3sg.7z

According to an article from Ars Technica , the 7-Zip utility contained a flaw that allowed attackers to bypass Windows' security feature. Key Details of the Vulnerability

This inner file triggers an automatic download of a final malware payload, bypassing MotW restrictions entirely. 3sg.7z

Attackers used a nested archive technique (an archive inside another archive). While the outer file (like 3sg.7z ) would be flagged by Windows as downloaded from the internet, the inner archive would not inherit this "Mark of the Web" tag. According to an article from Ars Technica ,