Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'YouPhone' = '%APPDATA%\Microsoft\Windows\Recent\YouPhone.exe'
- %APPDATA%\microsoft\windows\start menu\programs\startup\youphone.exe
- %APPDATA%\microsoft\windows\recent\youphone.exe
- %TEMP%\j0ksneru.0.vb
- %TEMP%\j0ksneru.cmdline
- %TEMP%\j0ksneru.out
- %TEMP%\vbc16b1.tmp
- %TEMP%\res16b2.tmp
- %APPDATA%\microsoft\windows\start menu\programs\startup\youphone.exe
- %TEMP%\res16b2.tmp
- %TEMP%\vbc16b1.tmp
- %TEMP%\j0ksneru.0.vb
- %TEMP%\j0ksneru.cmdline
- %TEMP%\j0ksneru.out
- 'localhost':333
- '10#.#0.6.162':1177
- '%APPDATA%\microsoft\windows\recent\youphone.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\j0ksneru.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES16B2.tmp" "%TEMP%\vbc16B1.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\j0ksneru.cmdline"
- '%WINDIR%\microsoft.net\framework\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES16B2.tmp" "%TEMP%\vbc16B1.tmp"