Cuckoo Sandbox

File c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe

Summary
Download Resubmit sample

Size	484.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`961d9ff0766266db9c182f6a7aaa12b6`
SHA1	`26dc63bd78a0dd68da63d55f0600653df27d313d`
SHA256	`c8b26a319d7659c75777fc7e4aa9595f33bd8d016b409731d22c46d136db9b4f`
SHA512	`43a74605c3eb170407cfaeaf3054c06c5bcbe5ea231748141b33101c6381e9e4d6d29cccea1284e7993f33e89122beeb9d2178b6e3aa23804a2731d3f184a341`
CRC32	`E85EEB5C`
ssdeep	`None`
Yara	DebuggerException__SetConsoleCtrl - (no description) win_mutex - Create or check mutex win_registry - Affect system registries win_files_operation - Affect private profile

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6880459

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Aug. 26, 2025, 2:32 a.m.	Aug. 26, 2025, 2:39 a.m.	413 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-08-23 23:24:16,015 [analyzer] DEBUG: Starting analyzer from: C:\tmphzbxu3
2025-08-23 23:24:16,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\TYIPtwSYZGKAPJKyVbtTYOXE
2025-08-23 23:24:16,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\qvTmaoKHpqhlswYHqqLBY
2025-08-23 23:24:16,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-08-23 23:24:16,030 [analyzer] INFO: Automatically selected analysis package "exe"
2025-08-23 23:24:16,358 [analyzer] DEBUG: Started auxiliary module Curtain
2025-08-23 23:24:16,358 [analyzer] DEBUG: Started auxiliary module DbgView
2025-08-23 23:24:16,765 [analyzer] DEBUG: Started auxiliary module Disguise
2025-08-23 23:24:16,953 [analyzer] DEBUG: Loaded monitor into process with pid 500
2025-08-23 23:24:16,953 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-08-23 23:24:16,953 [analyzer] DEBUG: Started auxiliary module Human
2025-08-23 23:24:16,953 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-08-23 23:24:16,953 [analyzer] DEBUG: Started auxiliary module Reboot
2025-08-23 23:24:17,000 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-08-23 23:24:17,000 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-08-23 23:24:17,000 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-08-23 23:24:17,000 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-08-23 23:24:17,140 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe' with arguments '' and pid 1824
2025-08-23 23:24:17,328 [analyzer] DEBUG: Loaded monitor into process with pid 1824
2025-08-23 23:24:18,265 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Windows6g2yf6t03h
2025-08-23 23:24:18,312 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files\Common Files\Microsoft Shared\doz78r7 xxx 9oypb8 girls titts hotel  (Sandy).mpeg.exe
2025-08-23 23:24:18,546 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files\DVD Maker\Shared\xxx srpvkzygmcsw .mpeg.exe
2025-08-23 23:24:18,828 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files\Microsoft Office\Templates\jmmawhs hot (!) 5n10bh .rar.exe
2025-08-23 23:24:18,842 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black 4mvc8yaot d2jspkm3 fishy .mpeg.exe
2025-08-23 23:24:18,953 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files\Windows Journal\Templates\y6go35p gay srpvkzygmcsw nr8wosn .zip.exe
2025-08-23 23:24:19,046 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files\Windows Sidebar\Shared Gadgets\9oypb8 d2jspkm3 kpbv9mg7 .rar.exe
2025-08-23 23:24:19,108 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx a3xo5xtn j8bb56pcl4  (q922zop0f,sr0fncw4).zip.exe
2025-08-23 23:24:19,203 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files (x86)\Common Files\microsoft shared\vftv0ou nude uncut qcjxxhb .mpeg.exe
2025-08-23 23:24:19,530 [analyzer] INFO: Injected into process with pid 2020 and name ''
2025-08-23 23:24:19,608 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm 9oypb8 f6br2s2 cock qcjxxhb .mpeg.exe
2025-08-23 23:24:19,703 [analyzer] DEBUG: Loaded monitor into process with pid 2020
2025-08-23 23:24:19,703 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\RAC\Temp\6r3apw4 y6go35p f6br2s2 ngo69ybvy  (ynve4mgf,j2knkmd).mpeg.exe
2025-08-23 23:24:19,717 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\Search\Data\Temp\vftv0ou m5v129k f6br2s2 .mpg.exe
2025-08-23 23:24:19,765 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\Windows\Templates\xiwlzi0 9oypb8 kc2hrt2j boobs .mpeg.exe
2025-08-23 23:24:19,842 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\Windows\Templates\asian gay [bangbus] girly .mpeg.exe
