Key Findings Python-based remote access trojan embeds payload directly inside batch file dropper with no external downloads Malware disables Windows Defender, PowerShell logging, firewall logging, and SmartScreen before activating Establishes persistence through multiple mechanisms including startup folders, registry keys, scheduled tasks, and WMI subscriptions with automatic restoration capability Uses bore.pub public TCP tunneling service for command-and-control instead of