Likely compiled from credential stuffing or recent stealer logs (RedLine/Vidar) targeting US-based users.
Never open these files on your main machine; use a Virtual Machine (VM) .
Scrutinize the file extension. If it's a .txt.exe or contains hidden scripts, it's a virus.
Standard user:pass or email:pass combo list, optimized for automated checking tools.