Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00590] 'DllName' = '<SYSTEM32>\__c00590.dat'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00590] 'Startup' = 'B'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00590] 'Logon' = 'B'
- iexplore.exe
- <Full path to file>.dat
- %WINDIR%\syswow64\__c00590.dat
- <Full path to file>.dat
- DNS ASK th####tusinfo.com
- '%WINDIR%\syswow64\rundll32.exe' "<Full path to file>.dat",E
- '%WINDIR%\syswow64\rundll32.exe' "<SYSTEM32>\__c00590.dat",B