: Note if the archive is password-protected, which is common for malware to bypass email scanners.
: List specific IPs, URLs, and User-Agents used by the malware. Twisted_Sister-1.7z
: Document which processes are spawned (e.g., cmd.exe calling powershell.exe ). : Note if the archive is password-protected, which