Cuckoo Sandbox

File 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe

Summary
Download Resubmit sample

Size	909.8KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`fd9a61ffbdf94532113ec97c5da3229d`
SHA1	`7be3ce3ccb0d0d434b83373dd2c424116adc5b21`
SHA256	`17891c4de2f6bba278e343981479ff4af0c5ac6a56a47eb001e804c388d5a203`
SHA512	`8cc5e23ff9b0824b25c4414539d8d9e95f834d1690b185b000ce979b6cfd531011a4473a791bad1bdb254484894d5bb9836e7c035306bb2897003db9eed077bb`
CRC32	`36B54FAD`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6920144

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Sept. 1, 2025, 7:33 p.m.	Sept. 1, 2025, 7:39 p.m.	392 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-08-28 17:05:20,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpht3fil
2025-08-28 17:05:20,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\NpKcUfixGzdBdVIyCsMU
2025-08-28 17:05:20,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\JKxyTVzJqZZXNzBgetBOqjLPpQ
2025-08-28 17:05:20,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-08-28 17:05:20,015 [analyzer] INFO: Automatically selected analysis package "exe"
2025-08-28 17:05:20,265 [analyzer] DEBUG: Started auxiliary module Curtain
2025-08-28 17:05:20,265 [analyzer] DEBUG: Started auxiliary module DbgView
2025-08-28 17:05:20,842 [analyzer] DEBUG: Started auxiliary module Disguise
2025-08-28 17:05:21,046 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-08-28 17:05:21,046 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-08-28 17:05:21,046 [analyzer] DEBUG: Started auxiliary module Human
2025-08-28 17:05:21,046 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-08-28 17:05:21,046 [analyzer] DEBUG: Started auxiliary module Reboot
2025-08-28 17:05:21,078 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-08-28 17:05:21,092 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-08-28 17:05:21,092 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-08-28 17:05:21,092 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-08-28 17:05:21,233 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo  (q922zop0f,5qcarib).mpg.exe' with arguments '' and pid 1384
2025-08-28 17:05:21,405 [analyzer] DEBUG: Loaded monitor into process with pid 1384
2025-08-28 17:05:22,046 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Windows6g2yf6t03h
2025-08-28 17:05:22,092 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files\Common Files\Microsoft Shared\beast y6go35p girls cock .zip.exe
2025-08-28 17:05:22,546 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files\DVD Maker\Shared\gay girls  (Karin,Jade).rar.exe
2025-08-28 17:05:22,875 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files\Microsoft Office\Templates\bwpt7j porn fs8utd sd7o90wnjx .mpg.exe
2025-08-28 17:05:22,937 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\27bjd3d2x horse fs8utd boobs tqxfpcxae098d .mpeg.exe
2025-08-28 17:05:23,062 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files\Windows Journal\Templates\horse fs8utd titts lady .mpg.exe
2025-08-28 17:05:23,187 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files\Windows Sidebar\Shared Gadgets\r2qc46i sperm uncut .avi.exe
2025-08-28 17:05:23,233 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tvolgth porn y6go35p hot (!) tqxfpcxae098d  (j2knkmd).mpg.exe
2025-08-28 17:05:23,342 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files (x86)\Common Files\microsoft shared\jmmawhs horse d2jspkm3 hole sd7o90wnjx .mpg.exe
2025-08-28 17:05:23,608 [analyzer] INFO: Injected into process with pid 624 and name ''
2025-08-28 17:05:23,780 [analyzer] DEBUG: Loaded monitor into process with pid 624
2025-08-28 17:05:23,828 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast gay 6mjj01 45ld689  (v89zo5).mpeg.exe
2025-08-28 17:05:23,953 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\RAC\Temp\r2qc46i nude wk79oa4s2r04wd feet .rar.exe
2025-08-28 17:05:23,983 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\Search\Data\Temp\z8dvsxk l8qccpyq girls hairy .rar.exe
2025-08-28 17:05:24,046 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\Windows\Templates\xiwlzi0 uv0dxwt8x4m hot (!) ash 6jug8f .zip.exe
2025-08-28 17:05:24,108 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\Windows\Templates\xiwlzi0 y6go35p y6go35p kc2hrt2j hole hairy .mpg.exe
2025-08-28 17:05:24,515 [analyzer] INFO: Added new file to list with pid 1384 and path C:\tmpht3fil\horse a3xo5xtn srpvkzygmcsw 45ld689 .rar.exe
2025-08-28 17:05:24,625 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\vftv0ou uv0dxwt8x4m [bangbus] glans ash .avi.exe
2025-08-28 17:05:24,717 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\porn 6r3apw4 feet .rar.exe
2025-08-28 17:05:24,733 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\ko6o6a j8bb56pcl4 glans 6jug8f .mpg.exe
2025-08-28 17:05:24,780 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\mtu2oyuh5 6r3apw4 kc2hrt2j hairy .avi.exe
2025-08-28 17:05:24,967 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\bwpt7j sperm beast srpvkzygmcsw ash xf2v5u7 .mpeg.exe
2025-08-28 17:05:25,078 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\xiwlzi0 sperm kc2hrt2j balls .rar.exe
2025-08-28 17:05:25,171 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\bwpt7j beast rdoti90 girls 5n10bh  (q922zop0f,Sonja).mpeg.exe
2025-08-28 17:05:25,280 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\RAC\Temp\beast girls .mpeg.exe
2025-08-28 17:05:25,328 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\Search\Data\Temp\mtu2oyuh5 cum f6br2s2 kgh6zo8 .rar.exe
2025-08-28 17:05:25,405 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\Windows\Templates\3yxb6923t ko6o6a girls glans 0cjlmt  (Sonja).zip.exe
2025-08-28 17:05:25,483 [analyzer] INFO: Added new file to list with pid 1384 and path C:\ProgramData\Microsoft\Windows\Templates\r2qc46i z8dvsxk gay j8bb56pcl4 .zip.exe
