4058bde8974da0952b95736c0fa26ce98ef5aa8ca754af9b48980eafae263050

Analysis

max time kernel
1795s
max time network
1372s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
01/07/2023, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

controlloid-server-master/dist/windows/start.bat
Size

659B
MD5

d2952fa301d050c22172944800b2dd5d
SHA1

9a9fa11795afb9447073067a30b3fa5dbda9ae59
SHA256

af0bc1eb93d7c7f491860b86c5988675a00ffd5efad8a230e1e09a5749a4d0a5
SHA512

d031363f281b010b4fc82c7b02af945aa39e9e8333f1dd6221bd3d34e7d30f4fb2f82a5b7a5728b3489eecabbcc3fcb5f766b12f9824afb1c5a82579a5e5e3c5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1040	vJoySetup.tmp
892	vJoyInstall.exe

Loads dropped DLL 10 IoCs

pid	Process
1704	vJoySetup.exe
1040	vJoySetup.tmp
1040	vJoySetup.tmp
1040	vJoySetup.tmp
1040	vJoySetup.tmp
1040	vJoySetup.tmp
1040	vJoySetup.tmp
1040	vJoySetup.tmp
1040	vJoySetup.tmp
428	Process not Found

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD598.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD5AA.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD5BA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\WdfCoInstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD5A9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD5BA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD609.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD5A9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\hidkmdf.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\vjoy.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\vjoy.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD598.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD5AA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\vJoy.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\SETD609.tmp	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\vJoy\x86\vJoyInstall.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\unins000.dat	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-VUEU8.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-IP7BD.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-EQHIS.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-NTSU0.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyInstall.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyInterfaceWrap.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-GKR64.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-T5A6A.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\msvcr120.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vJoyInterfaceWrap.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-JQ5BD.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-MFMNO.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-T4RTP.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-8A62T.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-0F20B.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\JoyMonitor.exe	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-CPPE7.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\mfc120u.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-K82LV.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-O5PRS.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-8MOD3.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-DOIRU.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-3MDHK.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-LSG1O.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\vJoyInstall.exe	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyInterface.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vJoyInterface.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcp120.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-GUD66.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-PL6QI.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-V9OU9.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\mfc120u.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\WdfCoinstaller01009.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\msvcp120.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\msvcp110.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyMonitor.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcr110.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-VG9QC.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-4HL2G.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-20VPR.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-MLH9R.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\LBIndustrialCtrls.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyConfig.exe	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcr120.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-436I0.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyConf.exe	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcp110.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vGenInterface.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-V1ADG.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-MA9SQ.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyFeeder.exe	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vJoyMonitor.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\msvcr110.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyList.exe	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-5TVGN.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-L454H.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\mscorlib.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vGenInterface.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-92VVG.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\vJoyInstall.log	vJoyInstall.exe
File created	C:\Program Files\vJoy\is-JQE3M.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-9LF7K.tmp	vJoySetup.tmp

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	vJoyInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	vJoyInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 51 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPublisher	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe

Modifies system certificate store 2 TTPs 4 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	vJoyInstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	vJoyInstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	vJoyInstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	vJoyInstall.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
1720	elevate.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1040	vJoySetup.tmp
1040	vJoySetup.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1040	vJoySetup.tmp
2004	rundll32.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	892	vJoyInstall.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	1848	DrvInst.exe
Token: SeRestorePrivilege	2004	rundll32.exe
Token: SeRestorePrivilege	2004	rundll32.exe
Token: SeRestorePrivilege	2004	rundll32.exe
Token: SeRestorePrivilege	2004	rundll32.exe
Token: SeRestorePrivilege	2004	rundll32.exe
Token: SeRestorePrivilege	2004	rundll32.exe
Token: SeRestorePrivilege	2004	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1040	vJoySetup.tmp

