Technical Information
- %WINDIR%\syswow64\werfault.exe
- %TEMP%\aut846b.tmp
- %TEMP%\1.resource
- %TEMP%\aut846b.tmp
- '%HOMEPATH%\documents\msdcsc\msdcsc.exe'
- '%WINDIR%\syswow64\cmd.exe' /k attrib "%WINDIR%\SysWOW64" +s +h' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k attrib "%WINDIR%\SysWOW64\WerFault.exe" +s +h' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /k attrib "%WINDIR%\SysWOW64\WerFault.exe" +s +h
- '%WINDIR%\syswow64\cmd.exe' /k attrib "%WINDIR%\SysWOW64" +s +h
- '%WINDIR%\syswow64\attrib.exe' "%WINDIR%\SysWOW64" +s +h
- '%WINDIR%\syswow64\attrib.exe' "%WINDIR%\SysWOW64\WerFault.exe" +s +h