Analysis Overview
SHA256
9467ea12cebc4405bddd6ae147731c2370faa45f9651b8b70581dfbc69d5abf7
Threat Level: Likely benign
The file freshwomen-season-2-episode-2-part-3-pc-720p-compressed.zip was found to be: Likely benign.
Malicious Activity Summary
Changes its process name
Reads CPU attributes
Checks CPU configuration
HTTP links in PDF interactive object
One or more HTTP URLs in PDF identified
Enumerates physical storage devices
Unsigned PE
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-20 23:16
Signatures
HTTP links in PDF interactive object
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
One or more HTTP URLs in PDF identified
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral18
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240426-en
Max time kernel
115s
Max time network
176s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\nvdrs.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
Files
Analysis: behavioral32
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240508-en
Max time kernel
123s
Max time network
151s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240508-en
Max time kernel
126s
Max time network
172s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libEGL.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral25
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
win7-20240508-en
Max time kernel
120s
Max time network
155s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\steam_api64.dll,#1
Network
Files
Analysis: behavioral26
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240508-en
Max time kernel
118s
Max time network
191s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\steam_api64.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
Analysis: behavioral13
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
win7-20240508-en
Max time kernel
142s
Max time network
35s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1524 wrote to memory of 1932 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1524 wrote to memory of 1932 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1524 wrote to memory of 1932 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libpython2.7.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1524 -s 148
Network
Files
memory/1524-0-0x000007FEF5910000-0x000007FEF5F29000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
win7-20240221-en
Max time kernel
14s
Max time network
35s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libGLESv2.dll,#1
Network
Files
Analysis: behavioral19
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
win7-20231129-en
Max time kernel
140s
Max time network
151s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe"
Network
Files
memory/1940-0-0x0000000140000000-0x0000000140021000-memory.dmp
memory/1940-2-0x000007FEF43D0000-0x000007FEF49E9000-memory.dmp
memory/1940-1-0x000007FEF49F0000-0x000007FEF5A2A000-memory.dmp
Analysis: behavioral20
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
win10v2004-20240508-en
Max time kernel
141s
Max time network
188s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\python.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
memory/2328-0-0x0000000140000000-0x0000000140021000-memory.dmp
memory/2328-2-0x00007FFCC0B70000-0x00007FFCC1189000-memory.dmp
memory/2328-1-0x00007FFCC1190000-0x00007FFCC21CA000-memory.dmp
Analysis: behavioral23
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:25
Platform
win7-20240221-en
Max time kernel
7s
Max time network
84s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\say.vbs"
Network
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240508-en
Max time kernel
121s
Max time network
173s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\d3dcompiler_47.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.192.11.51.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
62s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1495/maps | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/python | N/A |
Processes
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/python
[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/python]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 1.1.1.1:53 | extensions.gnome.org | udp |
| US | 1.1.1.1:53 | extensions.gnome.org | udp |
| US | 151.101.65.91:443 | extensions.gnome.org | tcp |
| GB | 89.187.167.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
63s
Command Line
Signatures
Processes
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsync
[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsync]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.193.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.15:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win7-20240508-en
Max time kernel
142s
Max time network
34s
Command Line
Signatures
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1808 wrote to memory of 2064 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1808 wrote to memory of 2064 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
| PID 1808 wrote to memory of 2064 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\system32\WerFault.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\librenpython.dll,#1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1808 -s 216
Network
Files
memory/1808-1-0x000007FEF5B10000-0x000007FEF6129000-memory.dmp
memory/1808-0-0x000007FEF40B0000-0x000007FEF50EA000-memory.dmp
Analysis: behavioral16
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240508-en
Max time kernel
123s
Max time network
174s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\librenpython.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
memory/3904-1-0x00007FFF7B090000-0x00007FFF7B6A9000-memory.dmp
memory/3904-0-0x00007FFF7B6B0000-0x00007FFF7C6EA000-memory.dmp
Analysis: behavioral21
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win7-20240221-en
Max time kernel
2s
Max time network
47s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe"
Network
Files
memory/3060-0-0x0000000140000000-0x0000000140014000-memory.dmp
memory/3060-2-0x000007FEF55C0000-0x000007FEF5BD9000-memory.dmp
memory/3060-1-0x000007FEF5BE0000-0x000007FEF6C1A000-memory.dmp
Analysis: behavioral12
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240426-en
Max time kernel
131s
Max time network
168s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libGLESv2.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.73.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240426-en
Max time kernel
117s
Max time network
171s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libpython2.7.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
memory/3892-0-0x00007FFFFCDD0000-0x00007FFFFD3E9000-memory.dmp
Analysis: behavioral31
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win7-20240508-en
Max time kernel
102s
Max time network
43s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyo | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\.pyo\ = "pyo_auto_file" | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\ | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell\Read | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell\Read\command | C:\Windows\system32\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000_CLASSES\pyo_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe\" \"%1\"" | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1452 wrote to memory of 2768 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1452 wrote to memory of 2768 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 1452 wrote to memory of 2768 | N/A | C:\Windows\system32\cmd.exe | C:\Windows\system32\rundll32.exe |
| PID 2768 wrote to memory of 2520 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2768 wrote to memory of 2520 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2768 wrote to memory of 2520 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
| PID 2768 wrote to memory of 2520 | N/A | C:\Windows\system32\rundll32.exe | C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\python2.7\BaseHTTPServer.pyo"
Network
Files
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
| MD5 | a94f4166c78327f8e085ed6ea92e7f3c |
| SHA1 | 7b8f943b6b7de447c82b8dffb2cc469b7cee4e37 |
| SHA256 | 6311d82aa6bde7d6b1f666a538a662ae994e39dcc8cd7c4518f9b2574fd6d2d1 |
| SHA512 | f655ddc118828428c0a8fc7895ab3b7ca24147434caa8ad29fe0d2dfc19a4c8e8f8b68b5a2e7f8e23a0c0365e51bd5fb5b61c7163b034cee6366582066f5009f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
0s
Max time network
137s
Command Line
Signatures
Processes
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/librenpython.so
[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/librenpython.so]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
67s
Command Line
Signatures
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1493/maps | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/pythonw | N/A |
Processes
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/pythonw
