4058bde8974da0952b95736c0fa26ce98ef5aa8ca754af9b48980eafae263050

Analysis

max time kernel
1798s
max time network
1227s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2023, 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

controlloid-server-master/dist/windows/start.bat
Size

659B
MD5

d2952fa301d050c22172944800b2dd5d
SHA1

9a9fa11795afb9447073067a30b3fa5dbda9ae59
SHA256

af0bc1eb93d7c7f491860b86c5988675a00ffd5efad8a230e1e09a5749a4d0a5
SHA512

d031363f281b010b4fc82c7b02af945aa39e9e8333f1dd6221bd3d34e7d30f4fb2f82a5b7a5728b3489eecabbcc3fcb5f766b12f9824afb1c5a82579a5e5e3c5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1588	vJoySetup.tmp
4676	vJoyInstall.exe

Drops file in System32 directory 23 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1A1.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1C3.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1F2.tmp	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{A2D14EAD-5056-4D35-9F00-70F46FEDD24B}.catalogItem	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1A1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1B2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1C3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1F2.tmp	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{E87D6C56-1F14-407B-A7E8-AA96EDBB5439}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{F30871D1-4C26-4A46-840F-91F990B54BB9}.catalogItem	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\vJoy.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB203.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\vjoy.sys	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{0324E8E3-ECD6-426E-A261-A10C8EABF71E}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{88D83184-C17B-4845-BEBE-62014356363B}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{8D987775-9362-42DF-A1BA-853AF0D24059}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B612ED95-4989-4D81-BC3E-2E720F625047}.catalogItem	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\WdfCoInstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB1B2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\hidkmdf.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\vjoy.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\SETB203.tmp	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{D677933C-F72B-4F43-9098-5550439CF8E1}.catalogItem	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\vJoy\x86\vGenInterface.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-NMQ9V.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-8B5MA.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-SGMF8.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\LBIndustrialCtrls.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\msvcp110.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\mfc120u.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-TG9K7.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-U148M.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-23BAG.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-SLB90.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcr110.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyMonitor.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcp110.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-IR33V.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-4ANJG.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-5ML4O.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-31IJE.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-MBQ87.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vJoyInstall.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyConfig.exe	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vJoyInterface.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-LRIVK.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-F07BL.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-65EIU.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-7AA1B.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-O1D3B.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-D5LOC.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vJoyInterfaceWrap.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-NAHEI.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcp120.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-R3RAV.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\WdfCoinstaller01009.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\LBIndustrialCtrls.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\JoyMonitor.exe	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-NU198.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\mscorlib.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\vJoyInstall.exe	vJoySetup.tmp
File created	C:\Program Files\vJoy\unins000.dat	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-UEB3O.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-440N5.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-GLCNQ.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\mfc120u.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyFeeder.exe	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\msvcr120.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vGenInterface.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyConf.exe	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-T19Q3.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-9QFGH.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyInstall.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\msvcp120.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\vJoyMonitor.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyList.exe	vJoySetup.tmp
File created	C:\Program Files\vJoy\is-OC75V.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-1CK5P.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x64\vJoyInterfaceWrap.dll	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\x86\msvcr110.dll	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-9V9FU.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-41HG5.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x86\is-CPFBS.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-05Q5J.tmp	vJoySetup.tmp
File created	C:\Program Files\vJoy\x64\is-MLHAI.tmp	vJoySetup.tmp
File opened for modification	C:\Program Files\vJoy\vJoyInstall.log	vJoyInstall.exe
File opened for modification	C:\Program Files\vJoy\x86\msvcr120.dll	vJoySetup.tmp

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	vJoyInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	vJoyInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	vJoyInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	vJoyInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	vJoyInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	vJoyInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	vJoyInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	vJoyInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	vJoyInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe

Modifies data under HKEY_USERS 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	vJoyInstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	vJoyInstall.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	vJoyInstall.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1588	vJoySetup.tmp
1588	vJoySetup.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeAuditPrivilege	736	svchost.exe
Token: SeSecurityPrivilege	736	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1588	vJoySetup.tmp

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 3692 wrote to memory of 3652	3692	cmd.exe	83
PID 3692 wrote to memory of 3652	3692	cmd.exe	83
PID 3692 wrote to memory of 4592	3692	cmd.exe	84
PID 3692 wrote to memory of 4592	3692	cmd.exe	84
PID 3692 wrote to memory of 4592	3692	cmd.exe	84
PID 4592 wrote to memory of 1696	4592	elevate.exe	85
PID 4592 wrote to memory of 1696	4592	elevate.exe	85
PID 4592 wrote to memory of 1696	4592	elevate.exe	85
PID 1696 wrote to memory of 3900	1696	cmd.exe	87
PID 1696 wrote to memory of 3900	1696	cmd.exe	87
PID 1696 wrote to memory of 3900	1696	cmd.exe	87
PID 3900 wrote to memory of 1588	3900	vJoySetup.exe	88
PID 3900 wrote to memory of 1588	3900	vJoySetup.exe	88
PID 3900 wrote to memory of 1588	3900	vJoySetup.exe	88
PID 1588 wrote to memory of 4676	1588	vJoySetup.tmp	89
PID 1588 wrote to memory of 4676	1588	vJoySetup.tmp	89
PID 736 wrote to memory of 4268	736	svchost.exe	92
PID 736 wrote to memory of 4268	736	svchost.exe	92
PID 4268 wrote to memory of 2432	4268	DrvInst.exe	93
PID 4268 wrote to memory of 2432	4268	DrvInst.exe	93

