Cuckoo Sandbox

File 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe

Summary
Download Resubmit sample

Size	256.4KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`864c193598ff8bcead8abc1519d3e1c1`
SHA1	`8ecf45e78e1dfcce0343d2181d4a71365aa96a73`
SHA256	`7eb71b73e8aaceaa34e554714339ce0d4fef959be58b8767da60ca89bf8bc316`
SHA512	`128aa5bb1f433e0492ab50c87fc5ef686138dd848cc07b8dff4df5d066cd660e1be5c43180ce9fed21aa7e0bbb252f3ecbd0693520d1fe849172375bd2779329`
CRC32	`6C12DDC2`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6620477

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	July 5, 2025, 10:42 a.m.	July 5, 2025, 10:50 a.m.	431 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-06-30 18:02:30,015 [analyzer] DEBUG: Starting analyzer from: C:\tmpsftntc
2025-06-30 18:02:30,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\bhxAJEwlQKFUFtzG
2025-06-30 18:02:30,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\DEFhKGeVLdOEswBtKKlXANujWYGaNj
2025-06-30 18:02:30,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-06-30 18:02:30,015 [analyzer] INFO: Automatically selected analysis package "exe"
2025-06-30 18:02:30,280 [analyzer] DEBUG: Started auxiliary module Curtain
2025-06-30 18:02:30,280 [analyzer] DEBUG: Started auxiliary module DbgView
2025-06-30 18:02:30,765 [analyzer] DEBUG: Started auxiliary module Disguise
2025-06-30 18:02:30,983 [analyzer] DEBUG: Loaded monitor into process with pid 508
2025-06-30 18:02:30,983 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-06-30 18:02:30,983 [analyzer] DEBUG: Started auxiliary module Human
2025-06-30 18:02:30,983 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-06-30 18:02:30,983 [analyzer] DEBUG: Started auxiliary module Reboot
2025-06-30 18:02:31,062 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-06-30 18:02:31,062 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-06-30 18:02:31,062 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-06-30 18:02:31,062 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-06-30 18:02:31,233 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm  (e6rl5yo1).mpg.exe' with arguments '' and pid 2636
2025-06-30 18:02:31,405 [analyzer] DEBUG: Loaded monitor into process with pid 2636
2025-06-30 18:02:31,562 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Windowsd50l2bvpd8
2025-06-30 18:02:31,608 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files\Common Files\Microsoft Shared\black qtcr1re ni0p0dq8 9w4xilz6j2 .mpg.exe
2025-06-30 18:02:31,858 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files\DVD Maker\Shared\h3ps6tmu mkx87b [bangbus] titts v14bqy5ueys  (Jade,Karin).mpg.exe
2025-06-30 18:02:32,171 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files\Microsoft Office\Templates\jspx4i 76qp9o6j jbp79p wifey .rar.exe
2025-06-30 18:02:32,203 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\t1apup6 hot (!) latex .zip.exe
2025-06-30 18:02:32,280 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files\Windows Journal\Templates\3lhg1q chkaba9s0 g28gx7w6vur32j .rar.exe
2025-06-30 18:02:32,405 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files\Windows Sidebar\Shared Gadgets\u8ywwbo t1apup6 uncut ct48q6s .zip.exe
2025-06-30 18:02:32,453 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\3lhg1q q0vgw72 g28gx7w6vur32j .avi.exe
2025-06-30 18:02:32,546 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files (x86)\Common Files\microsoft shared\r2bdcnb q0vgw72 2e032zbb avhkl4osfi1b1  (l0p693,l0p693).zip.exe
2025-06-30 18:02:32,890 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chkaba9s0 sperm 2e032zbb avhkl4osfi1b1 .mpg.exe
2025-06-30 18:02:33,062 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\RAC\Temp\wiya6rsl beast 2eoamoy big .avi.exe
2025-06-30 18:02:33,140 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\Search\Data\Temp\black 76qp9o6j 2e032zbb hotel  (Sonja).rar.exe
2025-06-30 18:02:33,217 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\Windows\Templates\0ymg8tq 2eoamoy nk2tll hole .mpg.exe
2025-06-30 18:02:33,296 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\Windows\Templates\0ymg8tq horse jspx4i nugdmg18bgxp .mpg.exe
2025-06-30 18:02:33,640 [analyzer] INFO: Injected into process with pid 2736 and name ''
2025-06-30 18:02:33,687 [analyzer] INFO: Added new file to list with pid 2636 and path C:\tmpsftntc\2wr8ay1 cum jbp79p .zip.exe
2025-06-30 18:02:33,796 [analyzer] DEBUG: Loaded monitor into process with pid 2736
2025-06-30 18:02:33,796 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\0ymg8tq porn hot (!) ash  (Jenna).mpg.exe
2025-06-30 18:02:33,921 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Administrator\AppData\Local\Temp\chkaba9s0 nugdmg18bgxp boobs 55svezg .rar.exe
2025-06-30 18:02:33,983 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\qtcr1re uncut  (Sonja).zip.exe
2025-06-30 18:02:34,030 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\ibxj3s2 ibxj3s2 hot (!) p834ynn  (Sonja,Liz).mpeg.exe
2025-06-30 18:02:34,233 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\0516z8ivf q0vgw72 girls legs .avi.exe
2025-06-30 18:02:34,328 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\3o9e0ag1 horse l6ppef ibxj3s2 ct48q6s .zip.exe
2025-06-30 18:02:34,437 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian porn hot (!) cock wifey  (wrtdiha,Sonja).avi.exe
2025-06-30 18:02:34,546 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\RAC\Temp\0516z8ivf horse xxx 2e032zbb balls .mpg.exe
2025-06-30 18:02:34,592 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\Search\Data\Temp\horse c4ou4r0 ni0p0dq8 50+ .rar.exe
2025-06-30 18:02:34,655 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\Windows\Templates\wiya6rsl ibxj3s2 i4caruo hole u3nxpdd .zip.exe
2025-06-30 18:02:34,717 [analyzer] INFO: Added new file to list with pid 2636 and path C:\ProgramData\Microsoft\Windows\Templates\0516z8ivf t1apup6 i4caruo ofok9a 63k9qbq9xg  (1bcw83k).mpeg.exe
2025-06-30 18:02:34,765 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\y3hndyq mkx87b [free] ct48q6s .mpeg.exe
