Do not open the file immediately. Upload the package file to a cloud-based multi-engine scanner like VirusTotal to analyze the signature for embedded trojans, keyloggers, or adware. Step 3: Package Execution