Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '' = ''
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vooln' = 'c:\sys32\vooln.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'vooll1' = 'c:\sys32\vooll1.exe'
- '<SYSTEM32>\wermgr.exe' -queuereporting
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YF7T7AK2\prn1[1].html
- C:\sys32\vooln.gif
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\6P5SDOMI\ree1[1].html
- C:\sys32\vooll1.gif
- 'ne#####01.hpg.ig.com.br':80
- 'localhost':60509
- ne#####01.hpg.ig.com.br/prn1.html
- ne#####01.hpg.ig.com.br/ree1.html
- DNS ASK ne#####01.hpg.ig.com.br