c251577363c9958d3d9825528c8e1ed3c60afc0db

Download Submit
C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe

Filesize
1.4MB

MD5
cbb313781ac47816c54f61141e741a58

SHA1
5bf6dc1b8108e81d6efca12074bee1a8e7967ee6

SHA256
969dbde8775a3c3ad1acb5c73a8dd71aa78c6a023ed5127005e4d2a282ae2cdc

SHA512
2ed475f6db5119d1858b7214b8a06a58751d654fb929cb241116d269dd9fcce0e609178d6f6663e9acb7ddffe2b8005e3d075d1931ad0a53f697bd34a05164eb

Download Submit
C:\Program Files\Tablet\ftdibus.cat

Filesize
18KB

MD5
3ca2599748cc29523831eace03806d8c

SHA1
6d9275447f732ace9500cce0504406cee72a42ad

SHA256
51e4de8d95de60a7b20b516192f9a3ef26d9ff5afde04032f92d6f6e5288e657

SHA512
b6502c3ceaf2146e83a3717e4848dc20840a3a34605cfc71882484a5f2e3db81b78879842d0608d8b985580a02b78c05b51d1430077b14c386dda23cb4f54512

Download Submit
C:\Program Files\Tablet\ftdibus.inf

Filesize
25KB

MD5
08556a4e0a016b38ea15392ab997eb96

SHA1
321e9c3b7c8e360b434912ed44cc222f08280048

SHA256
8f94401479c1a57f2fcc67d83b2bc68346399fbbb6bd93ff7e4f0e72fe2755d2

SHA512
ce304515a228241780e09f012c6475193d9ca4eb0738eaaa0816a53efb26fd4d651050af4a8b9b118b7353dc92c1792e41d9b588e011796455112f5924154ce3

Download Submit
C:\Program Files\Tablet\ftdiport.cat

Filesize
17KB

MD5
9fe33a9197449575ea9ee89a9e142b58

SHA1
623fc672c0847894b751bdc3a72c2c85cf6b660c

SHA256
05ba91c12be023f7c5833d77130efc859a0ae516f96704fe8062c4796f6b9fef

SHA512
3212199a664b5cb810657c9e775cf7b58e26fe762578814c545995ec1cb04fcdcf7273625d7f84d4ebbfea4636e65b23fbf67bbd689249705663f17bbf5095d9

Download Submit
C:\Program Files\Tablet\ftdiport.inf

Filesize
16KB

MD5
d9ccbbb89b77706e1392402b0babf70a

SHA1
018b67599606f0589ea4ca42ad4cc6b5c24388a0

SHA256
28c99f312d9f84d854e083ba83d8bbec72d5a285cc12a4dcfdc9d8cf1407a821

SHA512
26e9e5a81632ba3906d2b1bb35043025173e8efd69a6ba3b9ea66639c831146b6ea60ae3249d079d0fff32dd6fd8757e819795c1620980d7d7bcbf5819120aa1

Download Submit
C:\Program Files\Tablet\i386\ftd2xx.dll

Filesize
265KB

MD5
2f1e187ff00944e337121064c7bd3f2e

SHA1
f315dcc6154427f06aa0a16e44c149527d61d918

SHA256
f133f056b866d3c1d05db3a52c3457ed2326623a823fc48b724f6cada351224f

SHA512
81e3226ef4fbe8a4604d73eb9489798fed596acbfaf5d4fc7821f502012a4cc90e217387b10d476895446d9b67e789f7c926ddeafd98bb5046807e9dfbad1729

Download Submit
C:\Program Files\Tablet\slabvcp.cat

Filesize
11KB

MD5
befe6327722742cd1424b739bc8f5cfa

SHA1
c3f899399bf59e9890c654670b15e364628db4a9

SHA256
c135f73366aac8fe95fe3285d05a3efa76c0054df677bac3e308e7dc82a58bc0

SHA512
0e0158ff5c583714babd8ea0fcda4ab203a4ef747f57ae6bad2a4c5c866b8f183d592495b9281e85ccff589520942607bb7f412d641a25f3cd252f4df63067b7

Download Submit
C:\Program Files\Tablet\slabvcp.inf

Filesize
4KB

MD5
33ae925db013d95dd5ea91a9597a8020

SHA1
b97004a400e30dcf940971efa7a0c13c6b0a4b66

SHA256
9ae433c70b360cf6e1a4219bdc00014aed4257bcb64bf08cb85331e33ee63d85

SHA512
cdc40e9d91abb9ac9c897af70bb3b769f746b126ee3bc9a2b6981e0ad0a9ed7b362db4b8ae3efb8248e10bc913b708b8275f93f9ba90cd12543c761a16461296

Download Submit
C:\Program Files\Tablet\wacmultitouch.inf

Filesize
2KB

MD5
dbedff4db91c6ed2292019c274ce2c2e

SHA1
3a17780427135a1a322dd2503b7b9dccc93a2f0b

SHA256
3716e7ddf11000abbe0ffdd359404808900ca9db607229db52d2084be8f7d394

SHA512
db0c7f0e283c4df7ac178ad28abdad0ddc582051b89c85c9404aa5ba5ada7bb6f4dafb13501d9b1f75ff387ea1246dbbaad18945c4ad186f310c137bf240f5f6

Download Submit
C:\Program Files\Tablet\wacpaper.inf

Filesize
2KB

MD5
8ab6ed1712a9c7b0797bfe5aa5b3d6cf

SHA1
9caf257eed8cf9e987cf2c174e43d91a22473610

SHA256
556843802120e826c98635669e42b0a00535475282c3cbe7711aa2c2a2d64f48

SHA512
e169826c44570185139f33e55461a7c7de9058be6aeb9653f8291621519d1a126715de8e70f8ea053993ab6f03d923f8d1c960dcd080be5ae32078b0f78e6865

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
61KB

MD5
a1b6160dfbebfa25bf3d45bdc2d6edde

SHA1
667044926ce082a0410d89a57b9d0295f854ac59

SHA256
77e9fd758ea0216894862c2b751855f4d28bf440274d2073bfcfab5cbbfaeebf

SHA512
8ea417e449d89ec7913513e9d643ba4af33f1a0108a22ee3412e10190592697a2e9c615397a319edc05f49da28d93f256fdff585cb3b2f10169aeb7ea188e365

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\AfterShotPro.wacomas

Filesize
6KB

MD5
8f57c83028cb6982975b0383a76ed5db

SHA1
13118f256d7a461be9312d4f713c73d161334db6

SHA256
7dd13fd94f7c743c76ff73588103c8a9727714124b81403936a9970e3946759c

SHA512
204a8818bf4d02f4e69e36da1bcd3dcb0a2a1b6539b0358be51adb9297bcc857a7bbafc180b0f35a105fea79ef671837ed2a11958e36a129a9de0c70ddf6c124

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\AnimeStudio.wacomas

Filesize
10KB

MD5
b6d4d2ab4cf23248ee5c12c0e86f355c

SHA1
eca9613445d40768f34b54815343da063e5312e3

SHA256
6f0076d31a1af486cb88a9c2b89d6dbc33586d8b48c402bd3f3a3d3d48892951

SHA512
2fd013d74455d49f78003fdc4290ed9abe06f55cfc42602f170a514fba440c7f1b1ad46a5e4ef8455d33b9cfc17a00c44a10399e250a8fc4a9491b4e23491bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ArtRage.wacomas

