note i am not a tech savvy guy and i only did this because i wanted free games, so i used AI to explain clearly my problems

I downloaded a 150MB .rar file from a mirror link on a repack site. It contained a Ren'Py-based installer. When run, the installer stuck at 99%. Shortly after, my EA/Origin account was hijacked—the email and password were changed despite having 2FA.

The Malware: Research (PCMag/Cyderes Feb 2026) identifies this as the RenEngine Loader delivering the ACR Stealer. It bypasses 2FA by stealing Session Cookies and browser Login Data. Windows Defender only flags it as a generic PUA:Win32/Gamehack, which is why I didn't suspect a full Trojan.

System Status:

Defender: Notifications for "Gamehack" are persistent/sticky even after file deletion.

Persistence: I suspect it has injected into a system process or added a Registry Run key.

Cleanup: I have cleared all browser cookies and am using a clean device for account recovery.

Should I perform a full OS wipe, or can this be cleared with RKill/HitmanPro?

Specific RenEngine persistence locations in AppData or Registry.

Confirming if my Local State and Login Data files are still being actively scraped.