Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '%HOMEPATH%\petrovax\<File name>.exe'
- %HOMEPATH%\petrovax\<File name>.exe
- 'pe####ax-farm.local':139
- 'pe####ax-farm.local':80
- 'pe####ax-farm.local':445
- DNS ASK pe####ax-farm.local