Often deployed via a loader that executes in memory to evade detection by standard antivirus.

Snapshots of the victim's hardware, running processes, and installed software.

Disconnect the affected machine from the network to prevent further data exfiltration.

Scripts used by the malware to communicate with its Command and Control (C2) server. 2. Technical Behavior