Filesize
24KB

MD5
1fae6531658c4f3046e4035586c8f219

SHA1
2d842eaa09ca71d4291c82dcd2640654c51e05fa

SHA256
877d7c4e19448764ee8facbb40af3a7280872fc3c8d48774e48c4622fe441186

SHA512
232234c788d478472969b7988fec8fce6ff1478cb15b7ebf7d1d2ed8355b8132191fa7b1113a68607fa2fbab03f4eec911a42e8b60343d4c33d4f092a6f28c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ArtRageFun.wacomas

Filesize
9KB

MD5
66d86f78f15b7b6a214706d239b4233b

SHA1
aaf440cb82218802080649395c84864265036fe7

SHA256
9b23542e9d2657f438b03d30c9834442150077d27b18f0ae506e37db8f4fe29a

SHA512
5880165aa58e9b40142c464816b8bd7b22a8103d83122edfabbd734c864ea455fe548b3f9c92eedb44a50080cdb5e4126fcf384ebbc46fe3387212b9395ec1f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ArtRageStudio.wacomas

Filesize
23KB

MD5
f03f9d5a66117cd5d732ef538228f518

SHA1
7ae4bf63cae1ba6fdb094936b143f3e457e14bc5

SHA256
f7ed1161196f3800eace5ff083cb2fc24efc9055d0dba56f31931284604b9143

SHA512
ec2ec178c199b30e2e0212ddb3ce3c66b270d543bee8283169b37257372d4a9e81e6390b5d6e83a2269c8999bc545183dca334102fdc46bf604eb3daa3fb2e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ArtRageStudioPro.wacomas

Filesize
23KB

MD5
3ab2731fcfcb0d0a198aacf53c966b85

SHA1
9f2ecadc220a41cef37e56f669cd3199e4b7fd04

SHA256
eb549e48b6e3d10ece16d55b42a3492d12bef2a561a5ff373ab5a9471c577cd9

SHA512
08cdb78e4e16b46db0290f4a247eab1a3517558e30f13321246467573b7fff4d61a7b44dcbf8116b9eda8738e0718bfe146db34d0ba1d64d7dbd9822848a6597

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ArtecStudio.wacomas

Filesize
6KB

MD5
c187867a43edad19e544f70edb657546

SHA1
7273a73d368383dc2bde2af62f899caba9790713

SHA256
0d0b7a0eb940f209ba250817e8ca70f8957e60c33fcee96b476fa499faced8c1

SHA512
47789dc1211293ee2526849b41601ed1bb992e9625dc50f5455b6b52dbbe54ba4fa201af2b0567bf77242076d7f47d328f1b311668b89dfedea4b3faa1abfadf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ClipStudioPaintPro.wacomas

Filesize
7KB

MD5
6ab6d62f06b2aea3e783ec0a878dcd14

SHA1
2d9afe53d81b49267ed98432b15c812fc27c3534

SHA256
e5e3db54986982ce4e2c10426c5612dd5abc8e85eb378ed00b42d0258e9ef294

SHA512
b5f58740564144c7e486f47c1f95aa4e2691b17b0a2bf3721be87f1c4c58dd007f861699dc2b6e056a5c6123b0d3c6abb043e2fc0078be5d22f61325d048ec6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Corel Draw.wacomas

Filesize
14KB

MD5
1485955b67077519c181d99875d1ef9b

SHA1
f5ad61ec6bbcc80972b2cebcd3ae7fbaf4deec04

SHA256
237eb737ed69ca6d7f751de6aa233d8a8eca0ff3e6a523750cc67b68d1274da7

SHA512
5a69079c4850b7e82b3fd84a2e44ef1efe187786389f0403b08f953d022275243717702a582eb525d1de0e89ca8710cb2605ed6c3877cef63b2a5cbdc214c90f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Corel Painter Essentials.wacomas

Filesize
31KB

MD5
910e79daf1511d1aa987fc27f3ad4b73

SHA1
7227807aa645541e04249a8c94c21a6c2556e892

SHA256
47e89b2b3e950be7005f3a0349ae5b083a30a5ec216b83df73297f1187e5443b

SHA512
3c3ba1258cc8fd8c8e8ecd4e155f35118b3b0fb0bae508adbb06389256fe7185ff79d42deda5d02d905aa21a7b68532840314e9de1171244858671006a083b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Corel Painter Essentials6+.wacomas

Filesize
32KB

MD5
49b804e6ba2cddb772632e95e439b27d

SHA1
4d8e9ec64e732c8f6c3ff456cff88c11c69576e6

SHA256
5543ea48a2eb1d08b3777ecbbaedcd8e00a27dfb9480f2ab0ae4a2ef83fc5edc

SHA512
0f16bf2912848260d808e261c9c60504d64d44230aafeb3af633ecbfc933312cd506455e0a1d3cba6f8e304002babd9fa43029e8fc209a0b604378b862202a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Corel Painter Essentials8.wacomas

Filesize
32KB

MD5
079e42799df9e9224704aefefc2447cd

SHA1
2632fc7a6b83970e62555ead4ad608ffe6db10a2

SHA256
8b2c94da2dda371886cdc62c49868a1757ab6d7ba289ddd1134bf66332805489

SHA512
403fa3c571487fba547838680e617533d4e59f746a9d2c7f7e96b060eba19f92c9356c95fc1bab8703efb38eefadc0def47275bd95c09443d2e0cd475b35a1e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Corel Painter.wacomas

Filesize
32KB

MD5
50badcee473358ea4a71daeea3b156e1

SHA1
701b836dafbcb0a489e42fd585c535a0529af439

SHA256
c1c918c67d872234973a360b2913db7cf049c41841adf017899b259c754bf53c

SHA512
a5f2867c22ee30ffd1eb19f63160dde9e219c5e3b3284761f7cf7ed35a81c65554da46dec097c1118314a8dfaaf1e0553879d213725964d67a5d1e322a1f35fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Corel Particle Shop.wacomas

Filesize
32KB

MD5
2426bd3bf61a169cc67fb5a85a6d3cd8

SHA1
21600510cdcc7e7d9bf0deb8ab5f8c08141665af

SHA256
45df60db1ab1eeb940d798e706c258dc6a7aedcd7a6a3fe311a6bef03e089ed4

SHA512
36812b3252cd29dc1ef9f84e0b825c692c39fd6129c3ad5fe1faee9df28b1804d4377c23b26fe094ed269c867f4cd2670e09ed8a604d3cc42718850c60ee4c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Corel Photo Paint.wacomas

Filesize
14KB

MD5
d77d6aa29fe0c3dae1e4e577ee752be6

SHA1
fdc2cb523af219be973c9807c50c934380a143c3

SHA256
e87bda897612148befaf026bd9c5d5440f5cde357118e0819a86b2e3cbc65046

SHA512
9959536b74b6e96b51ff299030745b98a7678425faa4a7b22a03fe2fcbf7ca3a54f8846e1190b731c7d42d8dd14a906866ae494bbcea96546674eaf256648614

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Fresco.wacomas

Filesize
4KB

MD5
d875b3d25d415be917d35a6c949b3bc8

SHA1
978e7eeae279e22a33ef4d0e09a21fd0b2bfd07c

SHA256
ea51732313d9012030d7de65c2e89ec9429c255c3942d52abaafc8289221e963

SHA512
8fd5b7d19708d74ab23a57557eccdfb8cf5c0c5f6f54aa1715044f21268fbf4439310fd81734f2acffa72496fa4a8bee9c13442d81e36af7a7a617a119f20461

