analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Luxury Shield 7.1.rar

Full analysis: https://app.any.run/tasks/62b42f10-472e-4fe1-a46d-668d1c361fbd
Verdict: Malicious activity
Analysis date: March 31, 2023, 20:59:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32, flags: RecoveryRecordPresent
MD5:

96F765B91EBA925C6B262D89D1A6A8C9

SHA1:

65AAB7E376393E03D78D11C95E7543E1D95EFE72

SHA256:

65FAE68ECD6E5EFDD44A5A68B33349ADE1C172AE08EA7A1654343CEDF065A298

SSDEEP:

196608:c1roE5rz7tHv2TFc3xo3GJDKbEFYXi2vQeuQLr8HPHpXSU:c18y9v2TE2GoUD2vpr8HRJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Luxury Sheild v7.1.exe (PID: 3180)
      • Luxury Sheild v7.1.exe (PID: 2880)
      • Luxury Sheild v7.1.exe (PID: 3104)
      • Luxury Sheild v7.1.exe (PID: 3532)
      • Luxury Shield 7.1.exe (PID: 3248)
      • WinRAR.exe (PID: 3320)
      • ILMerge.exe (PID: 3156)
      • WinRAR.exe (PID: 2956)
    • Changes the autorun value in the registry

      • ie4uinit.exe (PID: 1416)
      • ie4uinit.exe (PID: 3552)
      • unregmp2.exe (PID: 476)
    • Adds path to the Windows Defender exclusion list

      • Luxury Sheild v7.1.exe (PID: 3532)
    • Bypass execution policy to execute commands

      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 3644)
    • Create files in the Startup directory

      • WinRAR.exe (PID: 3320)
    • Uses Task Scheduler to run other applications

      • WinRAR.exe (PID: 3320)
  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • Luxury Sheild v7.1.exe (PID: 3180)
      • Luxury Sheild v7.1.exe (PID: 2880)
      • Luxury Sheild v7.1.exe (PID: 3104)
    • Reads the Internet Settings

      • cmd.exe (PID: 3404)
      • cmd.exe (PID: 2864)
      • unregmp2.exe (PID: 476)
      • cmd.exe (PID: 3072)
      • Luxury Sheild v7.1.exe (PID: 3532)
      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 3644)
      • WinRAR.exe (PID: 3320)
      • Luxury Shield 7.1.exe (PID: 3248)
    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3404)
      • cmd.exe (PID: 2864)
      • cmd.exe (PID: 3072)
      • Luxury Sheild v7.1.exe (PID: 3532)
    • Changes default file association

      • ie4uinit.exe (PID: 1416)
      • unregmp2.exe (PID: 3252)
    • Write to the desktop.ini file (may be used to cloak folders)

      • ie4uinit.exe (PID: 3552)
    • Using PowerShell to operate with local accounts

      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 3644)
    • Executable content was dropped or overwritten

      • Luxury Sheild v7.1.exe (PID: 3532)
      • WinRAR.exe (PID: 3320)
      • Luxury Shield 7.1.exe (PID: 3248)
    • Reads settings of System Certificates

      • WinRAR.exe (PID: 3320)
    • Process communicates with Telegram (possibly using it as an attacker's C2 server)

      • WinRAR.exe (PID: 3320)
    • Connects to unusual port

      • WinRAR.exe (PID: 3320)
    • The process executes via Task Scheduler

      • WinRAR.exe (PID: 2956)
  • INFO

    • Checks supported languages

      • Luxury Sheild v7.1.exe (PID: 3180)
      • Luxury Sheild v7.1.exe (PID: 2880)
      • mcspad.exe (PID: 4044)
      • OUTLOOK.EXE (PID: 2900)
      • wmpnscfg.exe (PID: 3668)
      • Luxury Sheild v7.1.exe (PID: 3104)
      • Luxury Sheild v7.1.exe (PID: 3532)
      • Luxury Shield 7.1.exe (PID: 3248)
      • WinRAR.exe (PID: 3320)
      • ILMerge.exe (PID: 3156)
      • WinRAR.exe (PID: 2956)
    • Manual execution by a user

      • Luxury Sheild v7.1.exe (PID: 3180)
      • WinRAR.exe (PID: 1628)
      • Luxury Sheild v7.1.exe (PID: 2880)
      • Luxury Sheild v7.1.exe (PID: 3104)
      • notepad.exe (PID: 2792)
      • Luxury Sheild v7.1.exe (PID: 3532)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1628)
      • WinRAR.exe (PID: 2512)
    • The process checks LSA protection

