Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'RevCode-5704' = '%APPDATA%\RevCode-5704.exe'
- '%ALLUSERSPROFILE%\Application Data\Revcode-FE897EC1\svchost.exe' 2852
- %ALLUSERSPROFILE%\Application Data\Revcode-FE897EC1\svchost.exe
- from <Full path to file> to %APPDATA%\RevCode-5704.exe
- 'localhost':1040
- 'xt####pje.wm01.to':80
- http://xt####pje.wm01.to/recv3.php
- DNS ASK xt####pje.wm01.to