Technical Information
- http://resturfile.com/prodump.exe as %appdata%\javac.bat
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\Javax.bat
- %APPDATA%\javax.bat
- DNS ASK re###rfile.com
- '<SYSTEM32>\cmd.exe' /c %APPDATA%\Javax.bat' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Invoke-Item "%APPDATA%\Javac.bat"