Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'version' = '<SYSTEM32>\<File name>.exe'
- '' (downloaded from the Internet)
- <SYSTEM32>\setup_123.exe
- 'go####palace.com':80
- 'jr##n.com':80
- http://www.go####palace.com/installer/mdart/small/Setup.exe via go####palace.com
- http://www.jr##n.com/activex/src/version.php via jr##n.com
- DNS ASK www.go####palace.com
- DNS ASK www.jr##n.com
- '<SYSTEM32>\setup_123.exe'