A targeted campaign is delivering the PureLog Stealer via localized copyright violation lures. The attack employs a sophisticated multi-stage infection chain, utilizing a Python-based loader to bypass AMSI, establish registry persistence, and execute the final .NET stealer entirely in memory to evade detection.