The malware modifies the Windows Registry ( HKCU\Software\Microsoft\Windows\CurrentVersion\Run ) to ensure it starts after a reboot.
In a malware context, this typically contains an executable ( .exe ), a script ( .vbs , .js , .ps1 ), or a malicious document ( .docm ). Tarea 966.zip
Never open unknown .zip files from unsolicited sources on a production machine. a script ( .vbs