Technical Information
- %WINDIR%\tasks\phmsx.job
- <SYSTEM32>\tasks\phmsx
- %ALLUSERSPROFILE%\sstiuv\phmsx.exe
- 'da##13d.com':4035
- DNS ASK da##13d.com
- '%ALLUSERSPROFILE%\sstiuv\phmsx.exe' start
- '%ALLUSERSPROFILE%\sstiuv\phmsx.exe' start' (with hidden window)