: Significant attacks on Croatian institutions (hospitals, financial agencies) have been reported throughout 2024 and 2025 . ⚠️ Indicators of Compromise (IoC)

: If the file was executed, disconnect the device from the internet to prevent data exfiltration.

: New entries in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run . ✅ Recommended Actions

To help me give you more specific advice, could you tell me: Did you it from an email or a website? Have you already opened/extracted the contents? Is this on a work or personal computer? ENISA SECTORIAL THREAT LANDSCAPE

: Make the user believe the file contains historical photos, documents, or "exclusive" vehicle-related info.

: Once extracted, the file likely contains an executable (e.g., .exe , .scr , .bat ) disguised with a PDF or Image icon. 3. Recent Regional Context

: Run a full scan using an updated EDR or Antivirus (e.g., Microsoft Defender, CrowdStrike).