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1352	1912	cmd.exe	27
PID 1912 wrote to memory of 1352	1912	cmd.exe	27
PID 1912 wrote to memory of 1352	1912	cmd.exe	27
PID 1912 wrote to memory of 1720	1912	cmd.exe	28
PID 1912 wrote to memory of 1720	1912	cmd.exe	28
PID 1912 wrote to memory of 1720	1912	cmd.exe	28
PID 1912 wrote to memory of 1720	1912	cmd.exe	28
PID 1720 wrote to memory of 1256	1720	elevate.exe	29
PID 1720 wrote to memory of 1256	1720	elevate.exe	29
PID 1720 wrote to memory of 1256	1720	elevate.exe	29
PID 1720 wrote to memory of 1256	1720	elevate.exe	29
PID 1256 wrote to memory of 1704	1256	cmd.exe	31
PID 1256 wrote to memory of 1704	1256	cmd.exe	31
PID 1256 wrote to memory of 1704	1256	cmd.exe	31
PID 1256 wrote to memory of 1704	1256	cmd.exe	31
PID 1256 wrote to memory of 1704	1256	cmd.exe	31
PID 1256 wrote to memory of 1704	1256	cmd.exe	31
PID 1256 wrote to memory of 1704	1256	cmd.exe	31
PID 1704 wrote to memory of 1040	1704	vJoySetup.exe	32
PID 1704 wrote to memory of 1040	1704	vJoySetup.exe	32
PID 1704 wrote to memory of 1040	1704	vJoySetup.exe	32
PID 1704 wrote to memory of 1040	1704	vJoySetup.exe	32
PID 1704 wrote to memory of 1040	1704	vJoySetup.exe	32
PID 1704 wrote to memory of 1040	1704	vJoySetup.exe	32
PID 1704 wrote to memory of 1040	1704	vJoySetup.exe	32
PID 1040 wrote to memory of 892	1040	vJoySetup.tmp	33
PID 1040 wrote to memory of 892	1040	vJoySetup.tmp	33
PID 1040 wrote to memory of 892	1040	vJoySetup.tmp	33
PID 1040 wrote to memory of 892	1040	vJoySetup.tmp	33
PID 1848 wrote to memory of 2004	1848	DrvInst.exe	36
PID 1848 wrote to memory of 2004	1848	DrvInst.exe	36
PID 1848 wrote to memory of 2004	1848	DrvInst.exe	36

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\system32\where.exe
  where /q /r "C:\Program Files" vjoyconfig.exe
  2⤵
  PID:1352
- C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\elevate.exe
  .\vjoy\elevate.exe -wait cmd /c "C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\setup.bat"
  2⤵
  - Suspicious behavior: CmdExeWriteProcessMemorySpam
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\setup.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\vJoySetup.exe
      .\vJoySetup.exe /silent
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\is-CONEH.tmp\vJoySetup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-CONEH.tmp\vJoySetup.tmp" /SL5="$20150,10110716,383488,C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\vJoySetup.exe" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:1040
      - C:\Program Files\vJoy\vJoyInstall.exe
        
        "C:\Program Files\vJoy\vJoyInstall.exe" Q
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Drops file in Windows directory
        Modifies system certificate store
        Suspicious use of AdjustPrivilegeToken
        
        PID:892

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\vjoy.inf" "9" "6170f47b7" "0000000000000328" "WinSta0\Default" "0000000000000584" "208" "c:\program files\vjoy"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{6f67a72b-60ae-156a-d5dc-b06309b5bb3c} Global\{1b413381-60ae-156a-961a-d07a0e2c6d71} C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\vjoy.inf C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\vJoy.cat
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:2004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\vJoy\vJoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
C:\Program Files\vJoy\vJoyInstall.exe

Filesize
137KB

MD5
4725f34695dc281aea1df512c3152f6a

SHA1
3b5b9a6f2bdb262a25b518cd9edf9805ede1a330

SHA256
668741cb856ef4b3e10c36c11a65c2749ed2693cba3a1657e002ff0a721f628b

SHA512
93a50fe54cffdc796e66b90ed84fea662965d7e30a39ce71d346141f4671849c30e66468aa5c20e49085cb70b76486e4c5158ccda871916bfbe8bcabc943e42b