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\start.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3692
- C:\Windows\system32\where.exe
  where /q /r "C:\Program Files" vjoyconfig.exe
  2⤵
  PID:3652
- C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\elevate.exe
  .\vjoy\elevate.exe -wait cmd /c "C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\setup.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\setup.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\vJoySetup.exe
      .\vJoySetup.exe /silent
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\is-G43SO.tmp\vJoySetup.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-G43SO.tmp\vJoySetup.tmp" /SL5="$30118,10110716,383488,C:\Users\Admin\AppData\Local\Temp\controlloid-server-master\dist\windows\vjoy\vJoySetup.exe" /silent
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:1588
      - C:\Program Files\vJoy\vJoyInstall.exe
        
        "C:\Program Files\vJoy\vJoyInstall.exe" Q
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Modifies system certificate store
        
        PID:4676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{4c830428-6c0f-ba47-ac2e-37338cde3572}\vjoy.inf" "9" "4170f47b7" "0000000000000140" "WinSta0\Default" "0000000000000158" "208" "c:\program files\vjoy"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:4268
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{701950dc-177d-bc4c-b230-17b6d6a56f4f} Global\{8e305fef-6a16-bb4b-ad67-49a312fa4edb} C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\vjoy.inf C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\vJoy.cat
    3⤵
    PID:2432

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:4976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\vJoy\vJoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
C:\Program Files\vJoy\vJoyInstall.exe

Filesize
137KB

MD5
4725f34695dc281aea1df512c3152f6a

SHA1
3b5b9a6f2bdb262a25b518cd9edf9805ede1a330

SHA256
668741cb856ef4b3e10c36c11a65c2749ed2693cba3a1657e002ff0a721f628b

SHA512
93a50fe54cffdc796e66b90ed84fea662965d7e30a39ce71d346141f4671849c30e66468aa5c20e49085cb70b76486e4c5158ccda871916bfbe8bcabc943e42b

Download Submit
C:\Program Files\vJoy\x64\LBIndustrialCtrls.dll

Filesize
40KB

MD5
74fd55b0a678af4d4df0f8e291630f7a

SHA1
b5bbb0601c83b72e5178a0688fc55e96e48e53b9

SHA256
7bc7422dafa1272f9c528a6fb2195a6e0f0816178bbe841cbac2e916b71f58e8

SHA512
5b86b3dfc3e5d463215cb623b64abff8393d1136598f4a02056fc57e9dbe43126c0f81feb3a9a0a0fe01c9a75800c2a769aed55a2d19ee7f13f4953e6978aaaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-G43SO.tmp\vJoySetup.tmp

Filesize
1.4MB

MD5
c3be0ffc6ff04b4e16cdc67e1987363c

SHA1
abf2a820517f076272dd036dcb03478e81e9c9ec

SHA256
721eb854c625fd85837f513e0a9e816adab8c2913fb31f97f3ebc015698307a4

SHA512
f080efd43f9d0419676e68c3a614760cf1db1907ef8ff9e30f9ec8e76f510d2c96bb1a9c2a5a221268fbd03faf1d9096a49d8ab40442c030c1ebb32eff9ffc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-G43SO.tmp\vJoySetup.tmp

Filesize
1.4MB

MD5
c3be0ffc6ff04b4e16cdc67e1987363c

SHA1
abf2a820517f076272dd036dcb03478e81e9c9ec

SHA256
721eb854c625fd85837f513e0a9e816adab8c2913fb31f97f3ebc015698307a4

SHA512
f080efd43f9d0419676e68c3a614760cf1db1907ef8ff9e30f9ec8e76f510d2c96bb1a9c2a5a221268fbd03faf1d9096a49d8ab40442c030c1ebb32eff9ffc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C830~1\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C830~1\hidkmdf.sys

Filesize
10KB

MD5
de50a50fd52a2bacb72f159aea6e3a38

SHA1
2bad3a7e7516e9fc68e2ab4c5d9a7ac60a576154

SHA256
8fe4cac56e0ed66e5fc60f1468e1911196cadac49f0e350cfe7820c7ec7fcd7e

SHA512
c7542cf3b45d1d0ccbe87b5c220ecac6c4e9a8c1c171d5ce95f5bf76c1a3ffb576226486ed498ee12eedad9b1beed1d17a0f14d922df21287a70f69354c6a924

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C830~1\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4C830~1\vjoy.sys

