Cuckoo Sandbox

File b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe

Summary
Download Resubmit sample

Size	912.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`10537c25b77cb488c5bb5712b18d0d2a`
SHA1	`3b3c0e4043c0c8e6b434cdf26ce65cdc15c2b1e2`
SHA256	`b3a09f7255edc789c81fc397d80853cec710af210d54926fd53bb15d6f392203`
SHA512	`18ffd33f6984e270ad08d77c800e590891c298629694bb791e033265630b28da806db2e75e3265af5cc370b525d00c2e0ac8d877cc1527fdd893ad348ebaf04a`
CRC32	`672A6FFB`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6920144

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Sept. 1, 2025, 7:32 p.m.	Sept. 1, 2025, 7:39 p.m.	406 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-08-28 17:05:20,015 [analyzer] DEBUG: Starting analyzer from: C:\tmp2zg5xi
2025-08-28 17:05:20,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\lwjiacEJekxtwpXQWtYLMOH
2025-08-28 17:05:20,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\RSyqVbtqAYnguDVJrjApKedLLTcgrpVG
2025-08-28 17:05:20,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-08-28 17:05:20,015 [analyzer] INFO: Automatically selected analysis package "exe"
2025-08-28 17:05:20,280 [analyzer] DEBUG: Started auxiliary module Curtain
2025-08-28 17:05:20,280 [analyzer] DEBUG: Started auxiliary module DbgView
2025-08-28 17:05:20,717 [analyzer] DEBUG: Started auxiliary module Disguise
2025-08-28 17:05:20,921 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-08-28 17:05:20,921 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-08-28 17:05:20,921 [analyzer] DEBUG: Started auxiliary module Human
2025-08-28 17:05:20,921 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-08-28 17:05:20,921 [analyzer] DEBUG: Started auxiliary module Reboot
2025-08-28 17:05:20,983 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-08-28 17:05:20,983 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-08-28 17:05:20,983 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-08-28 17:05:21,000 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-08-28 17:05:21,125 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe' with arguments '' and pid 736
2025-08-28 17:05:21,296 [analyzer] DEBUG: Loaded monitor into process with pid 736
2025-08-28 17:05:21,421 [analyzer] INFO: Added new file to list with pid 736 and path C:\Windows6g2yf6t03h
2025-08-28 17:05:21,483 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files\Common Files\Microsoft Shared\27bjd3d2x horse big 50+ .rar.exe
2025-08-28 17:05:21,750 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files\DVD Maker\Shared\xiwlzi0 9oypb8 m5v129k srpvkzygmcsw .zip.exe
2025-08-28 17:05:22,108 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files\Microsoft Office\Templates\vftv0ou horse ko6o6a 6r3apw4 .zip.exe
2025-08-28 17:05:22,140 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\q7tcmc0 horse [bangbus] feet .zip.exe
2025-08-28 17:05:22,280 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files\Windows Journal\Templates\wluwp0ne y6go35p 6r3apw4 d2jspkm3 .avi.exe
2025-08-28 17:05:22,405 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files\Windows Sidebar\Shared Gadgets\fkgx0m2 m5v129k horse hot (!) .rar.exe
2025-08-28 17:05:22,437 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\porn big .zip.exe
2025-08-28 17:05:22,530 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files (x86)\Common Files\microsoft shared\mtu2oyuh5 6r3apw4 uncut 2t7ovbv072xgs7mrxm .mpg.exe
2025-08-28 17:05:22,858 [analyzer] INFO: Added new file to list with pid 736 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\y6go35p big young  (q922zop0f).mpg.exe
2025-08-28 17:05:22,953 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\RAC\Temp\jmmawhs 6r3apw4 f6br2s2  (q922zop0f).mpg.exe
2025-08-28 17:05:23,000 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\Search\Data\Temp\black l8qccpyq mtu2oyuh5 kmozxo .rar.exe
2025-08-28 17:05:23,078 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\Windows\Templates\m5v129k girls balls  (9kwwpzg,Jenna).avi.exe
2025-08-28 17:05:23,140 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\Windows\Templates\3yxb6923t 9oypb8 horse 6mjj01 r47smh9 o2de75il .mpg.exe
2025-08-28 17:05:23,515 [analyzer] INFO: Injected into process with pid 1020 and name ''
2025-08-28 17:05:23,671 [analyzer] INFO: Added new file to list with pid 736 and path C:\tmp2zg5xi\q7tcmc0 gay wk79oa4s2r04wd 1dmcuxk90zc .avi.exe
2025-08-28 17:05:23,687 [analyzer] DEBUG: Loaded monitor into process with pid 1020
2025-08-28 17:05:23,796 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\6r3apw4 ko6o6a d2jspkm3 45ld689 .mpg.exe
2025-08-28 17:05:23,875 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Administrator\AppData\Local\Temp\doz78r7 9k8bf2i 6r3apw4 6r3apw4 .zip.exe
2025-08-28 17:05:23,890 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\9k8bf2i 9oypb8 6mjj01 .mpg.exe
2025-08-28 17:05:24,062 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\tvolgth jmmawhs uv0dxwt8x4m kmozxo wzxubo .rar.exe
2025-08-28 17:05:24,140 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian l8qccpyq girls wifey .rar.exe
2025-08-28 17:05:24,233 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\yn0pxd horse a3xo5xtn 6r3apw4  (Gina,Sonja).mpg.exe
2025-08-28 17:05:24,328 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\RAC\Temp\vftv0ou sperm [bangbus] ash .zip.exe
2025-08-28 17:05:24,375 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\Search\Data\Temp\asian 9oypb8 kc2hrt2j  (q922zop0f).zip.exe
2025-08-28 17:05:24,437 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\Windows\Templates\7smpob5w 6r3apw4 big r47smh9  (ysxdgxr).zip.exe
2025-08-28 17:05:24,500 [analyzer] INFO: Added new file to list with pid 736 and path C:\ProgramData\Microsoft\Windows\Templates\7smpob5w rdoti90 sperm [milf] shoes .mpg.exe
2025-08-28 17:05:24,515 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Default\AppData\Local\Temp\mtu2oyuh5 srpvkzygmcsw balls  (Jenna).mpg.exe
2025-08-28 17:05:24,530 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\r2qc46i nude xxx [milf] legs .avi.exe
2025-08-28 17:05:24,562 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\7smpob5w y6go35p [free] qcjxxhb  (Sonja,q922zop0f).mpg.exe
2025-08-28 17:05:24,608 [analyzer] INFO: Added new file to list with pid 736 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\r2qc46i beast [bangbus] legs  (j2knkmd).zip.exe
2025-08-28 17:05:24,733 [analyzer] INFO: Added new file to list with pid 736 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\yn0pxd l8qccpyq cum [milf] 5n10bh  (9kwwpzg,Sandy).zip.exe
2025-08-28 17:05:24,765 [analyzer] INFO: Added new file to list with pid 736 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx l8qccpyq 6r3apw4 .mpeg.exe
2025-08-28 17:05:24,890 [analyzer] INFO: Added new file to list with pid 736 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\q7tcmc0 sperm srpvkzygmcsw .zip.exe
2025-08-28 17:05:24,890 [analyzer] INFO: Added new file to list with pid 736 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\3yxb6923t jmmawhs [bangbus] 1dmcuxk90zc .mpg.exe
2025-08-28 17:08:40,125 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-08-28 17:08:41,203 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-08-28 17:08:41,203 [lib.api.process] INFO: Successfully terminated process with pid 736.
2025-08-28 17:08:41,203 [lib.api.process] INFO: Successfully terminated process with pid 1020.
2025-08-28 17:08:41,765 [analyzer] WARNING: Too many files: c:\windows\assembly\gac_32\microsoft.grouppolicy.admtmpleditor\yn0pxd l8qccpyq cum [milf] 5n10bh  (9kwwpzg,sandy).zip.exe
2025-08-28 17:08:41,765 [analyzer] WARNING: Too many files: c:\program files\dvd maker\shared\xiwlzi0 9oypb8 m5v129k srpvkzygmcsw .zip.exe
2025-08-28 17:08:41,765 [analyzer] WARNING: Too many files: c:\users\default\appdata\roaming\microsoft\windows\templates\7smpob5w y6go35p [free] qcjxxhb  (sonja,q922zop0f).mpg.exe
2025-08-28 17:08:41,765 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\vftv0ou horse ko6o6a 6r3apw4 .zip.exe
2025-08-28 17:08:41,765 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\7smpob5w 6r3apw4 big r47smh9  (ysxdgxr).zip.exe
2025-08-28 17:08:41,765 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\7smpob5w rdoti90 sperm [milf] shoes .mpg.exe
2025-08-28 17:08:41,765 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\9k8bf2i 9oypb8 6mjj01 .mpg.exe
2025-08-28 17:08:41,765 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-09-01 19:32:50,551 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:51,567 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:52,592 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:53,608 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:54,749 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:55,773 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:56,793 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:57,818 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:58,886 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:32:59,919 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:00,986 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:02,110 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:03,444 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:04,498 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:05,593 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:06,648 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:07,701 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:08,753 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:09,882 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:10,938 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:11,984 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:13,067 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:14,330 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:15,351 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:16,370 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:17,389 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:18,407 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:19,435 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:20,449 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:21,542 [cuckoo.core.scheduler] DEBUG: Task #6945091: no machine available yet
2025-09-01 19:33:22,569 [cuckoo.core.scheduler] INFO: Task #6945091: acquired machine win7x6410 (label=win7x6410)
2025-09-01 19:33:22,569 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.210 for task #6945091
2025-09-01 19:33:22,960 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 406149 (interface=vboxnet0, host=192.168.168.210)
2025-09-01 19:33:23,471 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6410
2025-09-01 19:33:24,171 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6410 to vmcloak
2025-09-01 19:34:37,243 [cuckoo.core.guest] INFO: Starting analysis #6945091 on guest (id=win7x6410, ip=192.168.168.210)
2025-09-01 19:34:38,248 [cuckoo.core.guest] DEBUG: win7x6410: not ready yet
2025-09-01 19:34:43,272 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6410, ip=192.168.168.210)
2025-09-01 19:34:43,364 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6410, ip=192.168.168.210, monitor=latest, size=6660546)
2025-09-01 19:34:44,847 [cuckoo.core.resultserver] DEBUG: Task #6945091: live log analysis.log initialized.
2025-09-01 19:34:45,575 [cuckoo.core.resultserver] DEBUG: Task #6945091 is sending a BSON stream
2025-09-01 19:34:45,914 [cuckoo.core.resultserver] DEBUG: Task #6945091 is sending a BSON stream
2025-09-01 19:34:46,742 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'shots/0001.jpg'
2025-09-01 19:34:46,759 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 133482
2025-09-01 19:34:48,243 [cuckoo.core.resultserver] DEBUG: Task #6945091 is sending a BSON stream
2025-09-01 19:34:59,433 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:35:14,621 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:35:29,716 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:35:44,800 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:36:00,076 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:36:15,496 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:36:30,856 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:36:46,101 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:37:01,184 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:37:16,274 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:37:31,378 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:37:46,583 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:38:01,695 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6945091 still processing
2025-09-01 19:38:04,940 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'curtain/1756393720.3.curtain.log'
2025-09-01 19:38:04,943 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 36
2025-09-01 19:38:05,749 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'sysmon/1756393721.11.sysmon.xml'
2025-09-01 19:38:05,839 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 12338176
2025-09-01 19:38:05,860 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/991e50d89c47c98a_asian l8qccpyq girls wifey .rar.exe'