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Fusion360.wacomas

Filesize
8KB

MD5
ec9cbea533211c8fd885b8b750324bc6

SHA1
9aa8c911e1a62350e481e8c86abff73cb5c9b3b5

SHA256
a2462e16b2651d5ffa2e92b222bb193c3d518281a4312f1b8f785f2d93878e77

SHA512
574a1555302e5137ade2ad8719819885e68563af536ba45ff88e45d2a97e92dc1d524d5fd24d8a05ceb0e55c26741d7c9d77917b889e69e5465522d2ac1bf82a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Illustrator.wacomas

Filesize
36KB

MD5
58111d4bfe449eb5d53868374e094f12

SHA1
519078451f7ee3c58e04808cccf3d09575d63634

SHA256
bacebc125e8c8238ddfc49ee172594e5657586b64b6373fc16dca42c227d36d8

SHA512
aac123b00323a3c76ffe8e72be899daffc32b92230bd91af0021f95446a7e914a95aca628c4cf2911e08ce76022a844596cb1d788396b7bd3f2aeccf72d9f8b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\InDesign.wacomas

Filesize
22KB

MD5
8e0221cd68da880f6fe9ac218bfaaedc

SHA1
fc37481c402c21af7edae97c4074a782019e726a

SHA256
7432eb2d6ad4b628161d22efc2eac20c311e6a3a9276e481386aab3a3d541ee8

SHA512
f96bb7c5c7c9aef54b5df1f13f718f3d69a422b5e9f0e1247029bdce6792657f3cf749b22dff67e37fd3dac5bb68de73fb1bb77d4ded726e9da71a682d047874

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Lightroom.wacomas

Filesize
27KB

MD5
6486bf0bf4853779f6eae2f69fd69775

SHA1
276722b29e23dc90f78cdab812031c2e2e43344b

SHA256
f518d33dd86f36f9a92d860de12913c6e2fcde9b094467ced2425a8e0da1857a

SHA512
81e06a54480aff065bd44575aa031a13d5848ef475c9e7054ac40a6f6728719b7ae3dfe11774e3b120c643e4f524fc04e944387cb25a92d05b4823062f2d8c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Maya.wacomas

Filesize
9KB

MD5
09e1c77f367b0a839c17fa02c177f1ab

SHA1
85252732943c5582e86dbf41ac6c48c1c8546c6f

SHA256
02db9508167da91f96d5f64f045136135b32014da3c959905baabdb9aa55d459

SHA512
1262b5474ea206d187a706d718c3280b651540019af01454159aed97bda2761934da6ef691f578eef36b550782e381ba03199b91b7a0165b95808e920df88e0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\PaintShopPro.wacomas

Filesize
10KB

MD5
1827018867a87dbd4266c0c447b851d9

SHA1
7002d77bcbb122f1a35c66c713bc836d8cce406d

SHA256
59a4308860ce70a81ee20adde4175b796bd9ff4307117369e04a12ca70cb60ae

SHA512
2e9eba5f6eb12ab3dfcd9f149ca8ebfba44929a3cf30949bbc187b3ee7ae870124207bf3def5d3761247fc064cd52c6f28486a3f9d5eae0ccfb68d9a6c38b711

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Photoshop.wacomas

Filesize
28KB

MD5
d9cd5f1dc0dd88eb935a89f5c1cd5d76

SHA1
c4d93d2d68acba7b5e2f16bedc5d9dc17b003e6d

SHA256
b59683ec177557c029f5e01ac0e46c28da15dc9eca38ed148bb86b9689bf43b2

SHA512
9f3c5903dfb426b9b43a8b90c39f5e3b7dddba2ed78859c041702f701a5d1219e2ce97ab87bb9243dfcfa53fd508d4abc47a3b573c27c15913da844b97938d12

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\PhotoshopElementsEditor.wacomas

Filesize
22KB

MD5
f8d414debc16bab426a4f55be8b62e97

SHA1
a0991dfda4fde6287005dabb72a119ac7b3aaf03

SHA256
101a9ed11258721a26a39350d73f9aa906631f956e8bd4aeb78cac680c73ccd2

SHA512
69ca2ae1a0b3ae0aa233de390e45deb609e6d480450f461b793682ddc951292f91296c6d6354a5959ac2d8527dd9f7edc48f900abd80265c25a90a9db2ade47d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Sketchbook.wacomas

Filesize
25KB

MD5
1f1dcb48901ba083580d0cd0e54859ba

SHA1
f0124abf569d35f10e52c072c13220b21d6f869b

SHA256
e98f6a174e1ebcc2e276e2c48bca7eb45ee6aaa0f30ab1f4e813b085c0abafae

SHA512
347c1244e21062b20b4ae998a1130549df2ddb5337826d0839c54b23ef2d43f8eb9e4c9b559aa5356f1e8375e12e7263f0b218b64a786dde98b30a619eb216e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\SolidEdge.wacomas

Filesize
8KB

MD5
51cb23c74f755c6720f5d7c09f2892dc

SHA1
27a361709cd30454622c0d011f03e60616ff2a00

SHA256
cf82231c40bd86a999afd21b3abf9fbc89af098a5b0cd1ccb4d4340df2a804ec

SHA512
9c141ae15752ee5faf61bc0d85d755021802c459a1562227ea41045a5db6a539ffe5543af5b1d5b2b61a9d441b832bf52421d85a99f8a4a961adda9e6b9e3d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\Solidworks.wacomas

Filesize
8KB

MD5
917a77e12e546fc1226be1e65386dada

SHA1
a206f7c276a6275388640b1ff599cdcc65a23838

SHA256
caf43204e3b8f545ee732ddb6b7c33700433eab9b7f3e584f8939c40dfa39b9f

SHA512
bbb610d2e12d690f394ed8ffe7f17610bdc3ab34779c2612e56d7206fd35b72c6a004ca71128e6524ae34488ce48d4a8b578ce5111231063cf1395e51c91640c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ZBrush.wacomas

Filesize
17KB

MD5
6fe1c993841bd73b7e178dfe92538c9a

SHA1
4497a669ea2449805bb83b3759a227bb14a262d6

SHA256
4a68d5a1860a7036c9d70be5cca508d8f690170bd2d96b1a17426aae27cb9ff2

SHA512
e003dbd0d29adcbb56dc83fcfb54a03af4d8676ab1fccdf09f9467e4707e447b617a41eb1744ced79112e50fdc8c7f8caa60b9882a06572ec60cac80a4c6d383

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\App Specific Settings\ZBrushCore.wacomas

Filesize
8KB

MD5
b80a19a294b03625672971e25b9ce1a2

SHA1
a5e99b89350491e654528ba12ffa6f38dd5ca070

SHA256
65e93f16c6a7048a065946308fd7655c77cd51d88e607fd4b1d3702bbcba62c6

SHA512
b5e8c9d8653f56fa21c9a2790201626e3584d9be76de608bbfff665aced127bf38bc87d9f6667e3c00d71277336f46270076dc46f854cf67af351dc1a4a2b67d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\Common.dat