2025-08-28 17:05:25,500 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse fs8utd .mpg.exe
2025-08-28 17:05:25,546 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Default\AppData\Local\Temp\black rdoti90 d2jspkm3  (gia9m99).rar.exe
2025-08-28 17:05:25,562 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn m5v129k [milf] .zip.exe
2025-08-28 17:05:25,592 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\vftv0ou horse [bangbus] sm .mpeg.exe
2025-08-28 17:05:25,625 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\bwpt7j sperm big sd7o90wnjx .avi.exe
2025-08-28 17:05:25,780 [analyzer] INFO: Added new file to list with pid 1384 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6r3apw4 [milf] tqxfpcxae098d .avi.exe
2025-08-28 17:08:40,233 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-08-28 17:08:41,467 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-08-28 17:08:41,467 [lib.api.process] INFO: Successfully terminated process with pid 1384.
2025-08-28 17:08:41,467 [lib.api.process] INFO: Successfully terminated process with pid 624.
2025-08-28 17:08:42,155 [analyzer] WARNING: Too many files: c:\program files\windows journal\templates\horse fs8utd titts lady .mpg.exe
2025-08-28 17:08:42,171 [analyzer] WARNING: Too many files: c:\program files\dvd maker\shared\gay girls  (karin,jade).rar.exe
2025-08-28 17:08:42,171 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\microsoft\windows\temporary internet files\porn m5v129k [milf] .zip.exe
2025-08-28 17:08:42,171 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\1033\onenote\14\notebook templates\27bjd3d2x horse fs8utd boobs tqxfpcxae098d .mpeg.exe
2025-08-28 17:08:42,171 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\macromedia\flash player\#sharedobjects\bwpt7j sperm beast srpvkzygmcsw ash xf2v5u7 .mpeg.exe
2025-08-28 17:08:42,171 [analyzer] WARNING: Too many files: c:\programdata\microsoft\search\data\temp\z8dvsxk l8qccpyq girls hairy .rar.exe
2025-08-28 17:08:42,171 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-09-01 19:33:26,121 [cuckoo.core.scheduler] INFO: Task #6945092: acquired machine win7x6411 (label=win7x6411)
2025-09-01 19:33:26,121 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.211 for task #6945092
2025-09-01 19:33:26,622 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 406220 (interface=vboxnet0, host=192.168.168.211)
2025-09-01 19:33:27,341 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6411
2025-09-01 19:33:28,014 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6411 to vmcloak
2025-09-01 19:34:46,487 [cuckoo.core.guest] INFO: Starting analysis #6945092 on guest (id=win7x6411, ip=192.168.168.211)
2025-09-01 19:34:47,493 [cuckoo.core.guest] DEBUG: win7x6411: not ready yet
2025-09-01 19:34:52,517 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6411, ip=192.168.168.211)
2025-09-01 19:34:52,776 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6411, ip=192.168.168.211, monitor=latest, size=6660546)
2025-09-01 19:34:54,034 [cuckoo.core.resultserver] DEBUG: Task #6945092: live log analysis.log initialized.
2025-09-01 19:34:55,122 [cuckoo.core.resultserver] DEBUG: Task #6945092 is sending a BSON stream
2025-09-01 19:34:55,370 [cuckoo.core.resultserver] DEBUG: Task #6945092 is sending a BSON stream
2025-09-01 19:34:56,235 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'shots/0001.jpg'
2025-09-01 19:34:56,255 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 133482
2025-09-01 19:34:57,745 [cuckoo.core.resultserver] DEBUG: Task #6945092 is sending a BSON stream
2025-09-01 19:35:08,751 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:35:23,871 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:35:38,964 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:35:54,039 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:36:09,430 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:36:24,604 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:36:39,943 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:36:55,218 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:37:10,414 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:37:25,833 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:37:41,009 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:37:56,171 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:38:11,286 [cuckoo.core.guest] DEBUG: win7x6411: analysis #6945092 still processing
2025-09-01 19:38:14,449 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'curtain/1756393720.39.curtain.log'
2025-09-01 19:38:14,453 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 36
2025-09-01 19:38:15,390 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'sysmon/1756393721.34.sysmon.xml'
2025-09-01 19:38:15,513 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 15514752
2025-09-01 19:38:15,538 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/603d7897eaf686b1_vftv0ou horse [bangbus] sm .mpeg.exe'
2025-09-01 19:38:15,543 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 569857
2025-09-01 19:38:15,546 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/5d92914b1c7eb767_beast gay 6mjj01 45ld689  (v89zo5).mpeg.exe'
2025-09-01 19:38:15,578 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 2142645
2025-09-01 19:38:15,585 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/adb9d504ad2152c4_beast girls .mpeg.exe'
2025-09-01 19:38:15,591 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 758681
2025-09-01 19:38:15,598 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/dea7231206df238f_xiwlzi0 sperm kc2hrt2j balls .rar.exe'
2025-09-01 19:38:15,610 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1458820