2025-09-01 19:38:05,863 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/94d99577fef12705_wluwp0ne y6go35p 6r3apw4 d2jspkm3 .avi.exe'
2025-09-01 19:38:05,865 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/7be217872f30f543_6r3apw4 ko6o6a d2jspkm3 45ld689 .mpg.exe'
2025-09-01 19:38:05,867 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/2e5f4fbccea00f4a_asian 9oypb8 kc2hrt2j  (q922zop0f).zip.exe'
2025-09-01 19:38:05,870 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 272546
2025-09-01 19:38:05,873 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 291582
2025-09-01 19:38:05,875 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 627349
2025-09-01 19:38:05,880 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 690212
2025-09-01 19:38:05,888 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/953f9f76178a59bf_mtu2oyuh5 srpvkzygmcsw balls  (jenna).mpg.exe'
2025-09-01 19:38:05,914 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1954154
2025-09-01 19:38:05,923 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/7a75af1231aa9ad0_doz78r7 9k8bf2i 6r3apw4 6r3apw4 .zip.exe'
2025-09-01 19:38:05,931 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 732447
2025-09-01 19:38:05,934 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/09b15be091f54b1a_tvolgth jmmawhs uv0dxwt8x4m kmozxo wzxubo .rar.exe'
2025-09-01 19:38:05,942 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1115890
2025-09-01 19:38:05,954 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/50b007a16d43a625_3yxb6923t 9oypb8 horse 6mjj01 r47smh9 o2de75il .mpg.exe'
2025-09-01 19:38:05,967 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1556792
2025-09-01 19:38:05,981 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/3f27bfd65b6cb467_r2qc46i beast [bangbus] legs  (j2knkmd).zip.exe'
2025-09-01 19:38:05,991 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1135664
2025-09-01 19:38:06,005 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/96fbbbd1f58bca59_windows6g2yf6t03h'
2025-09-01 19:38:06,016 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1271181
2025-09-01 19:38:06,038 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/df6724d98114fe98_black l8qccpyq mtu2oyuh5 kmozxo .rar.exe'
2025-09-01 19:38:06,061 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 2059703
2025-09-01 19:38:06,076 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/56726dbd45e51c72_q7tcmc0 horse [bangbus] feet .zip.exe'
2025-09-01 19:38:06,089 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1570226
2025-09-01 19:38:06,098 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/985331e432c66df2_mtu2oyuh5 6r3apw4 uncut 2t7ovbv072xgs7mrxm .mpg.exe'
2025-09-01 19:38:06,109 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 932160
2025-09-01 19:38:06,113 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/dfb55c55884381a2_yn0pxd horse a3xo5xtn 6r3apw4  (gina,sonja).mpg.exe'
2025-09-01 19:38:06,128 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1956004
2025-09-01 19:38:06,135 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/54925a7e252732a1_fkgx0m2 m5v129k horse hot (!) .rar.exe'
2025-09-01 19:38:06,140 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 461781
2025-09-01 19:38:06,143 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/c9cad5d73ab017ba_porn big .zip.exe'
2025-09-01 19:38:06,146 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 244361
2025-09-01 19:38:06,155 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/a288727f05ac1fb1_3yxb6923t jmmawhs [bangbus] 1dmcuxk90zc .mpg.exe'
2025-09-01 19:38:06,162 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1280639
2025-09-01 19:38:06,171 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/1fd8dca7b40ead3b_q7tcmc0 sperm srpvkzygmcsw .zip.exe'
2025-09-01 19:38:06,176 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 729810
2025-09-01 19:38:06,192 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/164f3a4103082ab5_y6go35p big young  (q922zop0f).mpg.exe'
2025-09-01 19:38:06,212 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 2123013
2025-09-01 19:38:06,224 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/9cba399b94bf4905_m5v129k girls balls  (9kwwpzg,jenna).avi.exe'
2025-09-01 19:38:06,234 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1266392
2025-09-01 19:38:06,241 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/18add4fd6c5d1667_27bjd3d2x horse big 50+ .rar.exe'
2025-09-01 19:38:06,245 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 600929
2025-09-01 19:38:06,255 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/fbc8f1bc74089b92_vftv0ou sperm [bangbus] ash .zip.exe'
2025-09-01 19:38:06,276 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1862901
2025-09-01 19:38:06,300 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/07ac92cef709897f_q7tcmc0 gay wk79oa4s2r04wd 1dmcuxk90zc .avi.exe'
2025-09-01 19:38:06,337 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 1603425
2025-09-01 19:38:06,357 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/93a18e32305c0f02_xxx l8qccpyq 6r3apw4 .mpeg.exe'
2025-09-01 19:38:06,381 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 2162923
2025-09-01 19:38:06,388 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/6c612269444d3f6f_r2qc46i nude xxx [milf] legs .avi.exe'
2025-09-01 19:38:06,394 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 409661
2025-09-01 19:38:06,400 [cuckoo.core.resultserver] DEBUG: Task #6945091: File upload for 'files/8f495a2463fe9175_jmmawhs 6r3apw4 f6br2s2  (q922zop0f).mpg.exe'
2025-09-01 19:38:06,411 [cuckoo.core.resultserver] DEBUG: Task #6945091 uploaded file length: 984383
2025-09-01 19:38:06,423 [cuckoo.core.resultserver] DEBUG: Task #6945091 had connection reset for <Context for LOG>
2025-09-01 19:38:07,720 [cuckoo.core.guest] INFO: win7x6410: analysis completed successfully
2025-09-01 19:38:07,729 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-09-01 19:38:07,754 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-09-01 19:38:08,799 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6410 to path /srv/cuckoo/cwd/storage/analyses/6945091/memory.dmp
2025-09-01 19:38:08,800 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6410
2025-09-01 19:39:35,212 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.210 for task #6945091
2025-09-01 19:39:36,330 [cuckoo.core.scheduler] DEBUG: Released database task #6945091
2025-09-01 19:39:36,357 [cuckoo.core.scheduler] INFO: Task #6945091: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.text\x00\xe5\xfb
section	.data\x00E\x86

