Steals Discord tokens, Steam session data, and Telegram desktop files to bypass multi-factor authentication (MFA). Execution Workflow

Once run, the executable typically uses Process Hollowing to inject its malicious code into a legitimate Windows process (like vbc.exe or cvtres.exe ).

Immediately stop the malware from uploading your data to the attacker’s server.

Collects hardware IDs, IP addresses, location data, and active process lists.