Technical Information
- %WINDIR%\tasks\ukpoca.job
- <SYSTEM32>\tasks\ukpoca
- %ALLUSERSPROFILE%\tleu\ukpoca.exe
- http://13#.#88.40.189/tor/status-vote/current/consensus
- http://20#.#3.164.118/tor/status-vote/current/consensus
- http://19#.#3.244.244/tor/status-vote/current/consensus
- http://5.##6.26.16/tor/server/fp/5e3f6f9cd9702d56b340f76a0aa40421310b41ef
- http://5.##6.26.16/tor/server/fp/a5b22cff88153d3d73c3699bd3c7f0a2f4994da9
- DNS ASK mx###gs19.xyz
- DNS ASK sd###ert20.xyz
- DNS ASK ap#.#pify.org
- '%ALLUSERSPROFILE%\tleu\ukpoca.exe' start
- '%ALLUSERSPROFILE%\tleu\ukpoca.exe' start' (with hidden window)