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (32 events)

file	C:\tmp2zg5xi\q7tcmc0 gay wk79oa4s2r04wd 1dmcuxk90zc .avi.exe
file	C:\Users\Default\AppData\Local\Temp\mtu2oyuh5 srpvkzygmcsw balls (Jenna).mpg.exe
file	C:\Users\Default\Templates\r2qc46i beast [bangbus] legs (j2knkmd).zip.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\mtu2oyuh5 6r3apw4 uncut 2t7ovbv072xgs7mrxm .mpg.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\6r3apw4 ko6o6a d2jspkm3 45ld689 .mpg.exe
file	C:\ProgramData\Templates\3yxb6923t 9oypb8 horse 6mjj01 r47smh9 o2de75il .mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx l8qccpyq 6r3apw4 .mpeg.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\porn big .zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\yn0pxd l8qccpyq cum [milf] 5n10bh (9kwwpzg,Sandy).zip.exe
file	C:\Program Files\DVD Maker\Shared\xiwlzi0 9oypb8 m5v129k srpvkzygmcsw .zip.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\7smpob5w y6go35p [free] qcjxxhb (Sonja,q922zop0f).mpg.exe
file	C:\ProgramData\Microsoft\Windows\Templates\m5v129k girls balls (9kwwpzg,Jenna).avi.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\r2qc46i nude xxx [milf] legs .avi.exe
file	C:\Program Files\Common Files\Microsoft Shared\27bjd3d2x horse big 50+ .rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\doz78r7 9k8bf2i 6r3apw4 6r3apw4 .zip.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\vftv0ou sperm [bangbus] ash .zip.exe
file	C:\Program Files\Microsoft Office\Templates\vftv0ou horse ko6o6a 6r3apw4 .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\tvolgth jmmawhs uv0dxwt8x4m kmozxo wzxubo .rar.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\q7tcmc0 sperm srpvkzygmcsw .zip.exe
file	C:\Program Files\Windows Journal\Templates\wluwp0ne y6go35p 6r3apw4 d2jspkm3 .avi.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\black l8qccpyq mtu2oyuh5 kmozxo .rar.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\q7tcmc0 horse [bangbus] feet .zip.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\asian 9oypb8 kc2hrt2j (q922zop0f).zip.exe
file	C:\Users\Administrator\Templates\yn0pxd horse a3xo5xtn 6r3apw4 (Gina,Sonja).mpg.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\fkgx0m2 m5v129k horse hot (!) .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian l8qccpyq girls wifey .rar.exe
file	C:\ProgramData\Microsoft\RAC\Temp\jmmawhs 6r3apw4 f6br2s2 (q922zop0f).mpg.exe
file	C:\Users\All Users\Templates\7smpob5w rdoti90 sperm [milf] shoes .mpg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\y6go35p big young (q922zop0f).mpg.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\7smpob5w 6r3apw4 big r47smh9 (ysxdgxr).zip.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\3yxb6923t jmmawhs [bangbus] 1dmcuxk90zc .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\9k8bf2i 9oypb8 6mjj01 .mpg.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian l8qccpyq girls wifey .rar.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (25 events)

