STEAM
UPLAY
PC
Analysis of this file across platforms like ANY.RUN and Hybrid Analysis reveals several critical red flags:
The file is highly likely to be a malicious payload masquerading as a cracked version of the survival game Green Hell . Analysis reports from automated sandboxes identify this specific archive as a distribution vector for Lumma Stealer , a sophisticated piece of malware designed to exfiltrate sensitive data. Key Findings from Malware Reports
: The archive typically contains an executable (often hidden behind a double extension or a fake icon) that, when run, deploys Lumma Stealer. This malware targets cryptocurrency wallets, browser passwords, cookies, and 2FA session tokens.
: If you have downloaded or executed this file, it is recommended to immediately disconnect from the internet , change all critical passwords (especially for banking and email) from a separate, clean device, and perform a full system wipe.
: Reports highlight that the malware specifically searches for directories related to Telegram Desktop , Discord , and various Chromium-based browsers to strip saved login credentials. Technical Indicators Observation File Type WinRAR Archive (RAR) Threat Level Critical (100/100) Main Process
Contacting external IPs via HTTP/POST requests to exfiltrate ZIP archives of stolen data.
: Once active, the report shows the process reaching out to known Command and Control (C2) servers, often using .shop or .pw TLDs, to upload the stolen data.
Often spawns a sub-process like GreenHell.exe or a random string (e.g., svchost.exe injection).