2025-06-30 18:02:34,780 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\u8ywwbo v8jedw8 big  (Jade,e6rl5yo1).zip.exe
2025-06-30 18:02:34,828 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\mkx87b jspx4i i4caruo hairy  (x8z5ka).mpeg.exe
2025-06-30 18:02:34,858 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\ar164nb horse [milf] avhkl4osfi1b1  (Karin).avi.exe
2025-06-30 18:02:34,967 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\98edvx c4ou4r0 t1apup6 2e032zbb wifey  (ihcwxtl,ydezx1cz6).mpeg.exe
2025-06-30 18:02:35,000 [analyzer] INFO: Added new file to list with pid 2636 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude mgdo94z3fb2 ibxj3s2  (Sandy).zip.exe
2025-06-30 18:05:50,233 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-06-30 18:05:51,592 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-06-30 18:05:51,592 [lib.api.process] INFO: Successfully terminated process with pid 2636.
2025-06-30 18:05:51,592 [lib.api.process] INFO: Successfully terminated process with pid 2736.
2025-06-30 18:05:52,280 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\templates\asian porn hot (!) cock wifey  (wrtdiha,sonja).avi.exe
2025-06-30 18:05:52,280 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\0516z8ivf t1apup6 i4caruo ofok9a 63k9qbq9xg  (1bcw83k).mpeg.exe
2025-06-30 18:05:52,280 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\microsoft\windows\temporary internet files\y3hndyq mkx87b [free] ct48q6s .mpeg.exe
2025-06-30 18:05:52,280 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\chkaba9s0 nugdmg18bgxp boobs 55svezg .rar.exe
2025-06-30 18:05:52,280 [analyzer] WARNING: Too many files: c:\program files (x86)\windows sidebar\shared gadgets\chkaba9s0 sperm 2e032zbb avhkl4osfi1b1 .mpg.exe
2025-06-30 18:05:52,280 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_32\microsoft.grouppolicy.admtmpleditor.resources\nude mgdo94z3fb2 ibxj3s2  (sandy).zip.exe
2025-06-30 18:05:52,280 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-07-05 10:42:52,187 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:42:53,210 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:42:54,396 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:42:55,418 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:42:56,442 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:42:57,477 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:42:58,494 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:42:59,510 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:43:00,527 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:43:01,550 [cuckoo.core.scheduler] DEBUG: Task #6650109: no machine available yet
2025-07-05 10:43:05,897 [cuckoo.core.scheduler] INFO: Task #6650109: acquired machine win7x6421 (label=win7x6421)
2025-07-05 10:43:05,900 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.221 for task #6650109
2025-07-05 10:43:06,381 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3377969 (interface=vboxnet0, host=192.168.168.221)
2025-07-05 10:43:07,146 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6421
2025-07-05 10:43:07,896 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6421 to vmcloak
2025-07-05 10:44:42,166 [cuckoo.core.guest] INFO: Starting analysis #6650109 on guest (id=win7x6421, ip=192.168.168.221)
2025-07-05 10:44:43,172 [cuckoo.core.guest] DEBUG: win7x6421: not ready yet
2025-07-05 10:44:48,196 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6421, ip=192.168.168.221)
2025-07-05 10:44:48,274 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6421, ip=192.168.168.221, monitor=latest, size=6660546)
2025-07-05 10:44:49,520 [cuckoo.core.resultserver] DEBUG: Task #6650109: live log analysis.log initialized.
2025-07-05 10:44:50,453 [cuckoo.core.resultserver] DEBUG: Task #6650109 is sending a BSON stream
2025-07-05 10:44:50,850 [cuckoo.core.resultserver] DEBUG: Task #6650109 is sending a BSON stream
2025-07-05 10:44:51,707 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'shots/0001.jpg'
2025-07-05 10:44:51,727 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 133481
2025-07-05 10:44:53,240 [cuckoo.core.resultserver] DEBUG: Task #6650109 is sending a BSON stream
2025-07-05 10:45:04,171 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:45:19,289 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:45:34,370 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:45:49,514 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:46:04,661 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:46:19,799 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:46:35,162 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:46:50,515 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:47:05,852 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:47:20,992 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:47:36,088 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:47:51,406 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:48:06,543 [cuckoo.core.guest] DEBUG: win7x6421: analysis #6650109 still processing
2025-07-05 10:48:09,976 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'curtain/1751299550.45.curtain.log'
2025-07-05 10:48:09,979 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 36
2025-07-05 10:48:11,043 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'sysmon/1751299551.52.sysmon.xml'
2025-07-05 10:48:11,123 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 12657506
2025-07-05 10:48:11,144 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/0470d82bc8bfdeb6_3o9e0ag1 horse l6ppef ibxj3s2 ct48q6s .zip.exe'
2025-07-05 10:48:11,154 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1200197
2025-07-05 10:48:11,174 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/8d0837074c3cda08_0516z8ivf horse xxx 2e032zbb balls .mpg.exe'
2025-07-05 10:48:11,191 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 2161613
2025-07-05 10:48:11,227 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/ba2f0b2e24150172_ar164nb horse [milf] avhkl4osfi1b1  (karin).avi.exe'
2025-07-05 10:48:11,241 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 2065662
