Technical Information
- [<HKLM>\System\CurrentControlSet\Services\VeryTired] 'ImagePath' = '%WINDIR%\SysWOW64\Proxy64.sys'
- 'VeryTired' %WINDIR%\SysWOW64\Proxy64.sys
- %TEMP%\tmp.exe
- %TEMP%\hookproxy.dll
- %WINDIR%\syswow64\proxy64.sys
- ctrlsmverytired
- %WINDIR%\temp\udd756d.tmp
- %TEMP%\hookproxy.dll
- %WINDIR%\temp\udd756d.tmp
- DNS ASK au#s.cc
- '%TEMP%\tmp.exe'