Why does changing the transmission path (e.g., copying a file into a virtual machine) bypass the Attachment Manager?

When a file is copied via a trusted method (such as dragging into a virtual machine), the original ADS (`Zone.Identifier`) is not preserved. The new copy therefore appears as a local file without any mark of untrusted origin, so Windows does not show a warning. This method exploits the fact that ADS streams are not transferred across certain operations. See An interesting way of bypassing Windows Attachment Manager for a practical example with `python-2.7.12.msi`.