File name:

FetishLocatorWeek3-v3.2.9-pc.lite.txt

Full analysis: https://app.any.run/tasks/93ddd32b-ccd4-47d1-90ce-0c104b3d73a3
Verdict: Malicious activity
Analysis date: February 01, 2024, 23:33:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with no line terminators
MD5:

2C4A80E6A3FB15D9D78DA0FA71DA3DAE

SHA1:

2EC89F3BCE332B64A34509A16A32A716087FFE72

SHA256:

8779516115450161BF30EEC22F73464706DABF76FB47D65B52CD04ECC1403F34

SSDEEP:

3:AMKkGH8OC3cocCm:AMKPKsoBm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • FetishLocatorWeek3-32.exe (PID: 3568)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1072)

  • INFO

    • Manual execution by a user

      • WinRAR.exe (PID: 1072)
      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1072)

    • Checks supported languages

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Reads the machine GUID from the registry

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Reads the computer name

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1072)

    • Create files in a temporary directory

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Creates files or folders in the user directory

      • FetishLocatorWeek3-32.exe (PID: 3568)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start notepad.exe no specs winrar.exe fetishlocatorweek3-32.exe

Process information

PID
CMD
Path
Indicators
Parent process
1072"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite.rar" C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1504"C:\Windows\system32\NOTEPAD.EXE" "C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite.txt"C:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3568"C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\FetishLocatorWeek3-32.exe" C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\FetishLocatorWeek3-32.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\fetishlocatorweek3-v3.2.9-pc.lite\fetishlocatorweek3-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
Total events
746
Read events
738
Write events
8
Delete events
0

Modification events

(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosX
Value:
76
(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosY
Value:
189
(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosDX
Value:
960
(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosDY
Value:
501
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
27
Suspicious files
113
Text files
1 057
Unknown types
2

Dropped files

PID
Process
Filename
Type
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\ioshw.pyotext
MD5:153FBD2389010E7A6E4DD6D032C97B76
SHA256:3A136246BB9E365EA328636945C6112B6392B3B6ED50149EAF48ECE305F1C4AD
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\ast.pyotext
MD5:C563DFC25F460E1DDBF6DC9B2F30814E
SHA256:2893083726275FC5AD3EAC79DF1EA2FE78AE6E95C2EB9F54E76B229D772BACC0
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\androidhw.pyotext
MD5:A88AD1A07E6B8F5B651A243BDCB0B5A2
SHA256:FC4C2B6ED43EDB7644322765250CD17C1B38DD4ED27437028CEAE615A6237C3E
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\arguments.pytext
MD5:AD1CB65BCBDEAAF7CC2116EBD80ACE5D
SHA256:FF062EA9E72878828C57329F28977723D378C645726A28BACA79EA9996E56E66
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\arguments.pyotext
MD5:D95534C36BA7270DDCE8BCA63062E75F
SHA256:37DB4085C2DAB8B5521F11D00B7F2780F92CF30C6D0DA221B6E80CCDD2498EEC
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\ast.pytext
MD5:DD501A8032028DE434162E1A2C138592
SHA256:99E3E5117C75CE8D59F795DD808EFBAF56E1BAADA9CDF124A7E2641C0A8AE138
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\atl.pytext
MD5:50F8646FA5E8D860E84CBE5FB2C1CA55
SHA256:9B1975F2D136E1EC0CC6F9586FB0FD662D955FE096873474A9F9D2FD7BD218D7
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\add_from.pytext
MD5:E521033D214395AB3B15F39291FAE2C5
SHA256:8CA9CC79616C3BA56A520E09B73D463F6ADE3163422EDE7BBE4F7DF8172AC4A7
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\androidhw.pytext
MD5:AE0165654F6005F44B053167BAB6E82C
SHA256:DAD9D314F271EFBE5B0C5165E3B5CFB2F2DA32B7DEB94F59F9AA97D31DB48E26
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\audio.pytext
MD5:9468776942B9156017786A28229377BA
SHA256:B05BF1AFD26912EC89B3806DAE72DE43AE9CF9B5AC4D14F67CAEA1E9EA11FBCF
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
FetishLocatorWeek3-32.exe
[S_API] SteamAPI_Init(): SteamAPI_IsSteamRunning() did not locate a running instance of Steam.
FetishLocatorWeek3-32.exe
[S_API] SteamAPI_Init(): Sys_LoadModule failed to load: C:\Program Files\Steam\steamclient.dll
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FetishLocatorWeek3-v3.2.9-pc.lite.txt