#Netclient RAT
https://www.virustotal.com/#/file/d0d0c66b05580528c857059ce557fd94bbb4dd4943ee8466eaf7f00ea487e0ed/detection

contacted domain and function of plugin files:
https://pastebin.com/68Xpwc3s

3 components from plugin directory:
password-protected netclient
7z console
cmd/batch script

C2:
/185.213.208.240/fakeurl.htm

initial evidence of plugin url came from debugging the malware and looking under loadlibraryA

Singed By COMODO >:(

Neither the malware nor its domains were detected by avast.Reported to labs.

Last set of screenshots…typo error:
/exortwex.com/wp-content/plugins/Zdi8ioQopO33 this is the netsupport download link.Its a 7z archive