Technical Information
- [<HKLM>\System\CurrentControlSet\Services\vmgide] 'ImagePath' = '<DRIVERS>\vmgide.sys'
- <DRIVERS>\vmgide.sys
- %WINDIR%\temp\udd1c0c.tmp
- %WINDIR%\temp\udd241b.tmp
- %WINDIR%\temp\udd2c4a.tmp
- %WINDIR%\temp\udd341b.tmp
- %WINDIR%\temp\udd3bec.tmp
- %WINDIR%\temp\udd43bd.tmp
- %WINDIR%\temp\udd1c0c.tmp
- %WINDIR%\temp\udd241b.tmp
- %WINDIR%\temp\udd2c4a.tmp
- %WINDIR%\temp\udd341b.tmp
- %WINDIR%\temp\udd3bec.tmp
- %WINDIR%\temp\udd43bd.tmp
- 'gi##ub.com':443
- DNS ASK gi##ub.com
- '<SYSTEM32>\cmd.exe' /c @sc delete vmgide
- '<SYSTEM32>\sc.exe' delete vmgide
- '<SYSTEM32>\cmd.exe' /c sc create vmgide binPath= <DRIVERS>\vmgide.sys Type= Kernel
- '<SYSTEM32>\sc.exe' create vmgide binPath= <DRIVERS>\vmgide.sys Type= Kernel
- '<SYSTEM32>\cmd.exe' /c sc start vmgide
- '<SYSTEM32>\sc.exe' start vmgide