Kaspersky have a good find here, similar to the PlugX data harvester USB worms from China based threat actors that are doing the rounds for past few years - DLL sideloading, exfil files via same folder names etc.

https://ics-cert.kaspersky.com/publications/reports/2023/07/31/common-ttps-of-attacks-against-industrial-organizations-implants-for-gathering-data/