      • Luxury Sheild v7.1.exe (PID: 3180)
      • cmd.exe (PID: 3404)
      • powershell.exe (PID: 1868)
      • ie4uinit.exe (PID: 1416)
      • Luxury Sheild v7.1.exe (PID: 2880)
      • cmd.exe (PID: 2864)
      • powershell.exe (PID: 3724)
      • ie4uinit.exe (PID: 3552)
      • OUTLOOK.EXE (PID: 2900)
      • mcspad.exe (PID: 4044)
      • unregmp2.exe (PID: 476)
      • Luxury Sheild v7.1.exe (PID: 3104)
      • cmd.exe (PID: 3072)
      • powershell.exe (PID: 784)
      • Luxury Sheild v7.1.exe (PID: 3532)
      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 3644)
      • Luxury Shield 7.1.exe (PID: 3248)
      • WinRAR.exe (PID: 3320)
      • ILMerge.exe (PID: 3156)
      • WinRAR.exe (PID: 2956)
    • Reads the computer name

      • Luxury Sheild v7.1.exe (PID: 3180)
      • Luxury Sheild v7.1.exe (PID: 2880)
      • mcspad.exe (PID: 4044)
      • OUTLOOK.EXE (PID: 2900)
      • Luxury Sheild v7.1.exe (PID: 3104)
      • Luxury Sheild v7.1.exe (PID: 3532)
      • Luxury Shield 7.1.exe (PID: 3248)
      • WinRAR.exe (PID: 3320)
      • ILMerge.exe (PID: 3156)
      • WinRAR.exe (PID: 2956)
    • Reads the machine GUID from the registry

      • Luxury Sheild v7.1.exe (PID: 3180)
      • Luxury Sheild v7.1.exe (PID: 2880)
      • OUTLOOK.EXE (PID: 2900)
      • Luxury Sheild v7.1.exe (PID: 3104)
      • Luxury Sheild v7.1.exe (PID: 3532)
      • WinRAR.exe (PID: 3320)
      • Luxury Shield 7.1.exe (PID: 3248)
      • ILMerge.exe (PID: 3156)
      • WinRAR.exe (PID: 2956)
    • Create files in a temporary directory

      • powershell.exe (PID: 1868)
      • powershell.exe (PID: 3724)
      • unregmp2.exe (PID: 476)
      • powershell.exe (PID: 784)
      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 3644)
      • Luxury Sheild v7.1.exe (PID: 3532)
      • Luxury Shield 7.1.exe (PID: 3248)
    • Reads security settings of Internet Explorer

      • powershell.exe (PID: 1868)
      • powershell.exe (PID: 3724)
      • powershell.exe (PID: 784)
      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 3644)
    • Application launched itself

      • chrome.exe (PID: 2424)
    • Reads Microsoft Office registry keys

      • OUTLOOK.EXE (PID: 2900)
    • Process checks computer location settings

      • OUTLOOK.EXE (PID: 2900)
    • Reads settings of System Certificates

      • powershell.exe (PID: 3720)
      • powershell.exe (PID: 3644)
    • Reads Environment values

      • WinRAR.exe (PID: 3320)
    • Creates files or folders in the user directory

      • WinRAR.exe (PID: 3320)
      • Luxury Shield 7.1.exe (PID: 3248)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: Luxury Shield 7.1\Luxury Shield 7.1.exe
PackingMethod: Normal
ModifyDate: 2023:03:23 10:27:22
OperatingSystem: Win32
UncompressedSize: 8479180
CompressedSize: 8370456
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
104
Monitored processes
41
Malicious processes
19
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start drop and start winrar.exe winrar.exe luxury sheild v7.1.exe no specs cmd.exe no specs computerdefaults.exe no specs computerdefaults.exe no specs computerdefaults.exe powershell.exe no specs ie4uinit.exe unregmp2.exe no specs luxury sheild v7.1.exe no specs cmd.exe no specs computerdefaults.exe no specs computerdefaults.exe no specs computerdefaults.exe powershell.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs ie4uinit.exe outlook.exe no specs opera.exe no specs mcspad.exe no specs unregmp2.exe wmpnscfg.exe no specs luxury sheild v7.1.exe no specs cmd.exe no specs computerdefaults.exe no specs computerdefaults.exe no specs computerdefaults.exe powershell.exe no specs notepad.exe no specs luxury sheild v7.1.exe powershell.exe no specs luxury shield 7.1.exe powershell.exe no specs winrar.exe schtasks.exe no specs ilmerge.exe no specs winrar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2512"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Luxury Shield 7.1.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\ntdll.dll
1628"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\Luxury Shield 7.1\Luxury Shield 7.1.exe" "C:\Users\admin\Desktop\Luxury Shield 7.1\"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3180"C:\Users\admin\Desktop\Luxury Shield 7.1\Luxury Sheild v7.1.exe" C:\Users\admin\Desktop\Luxury Shield 7.1\Luxury Sheild v7.1.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Luxury Shield
Exit code:
0
Version:
7.1.0.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\desktop\luxury shield 7.1\luxury sheild v7.1.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
3404"cmd.exe" /c start computerdefaults.exe && powershell.exe Remove-Item -Path HKCU:\Software\Classes\ms-settings\shell -RecurseC:\Windows\System32\cmd.exeLuxury Sheild v7.1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3416computerdefaults.exe C:\Windows\System32\ComputerDefaults.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Set Program Access and Computer Defaults Control Panel
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\computerdefaults.exe
c:\windows\system32\ntdll.dll
3676"C:\Windows\system32\ComputerDefaults.exe" C:\Windows\System32\ComputerDefaults.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Set Program Access and Computer Defaults Control Panel
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\computerdefaults.exe
c:\windows\system32\ntdll.dll
2708"C:\Windows\system32\ComputerDefaults.exe" C:\Windows\System32\ComputerDefaults.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Set Program Access and Computer Defaults Control Panel
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\computerdefaults.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
1868powershell.exe Remove-Item -Path HKCU:\Software\Classes\ms-settings\shell -RecurseC:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\atl.dll
c:\windows\system32\gdi32.dll
1416"C:\Windows\System32\ie4uinit.exe" -reinstallC:\Windows\System32\ie4uinit.exe
ComputerDefaults.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
IE Per-User Initialization Utility
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\windows\system32\ie4uinit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3252C:\Windows\system32\unregmp2.exe /SetWMPAsDefaultC:\Windows\System32\unregmp2.exeComputerDefaults.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Windows Media Player Setup Utility
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\unregmp2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
42 050
Read events
40 696
Write events
1 176
Delete events
178