Filesize
21KB

MD5
9299998fb2e1a8b7d8baedab645442f8

SHA1
906a57ae16ca723785e973333cd4833fb05d2a14

SHA256
5e5986ea115490313d0080a3510da40cc66ad1031201579e547bb186b4ed91b7

SHA512
d452016cb806ac2d3b0d31cf48fb838cfb20fca4a5bdb0086525b91b679dca2c3f79cdc3eeb3f9c9b7bd7b111bdea45fc6afdc261cc9d06bc6abab82777f5435

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\DPInstall.reg

Filesize
47KB

MD5
22820e6c053663cd990f6931ee0a8c2e

SHA1
e4e07a086ebef6fdf2a7f4ca58b852e4997efaeb

SHA256
c83d971d736f222e8f5779baff77ee76d2780698954ade22d4149970a43f151a

SHA512
c046053e0c98ecbc75e9a40cb2a95d0bd4debe538eee5679411ec3c35aeb6ed82c2d0c01d2e9d029a71e35d5953745b6e68961f0962c3fb0ee563da062ea0fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\DPRemove.reg

Filesize
4KB

MD5
87ee1c67d980e1931bf1960b7becf054

SHA1
89db8a51111f3c396a2b4630e2c95967decf76d5

SHA256
8732ed38aea24b40b5575a02b669cc0b7d94cc47a3147c11f5d26eed0b53d4c0

SHA512
f4186fe7fd491755038b8bd2b36991db91f10c9472876aef53d1a5b58e8f905605055301397326ef63b0bc5decc4de41efcd302fcdb464adb2c261344d391fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\English\License.rtf

Filesize
127KB

MD5
4e5a19cc901b1c99287d90f2738c4b15

SHA1
db693ac3ec7061823a71bc272a9546d94bb1f939

SHA256
209b661a4a224faaedd1bb66c8cc42ed3306812808961b36485dfeda4d3f4c11

SHA512
311a5e29f53a6f052479cc41ce3ad1acc2e7b91f2e2c0b8f9e71e91fec680c4deb91931fc6b656f2add850109586870528c4add8a3d6430973c116761c574bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\German\Lizenz.rtf

Filesize
120KB

MD5
d819f97297d408567bfb2dbc55bedc28

SHA1
88cca4e7a3e18f63dd6ea599e578498dec54f594

SHA256
f4ba51b3a7091762b52efa95c2d58101c7a9d7e38a19d8810edc55f34aab3528

SHA512
8d431557fe9b834e77538924f51faf5c39a370b0d6d18d214ff2e1b0a62cb54ebf40d2a503c0738d1f484566809fbcf4fb6a36c010ad371c7849a947b1d6fa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\Italian\Licenza.rtf

Filesize
126KB

MD5
1d7940182eccf76c145c5d06b586ec98

SHA1
f1fbff62e413cabbd41a2e86bb147c61268c52d2

SHA256
e23a86a2e4441be7a37a2acd5fdb005066265674ea9e1be070b162ab514041b8

SHA512
225b99083cb4fdeee19e2ad5bd60a0104a645553b54d9b90f3c28e47f80280c7304b385f972fd65bfa4254e56f4b1a05826d7fbe478ee31803de9ab54321a898

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\de\Notice.rtf

Filesize
78KB

MD5
c67849f5c926e61b145c1ae91917f8f7

SHA1
a07c8b32d476ca3f39613fa3a49567b75b63ca88

SHA256
3df73d3e29cbb7a0f9f2481cfd1dfc53d1d3779138d4f646cc8ff8854db9aa52

SHA512
112bafe8e82873281f06c5d1ab96947ba8ef5313939550f2665efaa8e67a1fc41aa8d45e50527d600b966369aa3fd9a01e3a1ac3a31cee80bc558bcb17754144

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\en\Notice.rtf

Filesize
65KB

MD5
002a78a10b8cfb010398e1d41bc05541

SHA1
d349306e403596b76b36a8f043d72336bf0aedd4

SHA256
751ac66acc3c19abbdad880a23672f04fd172c10450576a9cb90810ade38c7d3

SHA512
6369656155c04c672b36b956e57dcf9934bd0a77882896a0299160f91203160e1374d3a2f8200f414ef2d72a3a7e489b0606995c9d1a654948c1305f55513fed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\es\Notice.rtf

Filesize
75KB

MD5
16146c9db8439bc8ee1699f1d73be515

SHA1
6f991c1df945f92da5e1eae4415fe8569acc6e84

SHA256
94ea3a839a2f959ce74aed3581b70b61657d0bd2e040c3d824d8a85d7cc65aa7

SHA512
56dd4c5caa14dde248fb9bfef0a568cb6f2c3bf284a7796bc852f152f6c438e0e09fdd1c1dbfa0045c6f913abdfe9f89853c596661c3437793155dc92f021b81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\fr\Notice.rtf

Filesize
78KB

MD5
0887c221a149f65e678f8fdf5d4d8fb6

SHA1
031a31a2dfe89ae9cbe89637e918b6bba3d0f29f

SHA256
ae49187dab6a7fc8621b681a222a699046f8c0fdd12a8734d6ba829c0b895bd8

SHA512
b8d143642ae00bc821e73bbadbaf779ad3a6145b1ee375836be3d7d097f674ec670b10ad8935d15f3d2883465c9fbcda3ef0a63c41a57f2173892e9ed759a5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\it\Notice.rtf

Filesize
77KB

MD5
c2363caf973de7e3118cfda834038790

SHA1
30b40ae5d1b70f2106712583ebe8bae95674518c

SHA256
86928ac190bb7eb088f39babda630e3ba328b10c1fcf6ee558d0848d391670cc

SHA512
56c031e9681b8486f3d1b519d221aa429ced07e2b981c729c76794e58ee7da04825afa53e3668038ec5cd8b338acfc0ebc5f4b08512f46b435f0b4f3e2114115

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\ja\Notice.rtf

Filesize
179KB

MD5
242aff7b0a22d9938b4e6f6748fb9632

SHA1
5fb8806d391699948dc6e4efe11bbbfb08b709aa

SHA256
bef480ff3a8f00f5fad53e054f0ed67b95f9ad792b808300b814636c03465543

SHA512
f467ac3ef38f21b118550a432aaeeac42570139d2a1bbd02c17d118ebdd351538f1a5cf45e370fa9af1999563eb0a98a1b1bd341521bc8d959d56cad8e75e9f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\ko\Notice.rtf

Filesize
332KB

MD5
2b9f1028645ef1b959fe0cada2f93e5b

SHA1
7fe097d9d3b810781e46d7872a33594d114602cc

SHA256
dd60042c6801c163836365013477d68c022340e24c3956515ede96b75ddefc55

SHA512
6b74d219ed73ad77ee9090ad58704a92087e87b53531bba4eb29592e4b77983177f466cf72541258203a3aac9adb534c0cfe56d320757d977d93c9ae2afeff60

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\nl\Notice.rtf

Filesize
74KB

MD5
d409b9905858d77e419e63b846235e23

SHA1
723d778b92b2119086b264d60e9b9084c371b929

SHA256
0bce434a8b7f45a55856746c7d5bc4b21bed25607107f4e6fa8eaeb05f837ade

SHA512
a037898a9bc26485160f16354312f6825d6f07927df6ea4e43110ea3d80158f147e5e5c1a6f931e75bd6d546e36ebb7f1d38b01de4566e6e688d9b831c48ad9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\pl\Notice.rtf

