Note any DNS queries or attempts to connect to Command & Control (C2) servers.
Summarize the intent of the archive (e.g., "A multi-stage downloader used to deliver a credential stealer").
Observe if the executable tries to hide itself within legitimate system processes. 5. Findings & Flags