[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/pythonw]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.1.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 89.187.167.3:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral28
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240508-en
Max time kernel
115s
Max time network
173s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.73.50.20.in-addr.arpa | udp |
Files
memory/4004-0-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral30
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240426-en
Max time kernel
140s
Max time network
171s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
Files
memory/5100-0-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
67s
Command Line
Signatures
Processes
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/libsteam_api.so
[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/libsteam_api.so]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.1.91:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| GB | 195.181.164.20:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
66s
Command Line
Signatures
Processes
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsyncmake
[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/zsyncmake]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.129.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.7:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
Analysis: behavioral17
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win7-20240221-en
Max time kernel
2s
Max time network
47s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\nvdrs.dll,#1
Network
Files
Analysis: behavioral22
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240508-en
Max time kernel
122s
Max time network
172s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\pythonw.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
memory/1596-0-0x0000000140000000-0x0000000140014000-memory.dmp
memory/1596-2-0x00007FF8AF760000-0x00007FF8AFD79000-memory.dmp
memory/1596-1-0x00007FF8AFD80000-0x00007FF8B0DBA000-memory.dmp
Analysis: behavioral24
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win10v2004-20240426-en
Max time kernel
117s
Max time network
170s
Command Line
Signatures
Processes
C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\say.vbs"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
Files
Analysis: behavioral29
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win7-20240419-en
Max time kernel
142s
Max time network
33s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsyncmake.exe"
Network
Files
memory/1852-0-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:23
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
149s
Max time network
62s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | SDLHotplugALSA | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SDLTimer | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
Enumerates kernel/hardware configuration
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1488/maps | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for reading | /proc/self/fd | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/vc_version.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/androidhw.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/translation/merge.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/gesture.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/minstore.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/log.txt | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/anim.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testmouse.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/presplash.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/sl2/slast.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/defaultstore.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testexecution.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/lint.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/__init__.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testkey.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/webloader.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/py2analysis.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/im.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/imagelike.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/error.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/color.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/styledata/__init__.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/text/__init__.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/dragdrop.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/rollback.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/tts.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/editor.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/live2dmotion.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/debug.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/ioshw.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/curry.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/live2d.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/cWtUTi | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/__init__.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/log.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/music.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/character.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/ast.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/motion.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/audio.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/sl2/slparser.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/gl2shadercache.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testfocus.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/config.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/pgrender.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/minigame.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/model.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/layout.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/transition.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/test/testast.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/compat/fixes.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/text/font.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/object.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/viewport.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/imagemap.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/audio/__init__.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/game.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/persistent.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl2/gl2functions.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/gl/glfunctions.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/translation/scanstrings.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/display/focus.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/preferences.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
| File opened for modification | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/renpy/savelocation.pyo | /tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen | N/A |
Processes
/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen
[/tmp/freshwomen-season-2-episode-2-part-3-pc-720p-compressed/lib/py2-linux-x86_64/FreshWomen]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/sh
[sh -c uname -p 2> /dev/null]
/bin/uname
[uname -p]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.129.91:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp |
Files
/tmp/cWtUTi
| MD5 | 3f1d1d8d87177d3d8d897d7e421f84d6 |
| SHA1 | dd082d742a5cb751290f1db2bd519c286aa86d95 |
| SHA256 | f02285fb90ed8c81531fe78cf4e2abb68a62be73ee7d317623e2c3e3aefdfff2 |
| SHA512 | 2ae2b3936f31756332ca7a4b877d18f3fcc50e41e9472b5cd45a70bea82e29a0fa956ee6a9ee0e02f23d9db56b41d19cb51d88aac06e9c923a820a21023752a9 |
/root/.renpy/FreshWomen-1593632962/text.txt
| MD5 | f4020e91252aafd4b18d8acd17f883db |
| SHA1 | 748d77dbb8bdb0dd330c099e7fde82da053fb1ff |
| SHA256 | 314ad142957febe390cc7223b4deb1d1b21c187f84f6e7257a23fe46c27fcae3 |
| SHA512 | 301ddd0e34cbd842dae99a2cc4ccbfeb6ee8b3def39c214a719fa9edc26d7142749bbe6e992d26353dc167febbab0dbc05476b68a86ad93cab5f299f0aaf916d |
Analysis: behavioral27
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win7-20240221-en
Max time kernel
12s
Max time network
34s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe
"C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\zsync.exe"
Network
Files
memory/832-0-0x0000000000400000-0x000000000041C000-memory.dmp
Analysis: behavioral9
Detonation Overview
Submitted
2024-05-20 23:11
Reported
2024-05-20 23:24
Platform
win7-20231129-en
Max time kernel
21s
Max time network
32s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\freshwomen-season-2-episode-2-part-3-pc-720p-compressed\lib\py2-windows-x86_64\libEGL.dll,#1