Filesize
83KB

MD5
3a2ec1a8d432a2ccf65d13a32a3a43c0

SHA1
04971464465253d243e096ad4a8fe5fbe54aeec1

SHA256
dd25ff9f323276c0812155300ff3a2428d4d60c404de7972a766bad159f5275a

SHA512
9b1065e3955c1d10c16424d28dee81d233f253aeacb22b4d8240488dc65254687b8a8a40d911e209323170be294053ae0d49291d6136092eccd2965ceb05d66f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\pt\Notice.rtf

Filesize
80KB

MD5
b531b895953855f8a7fb8bd4e370557f

SHA1
6f482bd15222f151c8b4bedf9ac4e7d7d181de44

SHA256
87d4996f2de906f770140bed147ebc1b7c0d4ff066ebd46adb80354adfd4228e

SHA512
1d7dd093694d122069d0854fbef188346e4ab6dbd2004ce3bc10faf6337918c25494e95dc3ffb7fbd5c24dae38cb80b7526fa3212ca340dfd2a02132af634efc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\ru\Notice.rtf

Filesize
139KB

MD5
62bdb03029a6cdd734e4f4dc0bbb44e1

SHA1
f0e225452f0f4f62d4ccb889b9cb785d9d34b8fe

SHA256
13fbdaaac7ce01bb138326b8ebdf32a59d71f1f457065b2c2fd5bb8b59fb8be3

SHA512
8000d4c63602f33f889230c9cafd3f524717f8a53abbef89b0411fa75b9329c83772363460ebb9d1ef3e0714f709e4bf7c5d865d932e9d65d4dcff3de3693fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\zh_CN\Notice.rtf

Filesize
135KB

MD5
522ae77f928a42cc16e4f6b74abb1e6d

SHA1
26ccab835c090dd3a61d3fae863584cb94daaa71

SHA256
3cc7411b1a2ec5b989d87261f25b7da5d1e97fc88c9641475135678a5c37812f

SHA512
78183804f2b11fb3e77e8e9aa515fa8bf57f6c053d205a9a996c8ff592c1f923951c346749ce0aa7c95d8d4623556493cfaf60b18253f5432f237020b8a2129b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\PrivacyNotice\zh_TW\Notice.rtf

Filesize
134KB

MD5
c5f482e1a622f87678572e5f0667fa78

SHA1
0de4b1d2f3536f182e631810033005bcabe2bbf4

SHA256
2f22e9e749f4d8af47a0b54b9d38314b72672a270073861ea41fa3ae8ea0a91f

SHA512
c8f13c61232e4ae261166b9ba21b6037b4c3261e90f1eac2000885a497d7704ad5b646de39eb2ae14d7a674e9bd9dd48effe6f1460b01acf087871a83c3c735e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\Setup.exe

Filesize
3.5MB

MD5
2fa805645cd807ca87115d07515765e4

SHA1
54dc6db1994fe8acfae26eca5fb6d9238f386973

SHA256
b199d79e3df14fb079255fc3d39236bcfad4ebb82a9751df5ac6571b5c997df3

SHA512
57ee7093381719f6e739a68f562ae863d65e689b3ebc35275cb88f90cb7476ef73440ab297176dd446e1ada414f10e4eeb562ebdc5568c257731bddf0654ba2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\Drivers\DevInst.exe

Filesize
414KB

MD5
ae307e1ced3be81d23e971824b5595aa

SHA1
7aebd8898e8444b43f70673195024e13e5cbcf90

SHA256
e92e53865dd4e24e0e7252022a40ec1f803c9e227b8d7c365105490d8547673e

SHA512
f7627285792453b3d24c59fb7b8323155d12c876351b2385f5e8631613ef406aeb82db155dcab0e17d18809cce29a2e0597f3bb3b077c21b6cf79f289ad2676a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\Drivers\PenInst.dll

Filesize
332KB

MD5
62a9da7ca39e2ceaf4821f6103342cb8

SHA1
c04ec8d1b02628b4e277ed27d4ed1abebcfd187c

SHA256
bef1b53043c4e007b2092b790f02c11b2723eebad8adaa10787065683be51615

SHA512
79bc8def37cbbba9aa70b06ade9a3f27a98c3cee89da3a73c7ec90a961c204fb58b4726ca19c7aa5d326ec69ccd244cb98dac1a58e717025b559797ee7814ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\PrefUtil.exe

Filesize
3.4MB

MD5
648be0e22c31ed8e9cda79e653c6b586

SHA1
e8f065903966f7ed9c933583a050b30664ff0f45

SHA256
41cc4a7b0c96e302728bcbb9324b61e1b3c88e7912bc228af0e68dd0ba13b97e

SHA512
43807c7087822179f49fecab22f0b740928b7c43f090f6bf00a10244ea4cc5bffbb8d48ef64cc85b3c8fce9a0e4a7de99a401805b89e260813facfb3b84a0547

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\WTabletServicePro.exe

Filesize
2.3MB

MD5
b3cc8759dc4030a783b4f01cff6b2961

SHA1
477537a34df2ae01a2ca87ddb7cf3e4e174850bf

SHA256
02f5c9e82821a453f4c3b72d6930828271f7f80b4c8f2a3497e23a94b1ab7575

SHA512
d093cd8e4c131e8d698cf89f87f3f71d4ce38664e788d65e9484efa104ed5dafb752e0bc7ef670a970883de3c2c8c2538e384f03df7f67744cf00842cafc4e65

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\WacomCenterUI\Assets\TouchIcons\DarkMode\TouchGesture_4fSwipeUp.png

Filesize
123KB

MD5
4ce79467e7c1f9482c0623fc8643a974

SHA1
ee72a265db5388457c1b6067ae472a148c9cd034

SHA256
1115376f402189bf949eefd6b09f20badbae4733a7dbdacdf9e4450ed87adfbf

SHA512
58789c47cbb85387a1334eb9978adff0fab8ccb5e1315471207f78f8e4bdac6727cd48b2127b9872d5d53ecf6ef600d823ec8fc695e630e3558e737b99ae3a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\WacomCenterUI\Assets\TouchIcons\LightMode\TouchGesture_4fSwipeUp.png

Filesize
134KB

MD5
6bfbe1a1d96381e00f6bdb275ecabee1

SHA1
33b1dd766beb25411aa4f61b05c0e6f9a1d79b35

SHA256
3920a8013d574fa59a24ad61e74e353b698a7d388d1d0f961b3782d904ba6933

SHA512
d708bb7cdf75b110c6bf2f5c6093cfe9c7618a993fc2f79de33428fecd4d4f2e6c05d9799f09e86d23257f6aee06131b555f86cba0456e5c1fc9f1cae42de148

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\Wacom_Tablet.dll

Filesize
2.4MB

MD5
38b8ae5d9818883936372146a4d5aeed

SHA1
f16a30802aa89391dc3bb2667251b64507a96fca

SHA256
f572320efd93e2fdd5aea6bc625c3290f606c76192654696eb3e2dd6caf1c1d4

SHA512
3cb5f14d9bf679a2325b9e55c682ec7a05eddcc5ae0bdfdaf79bfd7b4b1719e1564fcda2d7af7fe85eb1ce272508a40371469f856ff3a4eeac6c2b2d3ce20c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\Wacom_Tablet.exe

