Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'tripsquall' = '%HOMEPATH%\clamoureda\Wongah.vbs'
- wongah.exe
- %HOMEPATH%\clamoureda\wongah.exe
- %HOMEPATH%\clamoureda\wongah.vbs
- http://vd####9wogzzu.info/us13.bin
- DNS ASK vd####9wogzzu.info
- '%HOMEPATH%\clamoureda\wongah.exe'