Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Minecraft' = '<Full path to file>'
- %WINDIR%\syswow64\werfault.exe
- %TEMP%\autcf40.tmp
- %TEMP%\1.resource
- <Full path to file>
- %TEMP%\autcf40.tmp
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\D25B.tmp\D25C.bat %WINDIR%\SysWOW64\WerFault.exe"
- '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Mouclass"