Technical Information
- [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Media Center' = '%WINDIR%\smss.exe'
- %APPDATA%\microsoft\crypto\rsa\s-1-5-21-1238866942-1249195528-555854008-1000\699c4b9cdebca7aaea5193cae8a50098_d4602615-9d50-4880-be41-678935e93eaa
- %WINDIR%\smss.exe
- '34.##0.144.191':443
- '34.##9.100.209':443