Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Flash' = '%APPDATA%\Microsoft\Invoice\taskhost.exe'
- %TEMP%\invoice.gif
- %APPDATA%\microsoft\invoice\taskhost.exe
- %APPDATA%\microsoft\invoice\.identifier
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012021080920210810\index.dat
- %APPDATA%\microsoft\invoice\.identifier
- '12#.#48.212.76':443
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'Static' WindowName: ''
- '%APPDATA%\microsoft\invoice\taskhost.exe'
- '%APPDATA%\microsoft\invoice\taskhost.exe' ' (with hidden window)