Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QuickShock' = '%WINDIR%\Media\AvMsUpd.exe'
- %WINDIR%\Media\AvMsUpd.exe
- <Current directory>\user.dat
- %WINDIR%\wnetsock08.dll
- <Current directory>\upset1.dat
- <Current directory>\Temp.tjp
- <Current directory>\Temp.tjp
- '72.##9.126.247':80
- 'up####ell600.com.br':80
- http://72.##9.126.247/ptserver/ok.php?id##
- http://www.up####ell600.com.br/ptdata/CurrVer.txt via up####ell600.com.br
- DNS ASK www.up####ell600.com.br