Download Submit
C:\Program Files\vJoy\x64\LBIndustrialCtrls.dll

Filesize
40KB

MD5
74fd55b0a678af4d4df0f8e291630f7a

SHA1
b5bbb0601c83b72e5178a0688fc55e96e48e53b9

SHA256
7bc7422dafa1272f9c528a6fb2195a6e0f0816178bbe841cbac2e916b71f58e8

SHA512
5b86b3dfc3e5d463215cb623b64abff8393d1136598f4a02056fc57e9dbe43126c0f81feb3a9a0a0fe01c9a75800c2a769aed55a2d19ee7f13f4953e6978aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD0F8.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD12A.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CONEH.tmp\vJoySetup.tmp

Filesize
1.4MB

MD5
c3be0ffc6ff04b4e16cdc67e1987363c

SHA1
abf2a820517f076272dd036dcb03478e81e9c9ec

SHA256
721eb854c625fd85837f513e0a9e816adab8c2913fb31f97f3ebc015698307a4

SHA512
f080efd43f9d0419676e68c3a614760cf1db1907ef8ff9e30f9ec8e76f510d2c96bb1a9c2a5a221268fbd03faf1d9096a49d8ab40442c030c1ebb32eff9ffc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CONEH.tmp\vJoySetup.tmp

Filesize
1.4MB

MD5
c3be0ffc6ff04b4e16cdc67e1987363c

SHA1
abf2a820517f076272dd036dcb03478e81e9c9ec

SHA256
721eb854c625fd85837f513e0a9e816adab8c2913fb31f97f3ebc015698307a4

SHA512
f080efd43f9d0419676e68c3a614760cf1db1907ef8ff9e30f9ec8e76f510d2c96bb1a9c2a5a221268fbd03faf1d9096a49d8ab40442c030c1ebb32eff9ffc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1FB0A~1\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1FB0A~1\hidkmdf.sys

Filesize
10KB

MD5
de50a50fd52a2bacb72f159aea6e3a38

SHA1
2bad3a7e7516e9fc68e2ab4c5d9a7ac60a576154

SHA256
8fe4cac56e0ed66e5fc60f1468e1911196cadac49f0e350cfe7820c7ec7fcd7e

SHA512
c7542cf3b45d1d0ccbe87b5c220ecac6c4e9a8c1c171d5ce95f5bf76c1a3ffb576226486ed498ee12eedad9b1beed1d17a0f14d922df21287a70f69354c6a924

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1FB0A~1\vjoy.sys

Filesize
56KB

MD5
cb09581d30179ef1d9cac51717afa04f

SHA1
e3f54c575bb3daed87bccff8a207c7e9634ad7f0

SHA256
58e5cafbb5c3cc69c23ad85c3093b247208e3e5c43fe09aa06a6b7ec40fc3d1b

SHA512
a961e9ece89adb83d4c81c601aa3d91c39b277b9a27233d9894caf46cd5b92c6cdc55aaa689e55408303607bac3012296b67bd1dbdb8d71c10d1ac9ec3178e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\hidkmdf.sys

Filesize
10KB

MD5
de50a50fd52a2bacb72f159aea6e3a38

SHA1
2bad3a7e7516e9fc68e2ab4c5d9a7ac60a576154

SHA256
8fe4cac56e0ed66e5fc60f1468e1911196cadac49f0e350cfe7820c7ec7fcd7e

SHA512
c7542cf3b45d1d0ccbe87b5c220ecac6c4e9a8c1c171d5ce95f5bf76c1a3ffb576226486ed498ee12eedad9b1beed1d17a0f14d922df21287a70f69354c6a924

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\vjoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\vjoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1fb0af28-bd83-5765-2558-3a7a5027215c}\vjoy.sys

Filesize
56KB

MD5
cb09581d30179ef1d9cac51717afa04f

SHA1
e3f54c575bb3daed87bccff8a207c7e9634ad7f0

SHA256
58e5cafbb5c3cc69c23ad85c3093b247208e3e5c43fe09aa06a6b7ec40fc3d1b

SHA512
a961e9ece89adb83d4c81c601aa3d91c39b277b9a27233d9894caf46cd5b92c6cdc55aaa689e55408303607bac3012296b67bd1dbdb8d71c10d1ac9ec3178e25

Download Submit
C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
C:\Windows\System32\DriverStore\Temp\{1ccf56c7-a210-2493-fc03-6e00ed673f47}\vjoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
C:\Windows\Temp\CabD694.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\TarD6B6.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
\??\c:\PROGRA~1\vjoy\WDFCOI~1.DLL

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
\??\c:\PROGRA~1\vjoy\hidkmdf.sys

Filesize
10KB

MD5
de50a50fd52a2bacb72f159aea6e3a38

SHA1
2bad3a7e7516e9fc68e2ab4c5d9a7ac60a576154

SHA256
8fe4cac56e0ed66e5fc60f1468e1911196cadac49f0e350cfe7820c7ec7fcd7e

SHA512
c7542cf3b45d1d0ccbe87b5c220ecac6c4e9a8c1c171d5ce95f5bf76c1a3ffb576226486ed498ee12eedad9b1beed1d17a0f14d922df21287a70f69354c6a924

Download Submit
\??\c:\PROGRA~1\vjoy\vjoy.sys

Filesize
56KB

MD5
cb09581d30179ef1d9cac51717afa04f

SHA1
e3f54c575bb3daed87bccff8a207c7e9634ad7f0

SHA256
58e5cafbb5c3cc69c23ad85c3093b247208e3e5c43fe09aa06a6b7ec40fc3d1b

SHA512
a961e9ece89adb83d4c81c601aa3d91c39b277b9a27233d9894caf46cd5b92c6cdc55aaa689e55408303607bac3012296b67bd1dbdb8d71c10d1ac9ec3178e25

Download Submit
\??\c:\program files\vjoy\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
\Program Files\vJoy\unins000.exe

Filesize
1.4MB

MD5
ec882d55bdfe3a6096d25f4c8bd8e5e6

SHA1
10f370d6106ee4bb2770d9441385d2c59eb8902b

SHA256
3b4e9284f6032e9bcc20c7fbcfe883dc92de6b3be94a882bd2d5b50084665b23

SHA512
eaa77d47800b2b8e29c9be3169b981e28533cafa15ad6f6ad77269f4c235038851dced1a7981963a066257f50170a116d1d12a67897e919cf61dada792bb0e64

Download Submit
\Program Files\vJoy\vJoyInstall.exe

Filesize
137KB

MD5
4725f34695dc281aea1df512c3152f6a

SHA1
3b5b9a6f2bdb262a25b518cd9edf9805ede1a330

SHA256
668741cb856ef4b3e10c36c11a65c2749ed2693cba3a1657e002ff0a721f628b

SHA512
93a50fe54cffdc796e66b90ed84fea662965d7e30a39ce71d346141f4671849c30e66468aa5c20e49085cb70b76486e4c5158ccda871916bfbe8bcabc943e42b

Download Submit
\Program Files\vJoy\vJoyInstall.exe

Filesize
137KB

MD5
4725f34695dc281aea1df512c3152f6a

SHA1
3b5b9a6f2bdb262a25b518cd9edf9805ede1a330

SHA256
668741cb856ef4b3e10c36c11a65c2749ed2693cba3a1657e002ff0a721f628b

SHA512
93a50fe54cffdc796e66b90ed84fea662965d7e30a39ce71d346141f4671849c30e66468aa5c20e49085cb70b76486e4c5158ccda871916bfbe8bcabc943e42b

Download Submit
\Program Files\vJoy\x64\JoyMonitor.exe

Filesize
432KB

MD5
90b86a4c5a6fa0a5ebdc7a8b3e8be2ec

SHA1
24703c474c968d9a17e33873c140587985de0f9d

SHA256
5fd27f0624ca43cd166f7e3c4cf0f359d70c0487be2a20ce88b088a80933bb75

SHA512
cb310694666d3eaa03ce05c78b1f577505af19f3de914d6e97b804f0151312cf8fc843d949782af74873f831826abb3f69cd3312110c6a536047909490d63117

