Technical Information
- %WINDIR%\tasks\taqi.job
- <SYSTEM32>\tasks\taqi
- %ALLUSERSPROFILE%\vqke\taqi.exe
- 'ap#.#pify.org':443
- '12#.31.0.34':9131
- '19#.#01.26.175':9001
- '18#.#20.103.118':80
- '19#.#8.81.140':80
- '84.##.60.119':9001
- '95.##1.252.230':9001
- '54.##.219.251':443
- '87.##3.170.154':9030
- '20#.#3.164.118':80
- '17#.#05.52.47':443
- '21#.#96.191.96':9070
- '14#.#7.217.44':443
- '84.##4.42.49':9001
- '19#.#0.112.165':80
- 'ap#.#pify.org':443
- '19#.#01.26.175':9001
- '84.##.60.119':9001
- '95.##1.252.230':9001
- '54.##.219.251':443
- '17#.#05.52.47':443
- '21#.#96.191.96':9070
- '84.##4.42.49':9001
- DNS ASK ya##212.com
- DNS ASK ya##212.net
- DNS ASK ap#.#pify.org
- '%ALLUSERSPROFILE%\vqke\taqi.exe' start
- '%ALLUSERSPROFILE%\vqke\taqi.exe' start' (with hidden window)