Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{48481EF5-410F-4AF7-83AF-98871F9032AD}] 'StubPath' = '<SYSTEM32>\allowsff.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\allowsff.exe
- 'go####.vizvaz.com':80
- DNS ASK go####.vizvaz.com