Filesize
56KB

MD5
cb09581d30179ef1d9cac51717afa04f

SHA1
e3f54c575bb3daed87bccff8a207c7e9634ad7f0

SHA256
58e5cafbb5c3cc69c23ad85c3093b247208e3e5c43fe09aa06a6b7ec40fc3d1b

SHA512
a961e9ece89adb83d4c81c601aa3d91c39b277b9a27233d9894caf46cd5b92c6cdc55aaa689e55408303607bac3012296b67bd1dbdb8d71c10d1ac9ec3178e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4c830428-6c0f-ba47-ac2e-37338cde3572}\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4c830428-6c0f-ba47-ac2e-37338cde3572}\hidkmdf.sys

Filesize
10KB

MD5
de50a50fd52a2bacb72f159aea6e3a38

SHA1
2bad3a7e7516e9fc68e2ab4c5d9a7ac60a576154

SHA256
8fe4cac56e0ed66e5fc60f1468e1911196cadac49f0e350cfe7820c7ec7fcd7e

SHA512
c7542cf3b45d1d0ccbe87b5c220ecac6c4e9a8c1c171d5ce95f5bf76c1a3ffb576226486ed498ee12eedad9b1beed1d17a0f14d922df21287a70f69354c6a924

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4c830428-6c0f-ba47-ac2e-37338cde3572}\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4c830428-6c0f-ba47-ac2e-37338cde3572}\vjoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4c830428-6c0f-ba47-ac2e-37338cde3572}\vjoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4c830428-6c0f-ba47-ac2e-37338cde3572}\vjoy.sys

Filesize
56KB

MD5
cb09581d30179ef1d9cac51717afa04f

SHA1
e3f54c575bb3daed87bccff8a207c7e9634ad7f0

SHA256
58e5cafbb5c3cc69c23ad85c3093b247208e3e5c43fe09aa06a6b7ec40fc3d1b

SHA512
a961e9ece89adb83d4c81c601aa3d91c39b277b9a27233d9894caf46cd5b92c6cdc55aaa689e55408303607bac3012296b67bd1dbdb8d71c10d1ac9ec3178e25

Download Submit
C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
C:\Windows\System32\DriverStore\Temp\{bba3f726-e40a-7e45-a4ad-3cf6506af00f}\vjoy.inf

Filesize
10KB

MD5
460c34649150136c91c1e4b9d48b12cc

SHA1
4d57ae74eb2422b6b33d6214f25674fa243537fe

SHA256
3a4990e6462dbea0d925a64fc07a0c107e3e04b77755b9f6ff8222e92c617078

SHA512
1a85af0aeac1014acbc97941e1e2a23ecabc005ab38dfbb5667adbbe822c913526a34bee69f39102cc4bd3a39dc3f0d63e0be4d35934979699f06c204f7e832c

Download Submit
\??\c:\PROGRA~1\vjoy\WDFCOI~1.DLL

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
\??\c:\PROGRA~1\vjoy\hidkmdf.sys

Filesize
10KB

MD5
de50a50fd52a2bacb72f159aea6e3a38

SHA1
2bad3a7e7516e9fc68e2ab4c5d9a7ac60a576154

SHA256
8fe4cac56e0ed66e5fc60f1468e1911196cadac49f0e350cfe7820c7ec7fcd7e

SHA512
c7542cf3b45d1d0ccbe87b5c220ecac6c4e9a8c1c171d5ce95f5bf76c1a3ffb576226486ed498ee12eedad9b1beed1d17a0f14d922df21287a70f69354c6a924

Download Submit
\??\c:\PROGRA~1\vjoy\vjoy.sys

Filesize
56KB

MD5
cb09581d30179ef1d9cac51717afa04f

SHA1
e3f54c575bb3daed87bccff8a207c7e9634ad7f0

SHA256
58e5cafbb5c3cc69c23ad85c3093b247208e3e5c43fe09aa06a6b7ec40fc3d1b

SHA512
a961e9ece89adb83d4c81c601aa3d91c39b277b9a27233d9894caf46cd5b92c6cdc55aaa689e55408303607bac3012296b67bd1dbdb8d71c10d1ac9ec3178e25

Download Submit
\??\c:\program files\vjoy\vJoy.cat

Filesize
9KB

MD5
8ade7a899a6d5f2d34b9a0e32e8e881c

SHA1
01e7961bc2ba41bd8794da2b2d2e967172cfd739

SHA256
09f859c2ac093ff4fab365ecead64c47c763230b091918be5abcc040579126ec

SHA512
b1ef251b258bf2fc7cb10d2f8ad64c60d01a7da81df31fb362998b62c5f423a202ee067ba6d4f69b8935292a55a91d1d0199b4a08cd0e7f15a96420f6ea9c6b2

Download Submit
memory/1588-138-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/1588-292-0x0000000000400000-0x000000000056D000-memory.dmp

Filesize
1.4MB

Download
memory/1588-293-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/3900-133-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/3900-291-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download