Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RevCode-5704' = '%APPDATA%\RevCode-5704.exe'
- '%ALLUSERSPROFILE%\Application Data\Revcode-61093D06\svchost.exe' 2828
- %ALLUSERSPROFILE%\Application Data\Revcode-61093D06\svchost.exe
- from <Full path to file> to %APPDATA%\RevCode-5704.exe
- 'localhost':1041
- 'ba####23.wm01.to':80
- http://ba####23.wm01.to/recv3.php
- DNS ASK ba####23.wm01.to