Usually an .exe or .scr file disguised as an image or video file using double extensions (e.g., image.jpg.exe ).

It attempts to connect to a Command & Control (C2) server to upload harvested data from the victim's machine.

Malicious shortcut files designed to execute PowerShell scripts upon being opened. Behavioral Patterns:

Often spread via phishing links, malicious advertisements (malvertising), or "leaked" content archives on forums and file-sharing sites.

To gain unauthorized access to the victim's system, steal sensitive credentials (browser passwords, crypto wallets), and monitor user activity. Technical Analysis & Indicators

The malware often modifies the Windows Registry (e.g., HKCU\Software\Microsoft\Windows\CurrentVersion\Run ) to ensure it launches every time the computer starts.

For further technical investigation without risk, upload the file to VirusTotal or Any.Run to see specific behavioral reports and C2 IP addresses.

Based on typical behavior for this specific file name in threat intelligence databases: