While legitimate files live in C:\Program Files , suspicious variants often hide in the user’s AppData folder or temp directories. Symptoms of Infection
It has been observed starting unauthorized PowerShell and cmd.exe processes, reading security settings, and modifying Windows Registry keys to establish persistence. Bat.cc.exe
If your system is infected with a process like Bat.cc.exe, you may notice: Malware analysis cc.bat Malicious activity | ANY.RUN While legitimate files live in C:\Program Files ,