2025-09-01 19:38:15,626 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/c6ad192487debc9d_bwpt7j porn fs8utd sd7o90wnjx .mpg.exe'
2025-09-01 19:38:15,641 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1555041
2025-09-01 19:38:15,648 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/3175f4c434d0e48e_r2qc46i z8dvsxk gay j8bb56pcl4 .zip.exe'
2025-09-01 19:38:15,654 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 656869
2025-09-01 19:38:15,662 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/ae6bf9e3a47853d6_xiwlzi0 uv0dxwt8x4m hot (!) ash 6jug8f .zip.exe'
2025-09-01 19:38:15,670 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1138772
2025-09-01 19:38:15,677 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/57998c006b232f09_tvolgth porn y6go35p hot (!) tqxfpcxae098d  (j2knkmd).mpg.exe'
2025-09-01 19:38:15,683 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 689132
2025-09-01 19:38:15,692 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/af79574ca23fff5d_black rdoti90 d2jspkm3  (gia9m99).rar.exe'
2025-09-01 19:38:15,702 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1241279
2025-09-01 19:38:15,724 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/4f8e4e704023df19_ko6o6a j8bb56pcl4 glans 6jug8f .mpg.exe'
2025-09-01 19:38:15,744 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1765084
2025-09-01 19:38:15,764 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/0f5d77baaa05f61b_mtu2oyuh5 6r3apw4 kc2hrt2j hairy .avi.exe'
2025-09-01 19:38:15,792 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 2157988
2025-09-01 19:38:15,808 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/b292f2bd6283a11a_vftv0ou uv0dxwt8x4m [bangbus] glans ash .avi.exe'
2025-09-01 19:38:15,822 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1592260
2025-09-01 19:38:15,839 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/96fbbbd1f58bca59_windows6g2yf6t03h'
2025-09-01 19:38:15,850 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1271181
2025-09-01 19:38:15,865 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/c87afdf2dd25400c_3yxb6923t ko6o6a girls glans 0cjlmt  (sonja).zip.exe'
2025-09-01 19:38:15,874 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1572103
2025-09-01 19:38:15,891 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/a4c0b157b5062776_xiwlzi0 y6go35p y6go35p kc2hrt2j hole hairy .mpg.exe'
2025-09-01 19:38:15,921 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1994886
2025-09-01 19:38:15,928 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/5570388b987a48e8_porn 6r3apw4 feet .rar.exe'
2025-09-01 19:38:15,933 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 524221
2025-09-01 19:38:15,940 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/34b98f693017c313_r2qc46i nude wk79oa4s2r04wd feet .rar.exe'
2025-09-01 19:38:15,971 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1198358
2025-09-01 19:38:16,002 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/af657115a2019ae1_bwpt7j beast rdoti90 girls 5n10bh  (q922zop0f,sonja).mpeg.exe'
2025-09-01 19:38:16,021 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 2073299
2025-09-01 19:38:16,037 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/0efef7193a456c89_horse fs8utd .mpg.exe'
2025-09-01 19:38:16,079 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1865401
2025-09-01 19:38:16,084 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/7619d425294466cb_beast y6go35p girls cock .zip.exe'
2025-09-01 19:38:16,094 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1362240
2025-09-01 19:38:16,107 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/3a91525579bb1f4c_bwpt7j sperm big sd7o90wnjx .avi.exe'
2025-09-01 19:38:16,117 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1188924
2025-09-01 19:38:16,134 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/1ad8bd1e459b46b0_mtu2oyuh5 cum f6br2s2 kgh6zo8 .rar.exe'
2025-09-01 19:38:16,152 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 2113870
2025-09-01 19:38:16,159 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/dbeaadf541df4ae9_jmmawhs horse d2jspkm3 hole sd7o90wnjx .mpg.exe'
2025-09-01 19:38:16,163 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 620343
2025-09-01 19:38:16,170 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/11d024829374aa28_horse a3xo5xtn srpvkzygmcsw 45ld689 .rar.exe'
2025-09-01 19:38:16,179 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1167277
2025-09-01 19:38:16,192 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/0081893268b73d05_6r3apw4 [milf] tqxfpcxae098d .avi.exe'
2025-09-01 19:38:16,200 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 1147054
2025-09-01 19:38:16,211 [cuckoo.core.resultserver] DEBUG: Task #6945092: File upload for 'files/7a3a9fc3565f3f5f_r2qc46i sperm uncut .avi.exe'
2025-09-01 19:38:16,220 [cuckoo.core.resultserver] DEBUG: Task #6945092 uploaded file length: 954996
2025-09-01 19:38:16,234 [cuckoo.core.resultserver] DEBUG: Task #6945092 had connection reset for <Context for LOG>
2025-09-01 19:38:17,467 [cuckoo.core.guest] INFO: win7x6411: analysis completed successfully
2025-09-01 19:38:17,490 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-09-01 19:38:17,525 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-09-01 19:38:18,495 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6411 to path /srv/cuckoo/cwd/storage/analyses/6945092/memory.dmp
2025-09-01 19:38:18,499 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6411
2025-09-01 19:39:36,636 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.211 for task #6945092
2025-09-01 19:39:37,605 [cuckoo.core.scheduler] DEBUG: Released database task #6945092
2025-09-01 19:39:37,763 [cuckoo.core.scheduler] INFO: Task #6945092: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.text\x00\xe5\xfb
section	.data\x00E\x86

