: It often modifies the Windows Registry to ensure the malware runs every time the system starts [2].

: If you have this file on your system, do not open or extract it.

The file is identified as a malicious archive, frequently associated with malware distribution and credential harvesting [1, 3]. It is often delivered via phishing emails or hosted on suspicious file-sharing domains [4]. Security Analysis

: Most reports indicate it arrives as an attachment in fake "payment notification" or "shipping document" emails [1, 4]. Behavior :

: This archive typically acts as a "dropper." It contains obfuscated executables or scripts (like .vbs or .js) designed to download and install secondary payloads such as RedLine Stealer , Agent Tesla , or Formbook [2, 5].