2025-07-05 10:48:11,259 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/bf564d941eb5bd0e_0ymg8tq 2eoamoy nk2tll hole .mpg.exe'
2025-07-05 10:48:11,272 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1853943
2025-07-05 10:48:11,281 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/89b6a8091b66206e_t1apup6 hot (!) latex .zip.exe'
2025-07-05 10:48:11,286 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 296556
2025-07-05 10:48:11,288 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/c1fe38bec2fb59ed_ibxj3s2 ibxj3s2 hot (!) p834ynn  (sonja,liz).mpeg.exe'
2025-07-05 10:48:11,294 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 550858
2025-07-05 10:48:11,304 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/3499ee92f7dc109a_3lhg1q chkaba9s0 g28gx7w6vur32j .rar.exe'
2025-07-05 10:48:11,316 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1845360
2025-07-05 10:48:11,324 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/e9cf85ed13c0d0e1_3lhg1q q0vgw72 g28gx7w6vur32j .avi.exe'
2025-07-05 10:48:11,331 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 556596
2025-07-05 10:48:11,344 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/c7afa6a34a3b1435_black 76qp9o6j 2e032zbb hotel  (sonja).rar.exe'
2025-07-05 10:48:11,365 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1335572
2025-07-05 10:48:11,388 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/21ea0bb50765f6ac_h3ps6tmu mkx87b [bangbus] titts v14bqy5ueys  (jade,karin).mpg.exe'
2025-07-05 10:48:11,426 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1672256
2025-07-05 10:48:11,433 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/398058dfdc2f399b_2wr8ay1 cum jbp79p .zip.exe'
2025-07-05 10:48:11,437 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 440062
2025-07-05 10:48:11,457 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/fd8096f9788a7831_wiya6rsl beast 2eoamoy big .avi.exe'
2025-07-05 10:48:11,481 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 2149659
2025-07-05 10:48:11,500 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/fbc2007d389e94ed_u8ywwbo t1apup6 uncut ct48q6s .zip.exe'
2025-07-05 10:48:11,510 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1355426
2025-07-05 10:48:11,520 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/e886e825d6c2bd4b_windowsd50l2bvpd8'
2025-07-05 10:48:11,534 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1207847
2025-07-05 10:48:11,544 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/5dbab55a98953219_u8ywwbo v8jedw8 big  (jade,e6rl5yo1).zip.exe'
2025-07-05 10:48:11,551 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 223384
2025-07-05 10:48:11,574 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/175bdc430c6ff2de_qtcr1re uncut  (sonja).zip.exe'
2025-07-05 10:48:11,592 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 2081017
2025-07-05 10:48:11,602 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/969b3801f0e01481_98edvx c4ou4r0 t1apup6 2e032zbb wifey  (ihcwxtl,ydezx1cz6).mpeg.exe'
2025-07-05 10:48:11,627 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1388542
2025-07-05 10:48:11,639 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/b72820f0e3708312_wiya6rsl ibxj3s2 i4caruo hole u3nxpdd .zip.exe'
2025-07-05 10:48:11,646 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/b55bca2f1227d91e_0ymg8tq horse jspx4i nugdmg18bgxp .mpg.exe'
2025-07-05 10:48:11,657 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 474674
2025-07-05 10:48:11,668 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/f1ea393f1bb057c4_0ymg8tq porn hot (!) ash  (jenna).mpg.exe'
2025-07-05 10:48:11,671 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 384746
2025-07-05 10:48:11,685 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 863240
2025-07-05 10:48:11,689 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/238714fa6800ce16_horse c4ou4r0 ni0p0dq8 50+ .rar.exe'
2025-07-05 10:48:11,695 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 275547
2025-07-05 10:48:11,723 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/fd0dda8b07a1b83f_black qtcr1re ni0p0dq8 9w4xilz6j2 .mpg.exe'
2025-07-05 10:48:11,747 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1925020
2025-07-05 10:48:11,753 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/0489ace2f44d993c_0516z8ivf q0vgw72 girls legs .avi.exe'
2025-07-05 10:48:11,772 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 400376
2025-07-05 10:48:11,778 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/9778db61c723f20f_r2bdcnb q0vgw72 2e032zbb avhkl4osfi1b1  (l0p693,l0p693).zip.exe'
2025-07-05 10:48:11,788 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 1097375
2025-07-05 10:48:11,799 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/c99fd37a8caec7c5_jspx4i 76qp9o6j jbp79p wifey .rar.exe'
2025-07-05 10:48:11,806 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 917115
2025-07-05 10:48:11,811 [cuckoo.core.resultserver] DEBUG: Task #6650109: File upload for 'files/91766c571209cb7c_mkx87b jspx4i i4caruo hairy  (x8z5ka).mpeg.exe'
2025-07-05 10:48:11,820 [cuckoo.core.resultserver] DEBUG: Task #6650109 uploaded file length: 778201
2025-07-05 10:48:11,839 [cuckoo.core.resultserver] DEBUG: Task #6650109 had connection reset for <Context for LOG>
2025-07-05 10:48:12,577 [cuckoo.core.guest] INFO: win7x6421: analysis completed successfully
2025-07-05 10:48:12,590 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-07-05 10:48:12,614 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-07-05 10:48:13,687 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6421 to path /srv/cuckoo/cwd/storage/analyses/6650109/memory.dmp
2025-07-05 10:48:13,699 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6421
2025-07-05 10:50:02,720 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.221 for task #6650109
2025-07-05 10:50:03,063 [cuckoo.core.scheduler] DEBUG: Released database task #6650109
2025-07-05 10:50:03,092 [cuckoo.core.scheduler] INFO: Task #6650109: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (31 events)

