: Security researchers often flag these files as "suspicious" or "malicious" due to their behavior. For instance, Hybrid Analysis reports show that such tools may read terminal service keys (RDP) or computer names, which can be interpreted as potential malware indicators .