Zoliboys_new_assistant.zip -

Usually contains an executable ( .exe ), a shortcut file ( .lnk ), or a heavily obfuscated PowerShell script.

The malware frequently targets browser data ( Login Data , Cookies , Web Data ) from Chrome, Edge, and Brave. Zoliboys_New_Assistant.zip

It may attempt to take periodic screenshots of the desktop to monitor user activity. Usually contains an executable (

Credential theft, session hijacking, or establishing a persistent backdoor on the victim's machine. 2. Execution Chain passing a long

Look for hidden files in %AppData% or %LocalAppData% with randomized names (e.g., a1b2c3d4.exe ). 4. Behavioral Findings

The shortcut file inside often points to cmd.exe or powershell.exe , passing a long, base64-encoded string as an argument.

Outbound connections to uncommon ports (e.g., 5555, 6666, or 8080) or attempts to reach known malicious domains associated with "Zoliboys" campaigns. Persistence: Check for new entries in the Windows Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run