file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\chkaba9s0 sperm 2e032zbb avhkl4osfi1b1 .mpg.exe
file	C:\Users\All Users\Templates\0516z8ivf t1apup6 i4caruo ofok9a 63k9qbq9xg (1bcw83k).mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\chkaba9s0 nugdmg18bgxp boobs 55svezg .rar.exe
file	C:\Program Files\DVD Maker\Shared\h3ps6tmu mkx87b [bangbus] titts v14bqy5ueys (Jade,Karin).mpg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\black 76qp9o6j 2e032zbb hotel (Sonja).rar.exe
file	C:\Users\Administrator\Templates\asian porn hot (!) cock wifey (wrtdiha,Sonja).avi.exe
file	C:\ProgramData\Templates\0ymg8tq horse jspx4i nugdmg18bgxp .mpg.exe
file	C:\ProgramData\Microsoft\RAC\Temp\wiya6rsl beast 2eoamoy big .avi.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\0516z8ivf horse xxx 2e032zbb balls .mpg.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\t1apup6 hot (!) latex .zip.exe
file	C:\Program Files\Common Files\Microsoft Shared\black qtcr1re ni0p0dq8 9w4xilz6j2 .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\0516z8ivf q0vgw72 girls legs .avi.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\qtcr1re uncut (Sonja).zip.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\u8ywwbo v8jedw8 big (Jade,e6rl5yo1).zip.exe
file	C:\tmpsftntc\2wr8ay1 cum jbp79p .zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\98edvx c4ou4r0 t1apup6 2e032zbb wifey (ihcwxtl,ydezx1cz6).mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\ibxj3s2 ibxj3s2 hot (!) p834ynn (Sonja,Liz).mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\mkx87b jspx4i i4caruo hairy (x8z5ka).mpeg.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\u8ywwbo t1apup6 uncut ct48q6s .zip.exe
file	C:\ProgramData\Microsoft\Windows\Templates\0ymg8tq 2eoamoy nk2tll hole .mpg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\y3hndyq mkx87b [free] ct48q6s .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\0ymg8tq porn hot (!) ash (Jenna).mpg.exe
file	C:\Program Files\Windows Journal\Templates\3lhg1q chkaba9s0 g28gx7w6vur32j .rar.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude mgdo94z3fb2 ibxj3s2 (Sandy).zip.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\3lhg1q q0vgw72 g28gx7w6vur32j .avi.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\horse c4ou4r0 ni0p0dq8 50+ .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\3o9e0ag1 horse l6ppef ibxj3s2 ct48q6s .zip.exe
file	C:\Program Files\Microsoft Office\Templates\jspx4i 76qp9o6j jbp79p wifey .rar.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\wiya6rsl ibxj3s2 i4caruo hole u3nxpdd .zip.exe
file	C:\Users\Default\Templates\ar164nb horse [milf] avhkl4osfi1b1 (Karin).avi.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\r2bdcnb q0vgw72 2e032zbb avhkl4osfi1b1 (l0p693,l0p693).zip.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\3o9e0ag1 horse l6ppef ibxj3s2 ct48q6s .zip.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (16 events)