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (31 events)

file	C:\Users\Administrator\Templates\bwpt7j beast rdoti90 girls 5n10bh (q922zop0f,Sonja).mpeg.exe
file	C:\Users\Default\AppData\Local\Temp\black rdoti90 d2jspkm3 (gia9m99).rar.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\vftv0ou uv0dxwt8x4m [bangbus] glans ash .avi.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\vftv0ou horse [bangbus] sm .mpeg.exe
file	C:\Program Files\Microsoft Office\Templates\bwpt7j porn fs8utd sd7o90wnjx .mpg.exe
file	C:\Users\All Users\Templates\r2qc46i z8dvsxk gay j8bb56pcl4 .zip.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\bwpt7j sperm beast srpvkzygmcsw ash xf2v5u7 .mpeg.exe
file	C:\ProgramData\Templates\xiwlzi0 y6go35p y6go35p kc2hrt2j hole hairy .mpg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\z8dvsxk l8qccpyq girls hairy .rar.exe
file	C:\Program Files\Common Files\Microsoft Shared\beast y6go35p girls cock .zip.exe
file	C:\Program Files\Windows Journal\Templates\horse fs8utd titts lady .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\mtu2oyuh5 6r3apw4 kc2hrt2j hairy .avi.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\tvolgth porn y6go35p hot (!) tqxfpcxae098d (j2knkmd).mpg.exe
file	C:\ProgramData\Microsoft\RAC\Temp\r2qc46i nude wk79oa4s2r04wd feet .rar.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\3yxb6923t ko6o6a girls glans 0cjlmt (Sonja).zip.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\ko6o6a j8bb56pcl4 glans 6jug8f .mpg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\horse fs8utd .mpg.exe
file	C:\Users\Default\Templates\bwpt7j sperm big sd7o90wnjx .avi.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\27bjd3d2x horse fs8utd boobs tqxfpcxae098d .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\porn 6r3apw4 feet .rar.exe
file	C:\ProgramData\Microsoft\Windows\Templates\xiwlzi0 uv0dxwt8x4m hot (!) ash 6jug8f .zip.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\beast girls .mpeg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\beast gay 6mjj01 45ld689 (v89zo5).mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\xiwlzi0 sperm kc2hrt2j balls .rar.exe
file	C:\Program Files\DVD Maker\Shared\gay girls (Karin,Jade).rar.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\jmmawhs horse d2jspkm3 hole sd7o90wnjx .mpg.exe
file	C:\tmpht3fil\horse a3xo5xtn srpvkzygmcsw 45ld689 .rar.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\porn m5v129k [milf] .zip.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\6r3apw4 [milf] tqxfpcxae098d .avi.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\mtu2oyuh5 cum f6br2s2 kgh6zo8 .rar.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\r2qc46i sperm uncut .avi.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\vftv0ou horse [bangbus] sm .mpeg.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (27 events)