Modification events

(PID) Process:(2512) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(2512) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
20
Suspicious files
52
Text files
30
Unknown types
6

Dropped files

PID
Process
Filename
Type
2424chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-642749F0-978.pma
MD5:
SHA256:
1628WinRAR.exeC:\Users\admin\Desktop\Luxury Shield 7.1\Luxury Sheild v7.1.exeexecutable
MD5:F145671C3C65072A5A49F1D1D68A4A3A
SHA256:D5DCDE7CED43245641793538F847C55E3271F5FF8EB45FA5616A00634B7E64A1
1628WinRAR.exeC:\Users\admin\Desktop\Luxury Shield 7.1\ILMerge.exeexecutable
MD5:2BB6322885E6CA0986206DE174E842C9
SHA256:8110D740B485BCB06FF406B17001714C3A146FE6517098C9DC90D812B83389FD
1628WinRAR.exeC:\Users\admin\Desktop\Luxury Shield 7.1\learn all kind of hacking.urlurl
MD5:7ADE4A739CBD8F44D0EF52A2F1BC6E7B
SHA256:CC7649ED53C65E4851ACE414529564FE16801BB2BED4CB15588BFD6B4AC13616
2512WinRAR.exeC:\Users\admin\Desktop\Luxury Shield 7.1\Luxury Shield 7.1.exeexecutable
MD5:E484D9F831BAE0A774F3AC0FCFF44512
SHA256:CDB6B34EB4090B0BE2B503767A8463741BC17B5CAC2D2E22CAF52AA1676616A7
2900OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\CVREC5F.tmp.cvr
MD5:
SHA256:
2424chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\4cf7a2d5-a909-4bd6-888c-6efd57185e08.tmptext
MD5:BADDBD6372ECB314D38A1ED22B2DC8A5
SHA256:47B77C64B87FE5A8D32F22ACF32FE599917981E9383AC70B7BB005D4AD388B7E
2424chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Local Statetext
MD5:BADDBD6372ECB314D38A1ED22B2DC8A5
SHA256:47B77C64B87FE5A8D32F22ACF32FE599917981E9383AC70B7BB005D4AD388B7E
1628WinRAR.exeC:\Users\admin\Desktop\Luxury Shield 7.1\Pass to use.txttext
MD5:F2B0D578A79AC19B492E04BC5A7050F7
SHA256:78F53709CCE69E858FBB201BE13803E63D7E0AA84D7CABE1353CE4989C68EEC7
2424chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\2fe18425-dad5-43b5-b981-f6efd1e46dd8.tmptext
MD5:BADDBD6372ECB314D38A1ED22B2DC8A5
SHA256:47B77C64B87FE5A8D32F22ACF32FE599917981E9383AC70B7BB005D4AD388B7E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
3
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3320
WinRAR.exe
149.154.167.220:443
api.telegram.org
Telegram Messenger Inc
GB
malicious
3320
WinRAR.exe
209.25.141.229:17251
society-painted.at.ply.gg
PLAYIT-GG
US
malicious

DNS requests

Domain
IP
Reputation
api.telegram.org
  • 149.154.167.220
shared
society-painted.at.ply.gg
  • 209.25.141.229
malicious
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

PID
Process
Class
Message
Misc activity
ET HUNTING Telegram API Domain in DNS Lookup
3320
WinRAR.exe
Misc activity
ET HUNTING Observed Telegram API Domain (api .telegram .org in TLS SNI)
3320
WinRAR.exe
Misc activity
ET HUNTING Telegram API Certificate Observed
Potentially Bad Traffic
ET INFO playit .gg Tunneling Domain in DNS Lookup
No debug info