Time & API	Arguments	Status	Return
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: csrss.exe process_identifier: 360	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: wininit.exe process_identifier: 388	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 776	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 864	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 900	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 352	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: sysmon.exe process_identifier: 1220	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: taskhost.exe process_identifier: 1624	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: explorer.exe process_identifier: 1688	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: unsecapp.exe process_identifier: 1704	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: pythonw.exe process_identifier: 1988	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: SearchIndexer.exe process_identifier: 2264	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 2460	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: mscorsvw.exe process_identifier: 2992	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: sppsvc.exe process_identifier: 2620	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: OSPPSVC.EXE process_identifier: 1464	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: WmiPrvSE.exe process_identifier: 1388	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: SearchProtocolHost.exe process_identifier: 856	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: SearchFilterHost.exe process_identifier: 1760	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: mobsync.exe process_identifier: 1336	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: pythonw.exe process_identifier: 1276	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: taskhost.exe process_identifier: 2472	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 736	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000274 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1020	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000013c process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 736		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000274 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1020		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000128 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002d0 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0
Process32NextW Aug. 28, 2025, 6:07 p.m.	snapshot_handle: 0x00000280 process_name: b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe process_identifier: 1776		0	0

A process attempted to delay the analysis task. (1 event)

description

b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe tried to sleep 1346 seconds, actually delayed analysis time by 1346 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 28, 2025, 6:05 p.m.	service_handle: 0x0082c920 service_type: 48 service_status: 1		0	0

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
C4S ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Trojan.TR/Spy.Gen
eScan Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File b3a09f7255edc789_rdoti90 6r3apw4 hole qcjxxhb .avi.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample