14
This specific file name is often associated with "malvertising" or SEO poisoning, where it is presented as:
Scans for local wallet files (e.g., Bitcoin, Ethereum, Armory) and browser-based wallet extensions.
The archive typically contains a payload that, when executed, performs the following malicious actions:
Disguised as a tool to unlock premium software (e.g., Adobe products, Windows activators).
Collects hardware specifications, IP addresses, usernames, and a list of installed applications.