Download Submit
\Program Files\vJoy\x64\LBIndustrialCtrls.dll

Filesize
40KB

MD5
74fd55b0a678af4d4df0f8e291630f7a

SHA1
b5bbb0601c83b72e5178a0688fc55e96e48e53b9

SHA256
7bc7422dafa1272f9c528a6fb2195a6e0f0816178bbe841cbac2e916b71f58e8

SHA512
5b86b3dfc3e5d463215cb623b64abff8393d1136598f4a02056fc57e9dbe43126c0f81feb3a9a0a0fe01c9a75800c2a769aed55a2d19ee7f13f4953e6978aaaf

Download Submit
\Program Files\vJoy\x64\LBIndustrialCtrls.dll

Filesize
40KB

MD5
74fd55b0a678af4d4df0f8e291630f7a

SHA1
b5bbb0601c83b72e5178a0688fc55e96e48e53b9

SHA256
7bc7422dafa1272f9c528a6fb2195a6e0f0816178bbe841cbac2e916b71f58e8

SHA512
5b86b3dfc3e5d463215cb623b64abff8393d1136598f4a02056fc57e9dbe43126c0f81feb3a9a0a0fe01c9a75800c2a769aed55a2d19ee7f13f4953e6978aaaf

Download Submit
\Program Files\vJoy\x64\vJoyConf.exe

Filesize
266KB

MD5
80aa6f45999216e3141e1c002746424c

SHA1
984a7f1e85aabb3983e566dc95f90b24edcf0703

SHA256
6f91bf8cce82b99582d4a1867192389e5c9c161559c71a647b649e834ddb8bb1

SHA512
fbd9160ba7ef294e29229be20cf58e57a13a20bf4a660551119b095b3774a125d1546bdf2cab84468e7f4871f7b4353b9f3e97413806409e77273fb7cd6202f6

Download Submit
\Program Files\vJoy\x64\vJoyFeeder.exe

Filesize
195KB

MD5
f5ee2b0135836e537075ca8eba613cc3

SHA1
4b1030e370cdcd9cd35f32b16677ebd51b2eb1ae

SHA256
053f441d9eb37248b39b5e4955f770eb8264184c2bc7fd805b1d8e9dc38ba847

SHA512
7e3b533ead9b20af992837081f99a1cdfd21fa084c1366d4179aee0a9348ff8b4f0b0efba59e89357d88d09c60f2e7ff3f4ac76bfaaccc0630ce799d2f55badb

Download Submit
\Program Files\vJoy\x64\vJoyList.exe

Filesize
90KB

MD5
5961007e4eb3f3c6930bcfbfa9016430

SHA1
d0f60b06512685b1e1f6508f95dd9d737e882f9b

SHA256
7125624a558d487b8bdf9065eb8ed5a072a4a44b25b3645592e55ef2e1d3467b

SHA512
75d125e0fc00a9b4c488bf45630d3ef392db0c8c4a64a09c05af0cae342c7f434218f2efd52c94d4e939e033d2d7fd0751126a3f2ee5adfdc563d2e73c84c257

Download Submit
\Users\Admin\AppData\Local\Temp\is-CONEH.tmp\vJoySetup.tmp

Filesize
1.4MB

MD5
c3be0ffc6ff04b4e16cdc67e1987363c

SHA1
abf2a820517f076272dd036dcb03478e81e9c9ec

SHA256
721eb854c625fd85837f513e0a9e816adab8c2913fb31f97f3ebc015698307a4

SHA512
f080efd43f9d0419676e68c3a614760cf1db1907ef8ff9e30f9ec8e76f510d2c96bb1a9c2a5a221268fbd03faf1d9096a49d8ab40442c030c1ebb32eff9ffc08

Download Submit
memory/1040-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1040-308-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1704-54-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/1704-307-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2004-306-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

Filesize
4KB

Download