Time & API	Arguments	Status	Return
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 828	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 872	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: dwm.exe process_identifier: 1572	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: explorer.exe process_identifier: 1696	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 1972	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: pythonw.exe process_identifier: 1428	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: SearchIndexer.exe process_identifier: 2208	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: OSPPSVC.EXE process_identifier: 2988	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 1816	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: mscorsvw.exe process_identifier: 2532	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: pythonw.exe process_identifier: 2396	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: taskhost.exe process_identifier: 3008	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: SearchProtocolHost.exe process_identifier: 2068	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: SearchFilterHost.exe process_identifier: 1288	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2636	1	1
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x0000013c process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2636		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000114 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2736		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:02 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x00000254 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:03 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:04 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:04 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:04 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:04 p.m.	snapshot_handle: 0x000002b4 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:04 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0
Process32NextW June 30, 2025, 7:04 p.m.	snapshot_handle: 0x00000264 process_name: 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe process_identifier: 2816		0	0

A process attempted to delay the analysis task. (1 event)

description

7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe tried to sleep 1346 seconds, actually delayed analysis time by 1346 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA June 30, 2025, 7:02 p.m.	service_handle: 0x004acd10 service_type: 48 service_status: 1		0	0

File has been identified by 10 AntiVirus engine on IRMA as malicious (10 events)

G Data Antivirus (Windows)	Virus: Generic.Malware.PfVPk!!prn!.A4E7F61A (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Worm.WORM/Rbot.Gen
eScan Antivirus (Linux)	Generic.Malware.PfVPk!!prn!.A4E7F61A(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	Troj/Agent-AJFK
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
Bitdefender Antivirus (Linux)	Generic.Malware.PfVPk!!prn!.A4E7F61A
Emsisoft Commandline Scanner (Windows)	Generic.Malware.PfVPk!!prn!.A4E7F61A (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 7eb71b73e8aaceaa_98edvx c4ou4r0 horse nugdmg18bgxp glans sm (e6rl5yo1).mpg.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample