Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\backup.exe
- hidden files
- file extensions
- Registry Editor (RegEdit)
- C:\Far\Addons\Tables\Cyrillic\E-Mail Double Conversion\backup.exe C:\Far\Addons\Tables\Cyrillic\E-Mail Double Conversion\
- %CommonProgramFiles%\Microsoft Shared\DW\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\
- C:\Far\PlugDoc\Examples\Editor\Align\backup.exe C:\Far\PlugDoc\Examples\Editor\Align\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\
- %CommonProgramFiles%\Microsoft Shared\DAO\backup.exe %CommonProgramFiles%\Microsoft Shared\DAO\
- C:\Far\Addons\XLat\backup.exe C:\Far\Addons\XLat\
- C:\Far\PlugDoc\Examples\Editor\AutoWrap\backup.exe C:\Far\PlugDoc\Examples\Editor\AutoWrap\
- C:\Far\PlugDoc\Headers.c\data.exe C:\Far\PlugDoc\Headers.c\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\
- C:\Far\Plugins\backup.exe C:\Far\Plugins\
- C:\Far\Addons\Tables\Central European\backup.exe C:\Far\Addons\Tables\Central European\
- %ALLUSERSPROFILE%\Start Menu\Programs\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\
- C:\Far\PlugDoc\Examples\Compare\backup.exe C:\Far\PlugDoc\Examples\Compare\
- %ALLUSERSPROFILE%\Documents\My Pictures\backup.exe %ALLUSERSPROFILE%\Documents\My Pictures\
- %CommonProgramFiles%\backup.exe %CommonProgramFiles%\
- C:\Far\Addons\Tables\Cyrillic\backup.exe C:\Far\Addons\Tables\Cyrillic\
- %ALLUSERSPROFILE%\Documents\My Videos\backup.exe %ALLUSERSPROFILE%\Documents\My Videos\
- C:\Far\PlugDoc\Examples\Editor\System Restore.exe C:\Far\PlugDoc\Examples\Editor\
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\backup.exe %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\
- %CommonProgramFiles%\Microsoft Shared\backup.exe %CommonProgramFiles%\Microsoft Shared\
- %PROGRAM_FILES%\ComPlus Applications\backup.exe %PROGRAM_FILES%\ComPlus Applications\
- %CommonProgramFiles%\Microsoft Shared\DW\1028\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1028\
- %CommonProgramFiles%\Microsoft Shared\MSInfo\backup.exe %CommonProgramFiles%\Microsoft Shared\MSInfo\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\
- C:\Far\Addons\Tables\Western European\backup.exe C:\Far\Addons\Tables\Western European\
- C:\Far\Addons\XLat\Russian\backup.exe C:\Far\Addons\XLat\Russian\
- C:\Far\Plugins\ascii\src\backup.exe C:\Far\Plugins\ascii\src\
- %WINDIR%\backup.exe %WINDIR%\
- %ALLUSERSPROFILE%\Start Menu\Programs\Games\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Games\
- %CommonProgramFiles%\MSSoap\Binaries\backup.exe %CommonProgramFiles%\MSSoap\Binaries\
- C:\Far\PlugDoc\Examples\FileCase\System Restore.exe C:\Far\PlugDoc\Examples\FileCase\
- %CommonProgramFiles%\MSSoap\backup.exe %CommonProgramFiles%\MSSoap\
- C:\Far\Plugins\ascii\backup.exe C:\Far\Plugins\ascii\
- %CommonProgramFiles%\Microsoft Shared\DW\1025\backup.exe %CommonProgramFiles%\Microsoft Shared\DW\1025\
- C:\Far\Addons\Tables\Hebrew\backup.exe C:\Far\Addons\Tables\Hebrew\
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\backup.exe %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\
- C:\Far\PlugDoc\Examples\Editor\Brackets\backup.exe C:\Far\PlugDoc\Examples\Editor\Brackets\
- %PROGRAM_FILES%\FireFox\data.exe %PROGRAM_FILES%\FireFox\
- C:\Far\PlugDoc\Examples\FARCmds\backup.exe C:\Far\PlugDoc\Examples\FARCmds\
- C:\Far\PlugDoc\Headers.pas\backup.exe C:\Far\PlugDoc\Headers.pas\
- %ALLUSERSPROFILE%\Start Menu\backup.exe %ALLUSERSPROFILE%\Start Menu\
- %HOMEPATH%\Start Menu\backup.exe %HOMEPATH%\Start Menu\
- %ALLUSERSPROFILE%\backup.exe %ALLUSERSPROFILE%\
- C:\Far\Addons\backup.exe C:\Far\Addons\
- C:\Far\backup.exe C:\Far\
- %HOMEPATH%\My Documents\My Pictures\backup.exe %HOMEPATH%\My Documents\My Pictures\
- C:\Far\Addons\Colors\backup.exe C:\Far\Addons\Colors\
- %HOMEPATH%\Start Menu\Programs\Accessories\System Restore.exe %HOMEPATH%\Start Menu\Programs\Accessories\
- %ALLUSERSPROFILE%\Desktop\backup.exe %ALLUSERSPROFILE%\Desktop\
- C:\Far\Addons\Archivers\backup.exe C:\Far\Addons\Archivers\
- %HOMEPATH%\Start Menu\Programs\backup.exe %HOMEPATH%\Start Menu\Programs\
- %HOMEPATH%\Cookies\backup.exe %HOMEPATH%\Cookies\
- %HOMEPATH%\Desktop\backup.exe %HOMEPATH%\Desktop\
- %HOMEPATH%\System Restore.exe %HOMEPATH%\
- C:\backup.exe \
- C:\Documents and Settings\backup.exe C:\Documents and Settings\
- %HOMEPATH%\My Documents\Downloads\backup.exe %HOMEPATH%\My Documents\Downloads\
- %HOMEPATH%\My Documents\My Music\backup.exe %HOMEPATH%\My Documents\My Music\
- %HOMEPATH%\My Documents\backup.exe %HOMEPATH%\My Documents\
- %HOMEPATH%\Favorites\backup.exe %HOMEPATH%\Favorites\
- %HOMEPATH%\Favorites\Links\backup.exe %HOMEPATH%\Favorites\Links\
- %ALLUSERSPROFILE%\Documents\backup.exe %ALLUSERSPROFILE%\Documents\
- C:\Far\PlugDoc\backup.exe C:\Far\PlugDoc\
- C:\Far\Addons\Shell\data.exe C:\Far\Addons\Shell\
- <Auxiliary element> <Auxiliary element>
- C:\Far\Addons\SetUp\backup.exe C:\Far\Addons\SetUp\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\backup.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\
- C:\Far\PlugDoc\Examples\backup.exe C:\Far\PlugDoc\Examples\
- C:\Far\Addons\Tables\backup.exe C:\Far\Addons\Tables\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\000D7521\data.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\000D7521\
- %ALLUSERSPROFILE%\Favorites\backup.exe %ALLUSERSPROFILE%\Favorites\
- %PROGRAM_FILES%\backup.exe %PROGRAM_FILES%\
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\
- C:\Far\Addons\Colors\Default Highlighting\backup.exe C:\Far\Addons\Colors\Default Highlighting\
- %ALLUSERSPROFILE%\Documents\My Music\backup.exe %ALLUSERSPROFILE%\Documents\My Music\
- C:\Far\Addons\Colors\Custom Highlighting\backup.exe C:\Far\Addons\Colors\Custom Highlighting\
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\backup.exe %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\System Restore.exe %ALLUSERSPROFILE%\Documents\My Music\Sample Music\
- %HOMEPATH%\Start Menu\Programs\Startup\backup.exe %HOMEPATH%\Start Menu\Programs\Startup\
- C:\Far\Addons\Macros\backup.exe C:\Far\Addons\Macros\
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\backup.exe %ALLUSERSPROFILE%\Documents\My Music\My Playlists\
- %HOMEPATH%\Start Menu\Programs\Administrative Tools\backup.exe %HOMEPATH%\Start Menu\Programs\Administrative Tools\
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\backup.exe
- C:\Far\Addons\Tables\Cyrillic\E-Mail Double Conversion\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DAO\backup.exe
- C:\Far\PlugDoc\Examples\Editor\Align\backup.exe
- C:\Far\Plugins\backup.exe
- %PROGRAM_FILES%\ComPlus Applications\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1025\backup.exe
- C:\Far\Addons\XLat\backup.exe
- C:\Far\PlugDoc\Headers.c\data.exe
- C:\Far\PlugDoc\Examples\Editor\AutoWrap\backup.exe
- C:\Far\Addons\Tables\Central European\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\backup.exe
- C:\Far\PlugDoc\Examples\Compare\backup.exe
- %CommonProgramFiles%\backup.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\backup.exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\backup.exe
- %ALLUSERSPROFILE%\Documents\My Videos\backup.exe
- C:\Far\Addons\Tables\Cyrillic\backup.exe
- %CommonProgramFiles%\Microsoft Shared\backup.exe
- C:\Far\PlugDoc\Examples\Editor\System Restore.exe
- C:\Far\Addons\Tables\Hebrew\backup.exe
- C:\Far\Plugins\ascii\src\backup.exe
- C:\Far\PlugDoc\Examples\FileCase\System Restore.exe
- %CommonProgramFiles%\Microsoft Shared\MSInfo\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1028\backup.exe
- %CommonProgramFiles%\MSSoap\Binaries\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Games\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\backup.exe
- %CommonProgramFiles%\Microsoft Shared\DW\1031\backup.exe
- C:\Far\PlugDoc\Examples\Editor\DrawLine\backup.exe
- %PROGRAM_FILES%\FireFox\chrome\backup.exe
- %WINDIR%\backup.exe
- C:\Far\PlugDoc\Examples\FARCmds\backup.exe
- C:\Far\PlugDoc\Headers.pas\backup.exe
- %CommonProgramFiles%\MSSoap\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\backup.exe
- C:\Far\Plugins\ascii\backup.exe
- C:\Far\Addons\XLat\Russian\backup.exe
- C:\Far\Addons\Tables\Western European\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\backup.exe
- C:\Far\PlugDoc\Examples\Editor\Brackets\backup.exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\backup.exe
- %PROGRAM_FILES%\FireFox\data.exe
- %ALLUSERSPROFILE%\Start Menu\backup.exe
- %HOMEPATH%\My Documents\My Music\backup.exe
- C:\Far\backup.exe
- <Current directory>\<Virus name>.zip
- %HOMEPATH%\My Documents\backup.exe
- %HOMEPATH%\My Documents\Downloads\backup.exe
- %HOMEPATH%\My Documents\My Pictures\backup.exe
- C:\Far\Addons\Archivers\backup.exe
- %HOMEPATH%\Start Menu\Programs\backup.exe
- %ALLUSERSPROFILE%\backup.exe
- C:\Far\Addons\backup.exe
- %HOMEPATH%\Start Menu\backup.exe
- <Current directory>\<Virus name>.dat
- C:\backup.exe
- <Current directory>\K2a02832
- <Current directory>\System Restore.exe
- <Current directory>\temp.zip
- C:\Documents and Settings\backup.exe
- %HOMEPATH%\Favorites\backup.exe
- %HOMEPATH%\Favorites\Links\backup.exe
- %HOMEPATH%\Desktop\backup.exe
- %HOMEPATH%\System Restore.exe
- %HOMEPATH%\Cookies\backup.exe
- %ALLUSERSPROFILE%\Desktop\backup.exe
- <Auxiliary element>
- C:\Far\PlugDoc\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\System Restore.exe
- C:\Far\Addons\SetUp\backup.exe
- C:\Far\Addons\Shell\data.exe
- C:\Far\PlugDoc\Examples\backup.exe
- C:\Far\Addons\Tables\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Playlists\000D7521\data.exe
- %ALLUSERSPROFILE%\Favorites\backup.exe
- %PROGRAM_FILES%\backup.exe
- C:\Far\Addons\Colors\Custom Highlighting\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\backup.exe
- %ALLUSERSPROFILE%\Documents\backup.exe
- C:\Far\Addons\Colors\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\System Restore.exe
- %ALLUSERSPROFILE%\Documents\My Music\backup.exe
- %HOMEPATH%\Start Menu\Programs\Administrative Tools\backup.exe
- C:\Far\Addons\Macros\backup.exe
- %ALLUSERSPROFILE%\Documents\My Music\My Playlists\backup.exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\backup.exe
- C:\Far\Addons\Colors\Default Highlighting\backup.exe
- <Current directory>\<Virus name>.zip
- <Current directory>\temp.zip
- <Current directory>\<Virus name>.dat
- <Current directory>\temp.zip
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ExploreWClass' WindowName: ''
- ClassName: 'CabinetWClass' WindowName: ''