Some variants copy themselves to %APPDATA%\Local\Temp and add a registry key to ensure they run every time the computer reboots.
Never download software from unofficial sources, especially those that ask you to disable your antivirus before running. Ransomware Roundup - DoDo and Proton | FortiGuard Labs Mercurial Grabber.exe
Extracts stored passwords, cookies, and autofill data from popular browsers like Google Chrome, Opera, Brave, and Yandex . and Yandex .