This code is malicious: it is a fully-featured Windows stealer that harvests browser passwords, cookies, Discord tokens, autofill/credit-cards, system information, screenshots and prioritized user files, then archives and exfiltrates them to a hardcoded Discord webhook (with catbox as fallback). It also contains persistence mechanisms (startup copy and Discord injection). Do not run or distribute this code. Treat any system where this executed as compromised and perform incident response and secrets rotation.
Live on pypi for 112 days, 5 hours and 42 minutes before removal. Socket users were protected even while the package was live.