The package contains code to download and run a malicious executable. The executable contains a remote access trojan controlled via Telegram bot, with capabilities like a keylogger, screen recording, command execution. It also attempts to gain persistence via startup registry keys.

---

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2026-06-fastercode

Reasons (based on the campaign):

• Downloads and executes a remote executable.

• peristence-autorun

• uses-telegram-bot

• keylogger

• rat

• spyware-like