Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SkinSharp For EL] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\SkinSharp For EL] 'ImagePath' = '%WINDIR%\shutdowns.exe'
- %WINDIR%\shutdowns.exe
- C:\$20996654.H1409\447\SkinH_EL.exe
- C:\$20996654.H1409\447\config.json
- 'jw####.ppxxmr.com':3333
- DNS ASK jw####.ppxxmr.com
- '%WINDIR%\shutdowns.exe'
- 'C:\$20996654.H1409\447\SkinH_EL.exe'