Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '360Palyword' = '"%ALLUSERSPROFILE%\Application Data\Microsoft dementia\360Game.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\MSDTC] 'Start' = '00000002'
- '<SYSTEM32>\net.exe' stop msdtc
- %ALLUSERSPROFILE%\Application Data\Microsoft dementia\Dementia.exe
- %WINDIR%\oci.temp
- %WINDIR%\oci.txt
- %WINDIR%\oci.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft dementia\360Game.zlib
- %ALLUSERSPROFILE%\Application Data\Microsoft dementia\360Game.temp
- %ALLUSERSPROFILE%\Application Data\Microsoft dementia\360Game.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft dementia\setup.ini
- %WINDIR%\oci.temp
- %WINDIR%\oci.txt
- %ALLUSERSPROFILE%\Application Data\Microsoft dementia\360Game.zlib
- '%ALLUSERSPROFILE%\Application Data\Microsoft dementia\Dementia.exe'
- '<SYSTEM32>\net1.exe' stop msdtc
- '<SYSTEM32>\sc.exe' config MSDTC start= auto
- '<SYSTEM32>\net.exe' start msdtc
- '<SYSTEM32>\net1.exe' start msdtc
- '<SYSTEM32>\msdtc.exe'