Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '35dcbc7eb742dd4f1edfbccf7826c724' = '%TEMP%\Microsoft\MyClient\WindowsUpdate.exe'
- %TEMP%\microsoft\myclient\windowsupdate.exe
- %TEMP%\microsoft\myclient\windowsupdate.exe
- <Full path to file>
- %TEMP%\microsoft\myclient\windowsupdate.exe
- http://62.##0.27.210/plesk-site-preview/totalleecase.xyz/62.210.27.210/BlackNET%20Panel/connection.php?da########################################################################################...
- http://62.##0.27.210/plesk-site-preview/totalleecase.xyz/62.210.27.210/BlackNET%20Panel/receive.php?co#########################################
- http://62.##0.27.210/plesk-site-preview/totalleecase.xyz/62.210.27.210/BlackNET%20Panel/getCommand.php?id#####################
- '%TEMP%\microsoft\myclient\windowsupdate.exe'
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose