Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'AdvRefresh' = '%WINDIR%\advrefresh.exe'
- %WINDIR%\advrefresh.exe
- <LS_APPDATA>\microsoft\windows\<INETFILES>\content.ie5\yuk3f9l0\navcancl[1]
- '12#.#08.3.72':80
- DNS ASK cl####.triclick.info
- DNS ASK cl####.triclick.net
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''