Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'serevc' = '%HOMEPATH%\Documents\kjtkevjm\serevc.exe'
- %TEMP%\ser.exe
- %HOMEPATH%\documents\kjtkevjm\serevc.exe
- %TEMP%\ser.exe
- %HOMEPATH%\documents\kjtkevjm\serevc.exe
- DNS ASK 83##ka.com
- '%TEMP%\ser.exe'
- '%HOMEPATH%\documents\kjtkevjm\serevc.exe'