File name:

FetishLocatorWeek3-v3.2.9-pc.lite.txt

Full analysis: https://app.any.run/tasks/93ddd32b-ccd4-47d1-90ce-0c104b3d73a3
Verdict: Malicious activity
Analysis date: February 01, 2024, 23:33:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with no line terminators
MD5:

2C4A80E6A3FB15D9D78DA0FA71DA3DAE

SHA1:

2EC89F3BCE332B64A34509A16A32A716087FFE72

SHA256:

8779516115450161BF30EEC22F73464706DABF76FB47D65B52CD04ECC1403F34

SSDEEP:

3:AMKkGH8OC3cocCm:AMKPKsoBm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • FetishLocatorWeek3-32.exe (PID: 3568)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1072)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1072)

    • Manual execution by a user

      • WinRAR.exe (PID: 1072)
      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Checks supported languages

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Create files in a temporary directory

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Creates files or folders in the user directory

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1072)

    • Reads the machine GUID from the registry

      • FetishLocatorWeek3-32.exe (PID: 3568)

    • Reads the computer name

      • FetishLocatorWeek3-32.exe (PID: 3568)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start notepad.exe no specs winrar.exe fetishlocatorweek3-32.exe

Process information

PID
CMD
Path
Indicators
Parent process
1072"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite.rar" C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1504"C:\Windows\system32\NOTEPAD.EXE" "C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite.txt"C:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3568"C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\FetishLocatorWeek3-32.exe" C:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\FetishLocatorWeek3-32.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\fetishlocatorweek3-v3.2.9-pc.lite\fetishlocatorweek3-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
Total events
746
Read events
738
Write events
8
Delete events
0

Modification events

(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosX
Value:
76
(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosY
Value:
189
(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosDX
Value:
960
(PID) Process:(1504) notepad.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Notepad
Operation:writeName:iWindowPosDY
Value:
501
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1072) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
27
Suspicious files
113
Text files
1 057
Unknown types
2

Dropped files

PID
Process
Filename
Type
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\arguments.pytext
MD5:AD1CB65BCBDEAAF7CC2116EBD80ACE5D
SHA256:FF062EA9E72878828C57329F28977723D378C645726A28BACA79EA9996E56E66
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\add_from.pyotext
MD5:4E14502E3095DC6A7117220D8C29AA97
SHA256:86AFB09E0E0D10FB6FB9D050948498880BCF5BE39448ECEB43C37E509E875CBF
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\ast.pytext
MD5:DD501A8032028DE434162E1A2C138592
SHA256:99E3E5117C75CE8D59F795DD808EFBAF56E1BAADA9CDF124A7E2641C0A8AE138
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\arguments.pyotext
MD5:D95534C36BA7270DDCE8BCA63062E75F
SHA256:37DB4085C2DAB8B5521F11D00B7F2780F92CF30C6D0DA221B6E80CCDD2498EEC
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\music.pyotext
MD5:43E43D2D330C46D8D77C876E71D041B0
SHA256:8691403ECCC7B11B4377FFADA58B106995F4E44B1EBCF0F85690410CE659B1EF
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\add_from.pytext
MD5:E521033D214395AB3B15F39291FAE2C5
SHA256:8CA9CC79616C3BA56A520E09B73D463F6ADE3163422EDE7BBE4F7DF8172AC4A7
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\ioshw.pytext
MD5:9F5CF9F6EDD3E4421947F547F221F18F
SHA256:BFD61533734E684B59FE20754635CCAC1F4DCC6C11D35091E9044919399EF5A6
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\ast.pyotext
MD5:C563DFC25F460E1DDBF6DC9B2F30814E
SHA256:2893083726275FC5AD3EAC79DF1EA2FE78AE6E95C2EB9F54E76B229D772BACC0
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\sound.pytext
MD5:525368868BE631A35AADDFA1502F00B1
SHA256:3043CAF3133CF1295711127DD0E8DF1AA596F7D1EE60F1C7B4BE06A3DC9403D1
1072WinRAR.exeC:\Users\admin\Desktop\FetishLocatorWeek3-v3.2.9-pc.lite\renpy\audio\androidhw.pyotext
MD5:A88AD1A07E6B8F5B651A243BDCB0B5A2
SHA256:FC4C2B6ED43EDB7644322765250CD17C1B38DD4ED27437028CEAE615A6237C3E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
FetishLocatorWeek3-32.exe
[S_API] SteamAPI_Init(): SteamAPI_IsSteamRunning() did not locate a running instance of Steam.
FetishLocatorWeek3-32.exe
[S_API] SteamAPI_Init(): Sys_LoadModule failed to load: C:\Program Files\Steam\steamclient.dll
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FetishLocatorWeek3-v3.2.9-pc.lite.txt