Technical Information
- %WINDIR%\Tasks\MsNetValidator.job
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%APPDATA%\NetDefender\' = '00000000'
- %APPDATA%\NetDefender\client_id
- %APPDATA%\NetDefender\b772ef49.exe
- 'wt###myip.com':80
- http://wt###myip.com/text
- DNS ASK wt###myip.com
- '%APPDATA%\NetDefender\b772ef49.exe'