Filesize
28.2MB

MD5
255485324cf9b792f7a9579489cb4e43

SHA1
ba02db2817ee7b2017073dabbdbce6ba35e47c72

SHA256
3741f87caea98d3e0ed8aa224b0f201935943df25c28e4bea051a0082e68db88

SHA512
daf596f423698e1cc4596a0b1390cc19a3ac8adec5ea8473a476109e78f4819b086a20438c079227a10188629f11bf291a5161aa843d1884ccd232957410a692

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\64\libxml2.dll

Filesize
2.5MB

MD5
b7fc578316c6d049df6c9f4d88f3b112

SHA1
955a4d5f2e87f190effd96df1970cf5ad83644be

SHA256
9173ad7cf49009856a9d7fe7f5575e59f385cf61152ee0cf71d69ddd7e66cfff

SHA512
4746f40e05d08aec14f16716447a6a4b41a7911a70fb572bc2a1177eb9b2968af676c767a9aac88a5ff4ede135f1a8b19c0fc9e18fadae4020bac57d8b87638d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\AppGestures.xml

Filesize
255KB

MD5
77a35c818ea4651d62f205043ac65d69

SHA1
60db8a63e650760cf1a6fc0b440d1ea3d6f57df7

SHA256
b3edb2ee7034a91647c3d8a01a6aabf0b82760479d9e35bd9cce6019658789f2

SHA512
a2ccf4312f1a27f81fe5385392f5953f58ad976c2ad59a6caceced2750346863c6aabd663bb32b7d0401826c3886390c009520e2296dd91980be5fb544e4f9e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\WacomHost.exe

Filesize
38KB

MD5
19e0b5b6202ce85796ea6c0ebb7334df

SHA1
ddff3276b70aa192c72fd0ae8c7330562ca7ce66

SHA256
8625dac11461bcbc13bea1799a1b9236af268d97bb31f525b20a5b91f7669603

SHA512
4c79198732428339be3c9443f1d221876a07f327c3dfc8f7266fcde6e2d6e6aafa5893d39f281c842fb1d63ba1dfe3a90029df1e945925c4dd8f1ed82b61cbb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\System32\WacomI18N.dll

Filesize
95KB

MD5
fd635e775325a6b251c983a59c8cd4d3

SHA1
b2c4320c08b9f3f1a698f3e205aa6684458c7215

SHA256
7876c8241c67d1d4acc61c206b028b90d47e4336f954958b4cd2aa3b26d1168d

SHA512
f3669888e7dc34cb871e5f4be8679bf7808263e7b211ac674e36b5cf77d21f9e5d78b76de0ab2b0675276512d1dc8344ed0f2db8473813ebb03e7c20f06ec01c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\WacomTablet.xml

Filesize
2KB

MD5
46695dff67d50a6899bf04c4fca000eb

SHA1
1011955ab6036578d253b91899f7b5e48b501c05

SHA256
fd9a6d6fbb33a52af36ee59523c794e379fcfd39fe9c2110ec2f6645d14c1f19

SHA512
ff491cb57a2246de52ad1f09df24b20dd8ba6dc38b749b811990234c11fd1deec3e63573eb22c1484301b1ee350b79d15387816bacf495578de3ed81445920ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\WacomTabletLegacy.xml

Filesize
2KB

MD5
41fe6cf83c0025ec760884958f994b78

SHA1
1e50778f3a8f0a152102e2c1bdaf3863c8724828

SHA256
6c8c25a716cdaa70ad2cf19c000d59d6aecef089020a8b2b45eb717202669676

SHA512
83a726bfc2510ada2c001a1d9ac557d322c5d68f04fe38a0a09595063ecd46272263718918dd868268ce52f954f1169b248576fa28772df056510c410ef6dea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\installer.dat

Filesize
45KB

MD5
2888d5464f91a00ff91535e57ec70c24

SHA1
ff2fdf5f320acca6635a321dcc2e4c03299a16c9

SHA256
df6c871d3be6a562248e0355f4411ec2cd37c772cc89b122bb79469461fe73f7

SHA512
b7e38ae4bcb973c0cec337c2c512d048ace0150d3a26be87d82266fe50c59c7fe6b192a1bc472fed95293eadbe5b1ec222c95b0d27239c2246f6723d325baef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\languages.dat

Filesize
6KB

MD5
1b7d53cacb1e6f1a2c387f625ce63155

SHA1
24ce2dafd680f04fe75eb9d94f8fa569af1122ae

SHA256
df4e8a43fb7a3225a444a255632d78ebc99a64d37c24be357a9b14193184c74d

SHA512
6e95661bf4a25a888e3256341b5e98fd6010f03de9434b0ca0fc84b4fabcb78ac2ff6f22be3aa2b723b0066e3ec259314e45d516673d41757be2a50caec937c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCFF781B7\libxml2.dll

Filesize
1.9MB

MD5
7debb5dc038f9365600acff721a737ab

SHA1
b09b10ffecdcb5527a719862c2d214370c417ff5

SHA256
97650e17f6fbf804622828a3bd52c6fd9cd43d0c43adf86e305f009b3c00b5f5

SHA512
538e45f4ec4782834a3bfe71a4d537819d9a5e2b478a67a210e8b77ac395990d3fa24eb7d7fd589ea9d924d11ae641778e917c74de32d1f746045547e4f5ac6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\DevInst.log

Filesize
48KB

MD5
91aeab7417d88174efa20aad25c1888e

SHA1
3290f82114a3778dffcdc9f36e9e493ef837c968

SHA256
a78a893bd382ec7e29d485f363f060e4597ecd2514fa2c7357ad1f7123799a63

SHA512
fb51b62a0d2214e6325c79c023b05815a6a9fb3c033b828c1c536964d5338aa0dc27e1c979e827b8af5a656600316712076b1515f348e30d56b787b7280e23c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2d061fd2-7ff6-5e46-ac42-a973a017938b}\SETE35B.tmp

Filesize
12KB

MD5
90a44540ddba8d34696e3ec1daccb578

SHA1
f08c30331c3a6e8686e841b95a6db5946c3fe1ce

SHA256
10f8efd222c8a6b66d77b4f98ca0b936a0f2264d3df7aa64b75f1029401be44e

SHA512
a0e3d43aa2f6ff9efcdce0b79be6b2b78f8851db2bcb581b1d1ff05bf3d091954b900184c1edef20b7a12d1e0af51b6993910f5baab494f900e56a31543744d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2d061fd2-7ff6-5e46-ac42-a973a017938b}\SETE36C.tmp

Filesize
3KB

MD5
3b8ce009e46186cdd5568128e7d2ea6c

SHA1
c687d53a62f16f4ea1ef379a5fa34c3a15400711

SHA256
0f68fca521bcd3c4f7c7ef33c45ef9786c3a7c56b0c6c792f5b8b5ba6af9b0e6

SHA512
d50b3236f09c93e328a80d86349d25672a8e0f72569a6d9114f2d805211d33f94f50459709714e886cc5c65917d46ba6a4d0ee093816e46ee7ec4604ed1f255d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2d061fd2-7ff6-5e46-ac42-a973a017938b}\SETE37C.tmp