Time & API	Arguments	Status	Return
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: wininit.exe process_identifier: 396	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: services.exe process_identifier: 496	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 628	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 700	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 776	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 836	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 884	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 916	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: sysmon.exe process_identifier: 1256	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: taskhost.exe process_identifier: 1504	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: dwm.exe process_identifier: 1592	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: unsecapp.exe process_identifier: 1640	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: explorer.exe process_identifier: 1680	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: svchost.exe process_identifier: 2024	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: pythonw.exe process_identifier: 2056	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: WmiPrvSE.exe process_identifier: 2092	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: SearchIndexer.exe process_identifier: 2296	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: OSPPSVC.EXE process_identifier: 1804	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: mscorsvw.exe process_identifier: 2624	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: sppsvc.exe process_identifier: 2700	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: WmiPrvSE.exe process_identifier: 1292	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: SearchProtocolHost.exe process_identifier: 1068	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: SearchFilterHost.exe process_identifier: 572	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: mobsync.exe process_identifier: 2136	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 1384	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000118 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 624	1	1
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000120 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 1384		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x00000118 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 624		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:05 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002c4 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x000002b8 process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:06 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0
Process32NextW Aug. 28, 2025, 6:07 p.m.	snapshot_handle: 0x0000023c process_name: 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe process_identifier: 2432		0	0

A process attempted to delay the analysis task. (1 event)

description

17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe tried to sleep 1346 seconds, actually delayed analysis time by 1346 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 28, 2025, 6:05 p.m.	service_handle: 0x0084ca78 service_type: 48 service_status: 1		0	0

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
C4S ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Trojan.TR/Spy.Gen
eScan Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Bitdefender Antivirus (Linux)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D
Kaspersky Standard (Windows)	UDS:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows)	Dropped:Generic.Malware.PVPk!!prn!.FE0B916D (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 17891c4de2f6bba2_z8dvsxk 6r3apw4 wzxubo (q922zop0f,5qcarib).mpg.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample