: It modifies the Windows Registry to ensure the malware starts every time the computer boots up.

: Use a reputable scanner like Malwarebytes or Windows Defender immediately.

: It checks for virtual machines or debuggers to see if a researcher is watching it.

: Avoid running any .exe , .scr , or .bat files found inside the archive.

: The file is frequently distributed via YouTube descriptions or Discord servers , masquerading as "free" game cheats, cracked software, or "hacks" for popular titles. Evidence of Malicious Behavior

: It reaches out to external "Command and Control" (C2) servers to upload the stolen data. Protective Steps If you have downloaded or interacted with this file:

: Saved passwords, credit card info, and cookies from Chrome, Edge, and Firefox.