Filesize
38KB

MD5
09e3a22dcf9e48defedad783af3f7863

SHA1
7c2ba75d7290a73ab3fff4ab51c36c63536e8459

SHA256
b8dd6caa052d7015bb7b31699883f3827cb380c064de959a596894769a64bf1e

SHA512
e724c60cd6ef66b5f09219601ea32fd718efa1e079bdd25e78f789e2a71e4123486ca16a33c48b6416a9aa7a0276b0adfd384d3f4df36c7ba51facb6db8065f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5709342b-3037-d241-b4f8-d4f60d4a370c}\SETE61B.tmp

Filesize
15KB

MD5
5a1c1ec322e8395e912756cc9c67bd54

SHA1
dac5ca8a562571945dfa65b91c5bb2df97ab2b0e

SHA256
c0344a0ff4ee2e50efd48c0ea60e7c72d0f57efdb5058fe5269f0ed32a3aee21

SHA512
f0bfbf9eb26bc1b6672269ef736a1aab598494601d150fd8afa6c29e6823998f714c966bbbbce10eb7249277cee01f7becf85855fa4b17063b211279a4160bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5b594d5e-13bb-6b4b-92fe-17d4b4d56857}\SETDB3D.tmp

Filesize
25KB

MD5
8796b8e19fea663cc376432154ae97d1

SHA1
4d4b1a0e0ee89cf96403a58b26b6edf69b253763

SHA256
b18f2d78da2f511589a09192b624a47e3304a76140f31a77775009bfa50e2a29

SHA512
be2726648e2a2783da36fcc2602215f0e66182dddcaf6cbdd0e921315d560d302b093d7a9cddc5ab7304d5a6be2789710cdf3951b71595d0be14db73787a085b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5b594d5e-13bb-6b4b-92fe-17d4b4d56857}\SETDB3E.tmp

Filesize
9KB

MD5
5516ea39d192da1847be902c730ebc50

SHA1
f45e535732f37123b5e5a2ca1cf1f2b05414c9b7

SHA256
7671cc1c3d1054ee97c3497275ef597dde565212a864b8777b89430042c5f084

SHA512
9752fb94584db37fe4a9cd897c42226b1f24db052489fcdcd01bd3d01ac79ce0c22163ad280a7948768ebd1f909c7f70856ee8c6ff372908c5a805feeccd8f5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5b594d5e-13bb-6b4b-92fe-17d4b4d56857}\SETDB4E.tmp

Filesize
1.7MB

MD5
8fb55c1b7dcb54ec289451509d83f52c

SHA1
045377aa4e64c856fb5f7608d93d1cc273ed8acf

SHA256
c6eacb8b4c6aefc1451029ae3fbad4dcf6b66f7391f103446ff845f1d7d27832

SHA512
f099fae7ab9c727b72ba6f6199e509461139a7b7fbfb38b4d40a067accf844f348b3f8b49b5fb99fc0ad94dc7af9ddc57219df0a40bfa7edcffde96902e771ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5b594d5e-13bb-6b4b-92fe-17d4b4d56857}\SETDB4F.tmp

Filesize
123KB

MD5
c60b5ce1ac6e274d106378377281bd5f

SHA1
da2691e8623a50a256fc19f1dc56ef7027057e07

SHA256
03c4ae32dbb5a8b6db56453f440bcd3708c241b6624c4145866c78d447b75148

SHA512
e9fc94941f968c8f501e5058723f704ef44f7b470cae58b5b0563bc6bd0ed1c0b86766c2c335069f0714a77201994b1e8986fe60fcaa7b480509eca340a08e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dcbdc2e-8e9e-bd4a-9295-22da7b5ae74d}\x64\SETEB0C.tmp

Filesize
23KB

MD5
8c61b219882c9c9eca09bedb82b0ddb1

SHA1
52a5af0aca9124c2ab39029761a7662adc8c5861

SHA256
711681040d9cd93d603f55ab8d62371f5d51917c14818f27859e23e2d60eb18f

SHA512
67ccdb25b31dcb5fa4fc900898b7078f3932fa74c7159f93e592e6dd3054526ed37328c8a8466f0987901d4d432ab9735439affdad5ffc4e9e4cf97253a54e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dcbdc2e-8e9e-bd4a-9295-22da7b5ae74d}\x64\SETEB0D.tmp

Filesize
77KB

MD5
2641655fad6c1ea0f3677978e2bf28c1

SHA1
09627d2aaf886e132136ad10c19282f809e06ca1

SHA256
e703ce74d09e901bf531589e181dcf95b9c63e09fe1b99e38dea9ee47ee458ba

SHA512
c024e241d8e9768d28b854d61dd41a8c61094c106c616742d81a7dfc4ba7c3ff27a2433456da952d193d34449a2e11374fac92ad008ce8c35b67a74ddc1192bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{bd50d075-e3d9-5643-bb88-33d763c16ebf}\SETE1D5.tmp

Filesize
25KB

MD5
2297c5c7b2c2668624d8bc742591be45

SHA1
f409dcf9c2ff09cc31c49446c3cb9c201929d112

SHA256
13f4b65ab8ec50b55e1df49a6dff1a38ea861c7849e3637af0b4bb8348be8a4b

SHA512
646754fd4a7cf8ca4430a116a98dfd3ba9988af1331aeab46e310932cdde552b5d73018317957133b4ddf20e1871badb3fad9fd07aabb8d64f75c6686bbbd3d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{bd50d075-e3d9-5643-bb88-33d763c16ebf}\SETE1D6.tmp

Filesize
6KB

MD5
9b0a9528c4777c0b8efa5357689851ee

SHA1
ea125a92a0f78db9339c715515eb58410adc21ed

SHA256
8095dcb5dc845789035eabf303901580c5330b878c0a62dcabab6378e49b6127

SHA512
8f373a51cc8f5eb320ef2229ff20032040c07f918c9e4bb424f40ce7ca9122d9fe52c3b6b51fa8ae14285980ac5734aa484b12930e51d0ab055ce995255b69eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{bd50d075-e3d9-5643-bb88-33d763c16ebf}\SETE1D7.tmp

Filesize
32KB

MD5
ceba9b1f04a66afbf2bf981348720ef1

SHA1
0d8b47692d891c1a3fe3ae004f4292179ffe4de5

SHA256
2c9a5841e0ba1ece8eb67d2ff175db96f486544294d1f0469f551cae81fed2cb

SHA512
0eaef6368df88159af207b2898c3b29eb2abf9e542bb5742d5c5894c28fe3036b6344d5d7643d2727c2ebb80fe0ec1baa325baea1c72c891f3f7808e00b5b658

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ccc1b13c-447c-5448-8fc2-a38b92e86b1d}\SETE493.tmp

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ccc1b13c-447c-5448-8fc2-a38b92e86b1d}\SETE494.tmp

Filesize
996KB

MD5
da1f1cdf4c247c6ee0ab1584a44e3da8

SHA1
fd533658d29bf09e7c11854b7c701bf4ab0fc524

SHA256
d3dadf7e207962c60814415c31bcb0c7a5db9aeaeea7af4f436f09ed7f231766

SHA512
5af75ae87f14524fbbcb2185958bcfb7ec83af712c7bf64fb33d8440b64eb5f635af9d74600e2e76aa7149b8ec0bedf626b2696766b10aad0fac107ca62581bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ccc1b13c-447c-5448-8fc2-a38b92e86b1d}\SETE495.tmp

