Technical Information
- %WINDIR%\Tasks\MsNetValidator.job
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%APPDATA%\NetDefender\' = '00000000'
- %APPDATA%\NetDefender\client_id
- %APPDATA%\NetDefender\b772ef49.exe
- 'ip.##ysrc.net':80
- http://ip.##ysrc.net/plain/clientip
- DNS ASK ip.##ysrc.net
- '%APPDATA%\NetDefender\b772ef49.exe'