The Tarasande Client likely stole cookies. Even after removal, the attacker may have a valid session token.
Tarasande is not a legitimate software client but a name used in cybersecurity research to identify a specific strain of information-stealing malware (Infostealer). It is often associated with loader components like SysDVR and is typically distributed via malvertising, fake software cracks, or phishing emails disguised as legitimate utility tools or driver updates. Tarasande Client
Most infostealers come and go. The Tarasande Client is persistent for three reasons: The Tarasande Client likely stole cookies