Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'aeEkEEcE.exe' = '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'pUccUkoM.exe' = '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- hidden files
- file extensions
- User Account Control (UAC)
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe' /c "<Current directory>\<Virus name>"
- '%ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe'
- '%HOMEPATH%\fCkYUMIQ\pUccUkoM.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\JUMEQYYs.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\vcEoUYYU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kCIUUEIk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gKsIcgcA.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\HGscYwsU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\rMoEkMUM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\DCAwgoAw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nuAUYsYs.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WgAwgQsU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\kuYgwcQY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FAMQkAEM.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2352
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\RkEMokcI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2764
- '<SYSTEM32>\cscript.exe' /pid=2696
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FoocYsAo.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\nsosQEkM.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\EugwQoIE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\eaQEgIUY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\gCcwMIUU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\MiwEgEYs.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=492
- '<SYSTEM32>\reg.exe' /pid=2592
- '<SYSTEM32>\reg.exe' /pid=3388
- '<SYSTEM32>\reg.exe' /pid=3948
- '<SYSTEM32>\reg.exe' /pid=6120
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\ewkoQEQE.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3092
- '<SYSTEM32>\reg.exe' /pid=2656
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\ooskwAQU.bat" "<Full path to virus>""
- '<SYSTEM32>\cscript.exe' /pid=3300
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\PmEQEYUc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3180
- '<SYSTEM32>\reg.exe' /pid=6088
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\dMIQkgoU.bat" "<Full path to virus>""
- '<SYSTEM32>\taskkill.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cscript.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' /pid=3292
- '<SYSTEM32>\reg.exe' /pid=6024
- '<SYSTEM32>\reg.exe' /pid=6048
- '<SYSTEM32>\reg.exe' /pid=6056
- '<SYSTEM32>\cscript.exe' /c ""%TEMP%\CkMYsIko.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\FUwUUQwI.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\dcgEsMcE.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\xsEQwYEk.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\xCgMAckY.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\cwQYgskU.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2828
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\giEwcsoI.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /c "<Current directory>\<Virus name>"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\CUsswsIU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RCoIAksw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\uwowAQMU.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\cYEMYcQc.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\tekssEMc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\reg.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\aUsckUEw.bat" "<Full path to virus>""
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\IcoAMoQo.bat" "<Full path to virus>""
- '<SYSTEM32>\taskkill.exe' /FI "USERNAME eq %USERNAME%" /F /IM aeEkEEcE.exe
- '<SYSTEM32>\cscript.exe' %TEMP%\file.vbs
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\WSoIAUsg.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=2348
- '<SYSTEM32>\reg.exe' /pid=4056
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\aascYwYk.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3104
- '<SYSTEM32>\reg.exe' /pid=2872
- '<SYSTEM32>\reg.exe' /c ""%TEMP%\vGwEMggY.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3296
- '<SYSTEM32>\reg.exe' /pid=3520
- '<SYSTEM32>\cscript.exe' /pid=3172
- '<SYSTEM32>\reg.exe' /pid=1448
- '<SYSTEM32>\cscript.exe' add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\sKgwkgsc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=552
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\oYYUooAc.bat" "<Full path to virus>""
- '<SYSTEM32>\reg.exe' /pid=3072
- '<SYSTEM32>\reg.exe' /pid=3080
- '<SYSTEM32>\reg.exe' /pid=3612
- '<SYSTEM32>\reg.exe'
- '<SYSTEM32>\reg.exe' %TEMP%\file.vbs
- '<SYSTEM32>\reg.exe' /pid=3116
- '<SYSTEM32>\taskkill.exe' %TEMP%\file.vbs
- <SYSTEM32>\taskkill.exe
- <SYSTEM32>\cscript.exe
- <SYSTEM32>\reg.exe
- <SYSTEM32>\cmd.exe
- C:\RCX14.tmp
- <Current directory>\gocu.exe
- %TEMP%\HGscYwsU.bat
- <Current directory>\Swoq.ico
- %TEMP%\kCIUUEIk.bat
- %TEMP%\GsAoggIw.bat
- <Current directory>\YUgW.ico
- %TEMP%\YKIkUsEM.bat
- <Current directory>\yEUe.exe
- <Current directory>\ikoC.ico
- C:\RCX13.tmp
- <Current directory>\swgc.ico
- C:\RCX16.tmp
- <Current directory>\Ecgu.exe
- %TEMP%\MSUIoAgg.bat
- C:\RCX17.tmp
- %TEMP%\JUMEQYYs.bat
- C:\RCX15.tmp
- <Current directory>\kIEA.exe
- %TEMP%\mYcUowok.bat
- <Current directory>\XAUQ.exe
- <Current directory>\SwoK.ico
- C:\RCX12.tmp
- C:\RCXF.tmp
- %TEMP%\rAwkQgsU.bat
- %TEMP%\EugwQoIE.bat
- <Current directory>\TUkc.ico
- %TEMP%\nsosQEkM.bat
- <Current directory>\QoEg.exe
- <Current directory>\kMYk.ico
- %TEMP%\LqgUAEwE.bat
- <Current directory>\UYwA.exe
- <Current directory>\Koos.ico
- C:\RCXE.tmp
- C:\RCX11.tmp
- %TEMP%\fWwEwwAo.bat
- %TEMP%\gKsIcgcA.bat
- <Current directory>\TAYK.exe
- <Current directory>\CwQc.ico
- <Current directory>\TEcE.exe
- %TEMP%\uaIgAUwU.bat
- <Current directory>\bosW.exe
- C:\RCX10.tmp
- <Current directory>\Lwww.ico
- %TEMP%\FAMQkAEM.bat
- <Current directory>\PEAe.ico
- <Current directory>\RQAC.exe
- <Current directory>\VEEU.ico
- C:\RCX1E.tmp
- %TEMP%\dMIQkgoU.bat
- %TEMP%\niAUYsUY.bat
- C:\RCX1D.tmp
- %TEMP%\DCAwgoAw.bat
- C:\RCX1C.tmp
- <Current directory>\RoYe.ico
- %TEMP%\jIUoIkIo.bat
- <Current directory>\gYkY.exe
- %TEMP%\ooskwAQU.bat
- %TEMP%\VUAcEYkA.bat
- %TEMP%\xqQMEQUE.bat
- %TEMP%\SOYAMMoI.bat
- %TEMP%\ewkoQEQE.bat
- %TEMP%\PmEQEYUc.bat
- <Current directory>\QAEW.ico
- %TEMP%\CkMYsIko.bat
- %TEMP%\kIssUkQU.bat
- C:\RCX1F.tmp
- <Current directory>\RkES.exe
- <Current directory>\dQcc.exe
- %TEMP%\WgAwgQsU.bat
- %TEMP%\HiEEsoAw.bat
- %TEMP%\WGcMkEYY.bat
- <Current directory>\hQEw.exe
- <Current directory>\uoss.ico
- %TEMP%\vcEoUYYU.bat
- C:\RCX18.tmp
- <Current directory>\OUsi.exe
- <Current directory>\eEEg.ico
- C:\RCX19.tmp
- <Current directory>\KkEQ.exe
- %TEMP%\iacsoYgI.bat
- %TEMP%\nuAUYsYs.bat
- %TEMP%\rMoEkMUM.bat
- <Current directory>\YYoU.ico
- %TEMP%\uSYcUgYE.bat
- C:\RCX1B.tmp
- %TEMP%\kuYgwcQY.bat
- C:\RCX1A.tmp
- %TEMP%\qscEUYkA.bat
- <Current directory>\zcMM.exe
- <Current directory>\Qcgq.ico
- C:\RCXD.tmp
- %TEMP%\giEwcsoI.bat
- %TEMP%\WuwYUwsY.bat
- %TEMP%\VCMcQkQk.bat
- <Current directory>\ucwW.ico
- %TEMP%\WQQQMMUE.bat
- %TEMP%\RCoIAksw.bat
- %TEMP%\BUsscMAQ.bat
- %TEMP%\AEQQwkUo.bat
- %TEMP%\dcgEsMcE.bat
- %TEMP%\EacIEckg.bat
- %TEMP%\CUsswsIU.bat
- C:\RCX2.tmp
- <Current directory>\PkMm.exe
- %TEMP%\YGEcwogI.bat
- <Current directory>\JkIU.exe
- <Current directory>\WUIQ.ico
- %TEMP%\sKgwkgsc.bat
- C:\RCX1.tmp
- <Current directory>\cMwu.exe
- %TEMP%\oYYUooAc.bat
- <Current directory>\iogs.ico
- %TEMP%\HOsYYkIM.bat
- %TEMP%\FUwUUQwI.bat
- %TEMP%\ZGYkAMwc.bat
- %TEMP%\file.vbs
- %TEMP%\WSoIAUsg.bat
- %TEMP%\aUsckUEw.bat
- %TEMP%\GOgkwAkM.bat
- %TEMP%\tekssEMc.bat
- %TEMP%\wycowAEc.bat
- <Current directory>\<Virus name>
- %TEMP%\EiwAsYYo.bat
- %TEMP%\cYEMYcQc.bat
- %TEMP%\XGkswMIA.bat
- %TEMP%\xCgMAckY.bat
- %TEMP%\cwQYgskU.bat
- %TEMP%\sQIIcAMg.bat
- %TEMP%\xsEQwYEk.bat
- %TEMP%\UUIoIgQg.bat
- %TEMP%\IcoAMoQo.bat
- %TEMP%\PWUkcUsE.bat
- %TEMP%\KKYUIsMA.bat
- %TEMP%\SmcwkEoc.bat
- %TEMP%\uwowAQMU.bat
- C:\RCX3.tmp
- <Current directory>\TwIc.exe
- <Current directory>\gEwm.ico
- C:\RCXA.tmp
- <Current directory>\GsEc.exe
- <Current directory>\MEUS.ico
- %TEMP%\xCcgoIgI.bat
- <Current directory>\OswQ.ico
- %TEMP%\YykAIQUo.bat
- <Current directory>\iAEy.exe
- C:\RCX9.tmp
- %TEMP%\RkEMokcI.bat
- %TEMP%\oYwUAMkQ.bat
- C:\RCXC.tmp
- <Current directory>\tsEM.ico
- %TEMP%\eaQEgIUY.bat
- <Current directory>\iUoI.exe
- <Current directory>\JIcA.exe
- %TEMP%\nyQQAEYA.bat
- C:\RCXB.tmp
- %TEMP%\gCcwMIUU.bat
- <Current directory>\zAEG.ico
- %TEMP%\MiwEgEYs.bat
- C:\RCX8.tmp
- C:\RCX5.tmp
- <Current directory>\zcMS.exe
- %TEMP%\uMcsEogc.bat
- %TEMP%\uIUUogMQ.bat
- %TEMP%\aascYwYk.bat
- <Current directory>\XoQS.ico
- <Current directory>\GgEQ.ico
- %TEMP%\viIwsUAw.bat
- <Current directory>\zEkY.exe
- %TEMP%\lgoUgcMk.bat
- C:\RCX4.tmp
- C:\RCX7.tmp
- %TEMP%\xMQoQMws.bat
- <Current directory>\VMcq.ico
- %TEMP%\FoocYsAo.bat
- <Current directory>\dUsC.exe
- <Current directory>\rMAs.exe
- <Current directory>\GUIU.exe
- <Current directory>\igUA.ico
- C:\RCX6.tmp
- %TEMP%\vGwEMggY.bat
- <Current directory>\vMEY.ico
- %ALLUSERSPROFILE%\BWogoUMg\aeEkEEcE.exe
- %HOMEPATH%\fCkYUMIQ\pUccUkoM.exe
- <Current directory>\YUgW.ico
- %TEMP%\GsAoggIw.bat
- <Current directory>\gocu.exe
- <Current directory>\CwQc.ico
- %TEMP%\YKIkUsEM.bat
- <Current directory>\yEUe.exe
- <Current directory>\ikoC.ico
- <Current directory>\XAUQ.exe
- <Current directory>\SwoK.ico
- <Current directory>\Ecgu.exe
- <Current directory>\kIEA.exe
- %TEMP%\mYcUowok.bat
- <Current directory>\Swoq.ico
- <Current directory>\TAYK.exe
- <Current directory>\kMYk.ico
- %TEMP%\rAwkQgsU.bat
- <Current directory>\QoEg.exe
- <Current directory>\tsEM.ico
- %TEMP%\LqgUAEwE.bat
- <Current directory>\UYwA.exe
- <Current directory>\Koos.ico
- %TEMP%\fWwEwwAo.bat
- <Current directory>\TEcE.exe
- <Current directory>\Lwww.ico
- %TEMP%\uaIgAUwU.bat
- <Current directory>\bosW.exe
- <Current directory>\TUkc.ico
- <Current directory>\swgc.ico
- <Current directory>\RoYe.ico
- %TEMP%\jIUoIkIo.bat
- %TEMP%\niAUYsUY.bat
- <Current directory>\dQcc.exe
- <Current directory>\YYoU.ico
- <Current directory>\gYkY.exe
- <Current directory>\RQAC.exe
- <Current directory>\QAEW.ico
- %TEMP%\VUAcEYkA.bat
- %TEMP%\xqQMEQUE.bat
- <Current directory>\VEEU.ico
- %TEMP%\kIssUkQU.bat
- <Current directory>\RkES.exe
- %TEMP%\uSYcUgYE.bat
- <Current directory>\KkEQ.exe
- <Current directory>\eEEg.ico
- %TEMP%\HiEEsoAw.bat
- %TEMP%\MSUIoAgg.bat
- <Current directory>\OUsi.exe
- <Current directory>\PEAe.ico
- %TEMP%\WGcMkEYY.bat
- %TEMP%\iacsoYgI.bat
- <Current directory>\zcMM.exe
- <Current directory>\Qcgq.ico
- <Current directory>\hQEw.exe
- <Current directory>\uoss.ico
- %TEMP%\qscEUYkA.bat
- <Current directory>\iUoI.exe
- <Current directory>\ucwW.ico
- %TEMP%\HOsYYkIM.bat
- <Current directory>\PkMm.exe
- %TEMP%\VCMcQkQk.bat
- %TEMP%\WQQQMMUE.bat
- <Current directory>\cMwu.exe
- <Current directory>\iogs.ico
- <Current directory>\zEkY.exe
- <Current directory>\GgEQ.ico
- %TEMP%\lgoUgcMk.bat
- <Current directory>\JkIU.exe
- <Current directory>\WUIQ.ico
- %TEMP%\viIwsUAw.bat
- %TEMP%\WuwYUwsY.bat
- %TEMP%\GOgkwAkM.bat
- %TEMP%\PWUkcUsE.bat
- %TEMP%\KKYUIsMA.bat
- %TEMP%\wycowAEc.bat
- %TEMP%\EiwAsYYo.bat
- %TEMP%\ZGYkAMwc.bat
- %TEMP%\SmcwkEoc.bat
- %TEMP%\AEQQwkUo.bat
- %TEMP%\BUsscMAQ.bat
- %TEMP%\EacIEckg.bat
- %TEMP%\UUIoIgQg.bat
- %TEMP%\XGkswMIA.bat
- %TEMP%\sQIIcAMg.bat
- %TEMP%\YGEcwogI.bat
- <Current directory>\TwIc.exe
- <Current directory>\gEwm.ico
- %TEMP%\RkEMokcI.bat
- <Current directory>\OswQ.ico
- %TEMP%\xCcgoIgI.bat
- %TEMP%\aascYwYk.bat
- %TEMP%\vGwEMggY.bat
- <Current directory>\JIcA.exe
- %TEMP%\oYwUAMkQ.bat
- <Current directory>\zAEG.ico
- %TEMP%\nyQQAEYA.bat
- <Current directory>\GsEc.exe
- <Current directory>\MEUS.ico
- <Current directory>\iAEy.exe
- %TEMP%\uIUUogMQ.bat
- <Current directory>\GUIU.exe
- <Current directory>\igUA.ico
- <Current directory>\zcMS.exe
- <Current directory>\XoQS.ico
- %TEMP%\giEwcsoI.bat
- <Current directory>\rMAs.exe
- %TEMP%\YykAIQUo.bat
- <Current directory>\VMcq.ico
- %TEMP%\uMcsEogc.bat
- <Current directory>\vMEY.ico
- %TEMP%\xMQoQMws.bat
- <Current directory>\dUsC.exe
- from C:\RCX15.tmp to <Current directory>\kIEA.exe
- from C:\RCX16.tmp to <Current directory>\XAUQ.exe
- from C:\RCX17.tmp to <Current directory>\Ecgu.exe
- from C:\RCX14.tmp to <Current directory>\gocu.exe
- from C:\RCX11.tmp to <Current directory>\TEcE.exe
- from C:\RCX12.tmp to <Current directory>\TAYK.exe
- from C:\RCX13.tmp to <Current directory>\yEUe.exe
- from C:\RCX18.tmp to <Current directory>\OUsi.exe
- from C:\RCX1D.tmp to <Current directory>\gYkY.exe
- from C:\RCX1E.tmp to <Current directory>\RQAC.exe
- from C:\RCX1F.tmp to <Current directory>\RkES.exe
- from C:\RCX1C.tmp to <Current directory>\dQcc.exe
- from C:\RCX19.tmp to <Current directory>\KkEQ.exe
- from C:\RCX1A.tmp to <Current directory>\hQEw.exe
- from C:\RCX1B.tmp to <Current directory>\zcMM.exe
- from C:\RCX10.tmp to <Current directory>\bosW.exe
- from C:\RCX5.tmp to <Current directory>\zcMS.exe
- from C:\RCX6.tmp to <Current directory>\GUIU.exe
- from C:\RCX7.tmp to <Current directory>\rMAs.exe
- from C:\RCX4.tmp to <Current directory>\zEkY.exe
- from C:\RCX1.tmp to <Current directory>\cMwu.exe
- from C:\RCX2.tmp to <Current directory>\PkMm.exe
- from C:\RCX3.tmp to <Current directory>\JkIU.exe
- from C:\RCX8.tmp to <Current directory>\dUsC.exe
- from C:\RCXD.tmp to <Current directory>\iUoI.exe
- from C:\RCXE.tmp to <Current directory>\UYwA.exe
- from C:\RCXF.tmp to <Current directory>\QoEg.exe
- from C:\RCXC.tmp to <Current directory>\JIcA.exe
- from C:\RCX9.tmp to <Current directory>\iAEy.exe
- from C:\RCXA.tmp to <Current directory>\TwIc.exe
- from C:\RCXB.tmp to <Current directory>\GsEc.exe
- '19#.#86.45.170':9999
- '74.##5.232.51':80
- '20#.#7.164.69':9999
- '20#.#19.204.12':9999
- 74.##5.232.51/
- DNS ASK google.com
- ClassName: '' WindowName: 'Microsoft Windows'
- ClassName: '' WindowName: ''
- ClassName: '' WindowName: 'pUccUkoM.exe'
- ClassName: 'Indicator' WindowName: ''
- ClassName: '' WindowName: 'aeEkEEcE.exe'