Okay so in his setup is a folder named "KD Server," or something like that. Inside was a .bat named KD. In his readme, he tells everybody to run that on their PC if something goes wrong when trying to sign onto Xbox Live. This .bat installs a keylogger in the typical hidden /appdata directory of the user, and dumps a screenshot of the Desktop, and all remembered emails and passwords for Firefox, Chrome, Explorer, etc. into an email format and sends it to his inbox. This keylogger repeats that process every hour. You'll know if you go to your User/Appdata directory. You'll see an .exe with a random grouping of letters, and every single screenshot that was taken and sent each hour in a JPEG format. As far as the keyvault access, the xex is programmed to act as a bridge between his PC, to the root directory of your console once you sign into his "free Stealth server." He then simply just drags and drops the KV.bin and CPUKey.bin right from your root. There's a reason it's free for all. Because he has much to gain.