What is the typical attack chain for exploiting this Warcraft III map vulnerability?

First, the attacker uploads a modified Warcraft map to a game room. When another player joins and lacks the map locally, it is automatically downloaded. Once the game starts, the map’s malicious JASS script runs, using the Preload functions to write a `.bat` file into the victim's startup directory. After the victim restarts their computer, the batch file executes, loading the attacker’s payload. For related exploitation techniques, see Testing the Permission Vulnerability in TeamViewer 13.0.5058.