Filesize
9KB

MD5
d4ca0c1e6ec010a6a2f67cbc64fafff5

SHA1
e5463d6c667527771fbd74877c32ca012452c8b9

SHA256
0f6939c38a8c8dd6041b62018abe89c892ed8905eb35a21f469a1fffb703dcc7

SHA512
349f522444da3a64bab06c91e0edfaefe7f35cb3277467feb277e399878e50fe133b8c3297c91b931290580855c51dde2ae2fd0e099273a94947ab00ce796c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e97cb659-40ba-874f-b1fb-bd756e7cef14}\amd64\SETE956.tmp

Filesize
87KB

MD5
fbd982a8b9b94fc17d37edeba40b71e9

SHA1
6176b008b952b4c7aaaf3c14bbb45e3955c01d43

SHA256
2d07f14812af8d0796a2056808c092a71275df3138378aeb2c22a396bec67051

SHA512
f0c7a5b27e0b42462493ed3a39ec4e23c603851f54e427a1c792afd38ed7e8ac3a290ec60922d12f58a7a51705944ff84fc5edc8c0651125b97897fb3061e871

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e97cb659-40ba-874f-b1fb-bd756e7cef14}\amd64\SETE957.tmp

Filesize
63KB

MD5
6eec15bfcb7b375632aea62530c6777f

SHA1
be85e9df866ca2e3a278bdc4b70f15a996d14c23

SHA256
f716f94e4e31bd72d06152aaef53c8437093e5135430c488ea9f7c4426dd8227

SHA512
b697902e21784b8b724f241b374efd9748cda5d5cb06fe12e65aa96e411e930c0399ec4efe335634b3a2beba7ee4e4fc0fab527925d9ede4754989a74efffda1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{e97cb659-40ba-874f-b1fb-bd756e7cef14}\amd64\SETE958.tmp

Filesize
73KB

MD5
39e2638af413c84609bc851d942cca8c

SHA1
87b813a8edcb6acc10397978d2846c451d81db6f

SHA256
50da92af5be9be519a4648b2c1109a30e3d2341e85c928a58c1af8b4b830d4f3

SHA512
511bbfea7078b62687f64ed8e4f25bffc59529abf1e24e93de9414aa777629efc9576e890c474dc14758679a76e77783ee440bee747ec340fd40004c02172f48

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ea35c46e-234b-b343-8982-3f585aaec633}\amd64\SETE743.tmp

Filesize
307KB

MD5
7832f9df38bf967e60ee067a780d0201

SHA1
ed7a81137f109d504899c8e4a6b1e9e3ba108fe2

SHA256
9c282c4580aac9388adadf8c2d9794cca2f953af36331aedf814e936cfed97ad

SHA512
a278ff53ca44cbe471bffa38fe00e86c01b776cdb199a3cbf809162716f6f5bd3db143fd92bedcaa48c0c99e56eddcdde93be2ab40e08713ce32f021a5e20ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ea35c46e-234b-b343-8982-3f585aaec633}\amd64\SETE744.tmp

Filesize
164KB

MD5
284c4c51734ac901df4e00bab3d7c628

SHA1
e9616a6d0b7b9982a2cf741b5ae2b7b55f33f50f

SHA256
368c42008ecdc511b1c95c67236ba11c69d69e708e00490e014be958952043e1

SHA512
17795545db5d670c2345811dff410323d6bf01b0db97ff48119e90129656ca843ecc906f4553306b1e542ff14fb8e25f0385c99a3569361209953480ddac8eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ea35c46e-234b-b343-8982-3f585aaec633}\amd64\SETE745.tmp

Filesize
126KB

MD5
d5f53afcd0d6e0a2925bfff9e2605552

SHA1
e9d81358cecfeac1f58234a40ff52e6282c80039

SHA256
8c494a63b270d8605ab9a4ad7d5ae074f7d466d64adba36f5e559210ecb35617

SHA512
e54bfc393837693fa39c0e95e9c1335f917317d06725c54139f2bb013a6da13826b88c2e9612e2cd0ec530f5f8be2089e32a7d6bff12e3ecb67f09287470bf91

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ea35c46e-234b-b343-8982-3f585aaec633}\amd64\SETE746.tmp

Filesize
268KB

MD5
8bb75f1ed68c88d6b32c67e86bbb66e4

SHA1
a74b385571c39f6a603149655efbcb13e04c3c40

SHA256
84b22f61827d448946977b259ce06b0a8e83bc1dc7b9d8a208d3e32525f08507

SHA512
3f36043e71dd96e6c4f18e1e439aad56c77a3738d728b29a8c4f79d27f59378a96d689ebb7dfc870ed6ad6ec5b254c39cebc0521ccaa0ff421463a75adcbb25b

Download Submit
C:\Windows\Installer\e583ff4.msi

Filesize
180KB

MD5
143a2b9f1c0ebc3421b52e9adcb4db2e

SHA1
06e01b8cc855fd9a31f99b430f8c8745e706c677

SHA256
5d0416e45819d555ad27e5efc1aeeb465cbb8e2937b3221852bea0f7d9c3a954

SHA512
7e17309cdaa856bd1bf17535e0f65db585226262a1c9ffcaadb19eb0822a578ad9036487870b97fc86b7167848f69d495aa51c380ba9890a71f8f9a94061fa05

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
17KB

MD5
1441b03346590d83cddadcd0b00007c8

SHA1
92c65f009577181f6679805f231647eac7c66650

SHA256
053bfbcf53fb18a10ab0811cb2b501ef17ad5edd60bdcf9f44b8ebf02e513b61

SHA512
21d7c27b43cbebcf6b03928ee9845ab594e9174fa35cf82c123c7d272dd4594967289639aac8855b51e7917fe5feb95bab4aa58a558b0dad22301023a5a0d433

Download Submit
C:\Windows\Temp\{55A02C24-04D7-4D8A-9454-ED23AEA6C803}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{55A02C24-04D7-4D8A-9454-ED23AEA6C803}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
9bd591625766a7330708b2c6380dc1d7

SHA1
18018a3d12278187a8dc26eae538a799511bbdfc

SHA256
21503f265452414f3960b33ba000ab2cbe0a335901e3a585b0935ac4806fdd79

SHA512
58c90b7889d92f31e76d0559258023cb4693982288721c3c7fcd820e40f6c1ee972d9ffd3c95016c2126314a260da5faabdeb1a8528eb23d469a7ecbe391c1a5

Download Submit
C:\Windows\Temp\{CA26FA4C-5728-4703-9EA7-1176A80E109D}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
memory/1656-6315-0x0000000000CD0000-0x0000000000D47000-memory.dmp

Filesize
476KB

Download
memory/4308-6481-0x00000000004A0000-0x00000000004D5000-memory.dmp

Filesize
212KB

Download
memory/4308-6482-0x0000000073160000-0x0000000073362000-memory.dmp

Filesize
2.0MB

Download
memory/4308-6508-0x0000000073160000-0x0000000073362000-memory.dmp

Filesize
2.0MB

Download
memory/4308-6535-0x00000000004A0000-0x00000000004D5000-memory.dmp

Filesize
212KB

Download
memory/4368-6314-0x0000000000CD0000-0x0000000000D47000-memory.dmp

Filesize
476KB

Download
memory/4676-6277-0x0000000000CD0000-0x0000000000D47000-memory.dmp

Filesize
476KB

Download