.lnk (Windows Shortcut) files pointing to PowerShell commands. .exe disguised as document icons (e.g., invoice.pdf.exe ).

If the contents are executed in a sandbox, the typical lifecycle of a "post2" style artifact is: The user extracts post2.7z .

The user clicks a file inside, triggering a PowerShell or CMD one-liner.

Post2.7z [Extended]

.lnk (Windows Shortcut) files pointing to PowerShell commands. .exe disguised as document icons (e.g., invoice.pdf.exe ).

If the contents are executed in a sandbox, the typical lifecycle of a "post2" style artifact is: The user extracts post2.7z . post2.7z

The user clicks a file inside, triggering a PowerShell or CMD one-liner. triggering a PowerShell or CMD one-liner.