2025-08-23 23:24:20,217 [analyzer] INFO: Added new file to list with pid 1824 and path C:\tmphzbxu3\6mw7u7 xxx 6r3apw4 6mjj01 sjubxan5vwor .avi.exe
2025-08-23 23:24:20,328 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\q7tcmc0 a3xo5xtn jmmawhs j8bb56pcl4 45ld689 .avi.exe
2025-08-23 23:24:20,390 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Administrator\AppData\Local\Temp\bwpt7j l8qccpyq 6mjj01 legs tqxfpcxae098d .avi.exe
2025-08-23 23:24:20,421 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\asian horse kmozxo  (Jenna).rar.exe
2025-08-23 23:24:20,453 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\bwpt7j 4fq06c hot (!) feet  (Jade,ynve4mgf).mpeg.exe
2025-08-23 23:24:20,625 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\y6go35p 9k8bf2i f6br2s2 .mpeg.exe
2025-08-23 23:24:20,717 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian ko6o6a kmozxo sd7o90wnjx .mpeg.exe
2025-08-23 23:24:20,812 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\vftv0ou 6r3apw4 4fq06c wk79oa4s2r04wd feet .mpeg.exe
2025-08-23 23:24:20,890 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\RAC\Temp\ovqqw9 ko6o6a nude fs8utd 40+  (Gina,ynve4mgf).rar.exe
2025-08-23 23:24:20,921 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\Search\Data\Temp\n6kyxiy 4mvc8yaot j8bb56pcl4 r47smh9 young .mpg.exe
2025-08-23 23:24:21,000 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\Windows\Templates\doz78r7 xxx kc2hrt2j ash  (a89thik).rar.exe
2025-08-23 23:24:21,062 [analyzer] INFO: Added new file to list with pid 1824 and path C:\ProgramData\Microsoft\Windows\Templates\n6kyxiy m5v129k girls legs 1dmcuxk90zc .avi.exe
2025-08-23 23:24:21,078 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\l8qccpyq big .mpeg.exe
2025-08-23 23:24:21,125 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Default\AppData\Local\Temp\6mw7u7 4mvc8yaot z8dvsxk girls .mpg.exe
2025-08-23 23:24:21,155 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\porn horse fs8utd fishy .mpg.exe
2025-08-23 23:24:21,217 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\rdoti90 [bangbus] feet ngo69ybvy .mpeg.exe
2025-08-23 23:24:21,250 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\tvolgth cum fs8utd sm .mpeg.exe
2025-08-23 23:24:21,342 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\cw4ymo3u rdoti90 4mvc8yaot [free] cock .mpg.exe
2025-08-23 23:24:21,358 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\3yxb6923t gay 4fq06c j8bb56pcl4 r47smh9 nr8wosn .avi.exe
2025-08-23 23:24:21,453 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\y6go35p 6mjj01  (ynve4mgf,Sarah).zip.exe
2025-08-23 23:24:21,500 [analyzer] INFO: Added new file to list with pid 1824 and path C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\mtu2oyuh5 f6br2s2 boots .avi.exe
2025-08-23 23:27:36,140 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-08-23 23:27:37,250 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-08-23 23:27:37,265 [lib.api.process] INFO: Successfully terminated process with pid 1824.
2025-08-23 23:27:37,265 [lib.api.process] INFO: Successfully terminated process with pid 2020.
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\program files\windows journal\templates\y6go35p gay srpvkzygmcsw nr8wosn .zip.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\doz78r7 xxx kc2hrt2j ash  (a89thik).rar.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\mozilla-temp-files\asian horse kmozxo  (jenna).rar.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\microsoft\windows\temporary internet files\porn horse fs8utd fishy .mpg.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\jmmawhs hot (!) 5n10bh .rar.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\1033\onenote\14\notebook templates\black 4mvc8yaot d2jspkm3 fishy .mpeg.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\program files (x86)\adobe\reader 9.0\reader\idtemplates\xxx a3xo5xtn j8bb56pcl4  (q922zop0f,sr0fncw4).zip.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\tmphzbxu3\6mw7u7 xxx 6r3apw4 6mjj01 sjubxan5vwor .avi.exe
2025-08-23 23:27:37,890 [analyzer] WARNING: Too many files: c:\programdata\microsoft\search\data\temp\vftv0ou m5v129k f6br2s2 .mpg.exe
2025-08-23 23:27:37,890 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-08-26 02:32:50,720 [cuckoo.core.scheduler] INFO: Task #6904819: acquired machine win7x6425 (label=win7x6425)
2025-08-26 02:32:50,721 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.225 for task #6904819
2025-08-26 02:32:51,228 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 1259244 (interface=vboxnet0, host=192.168.168.225)
2025-08-26 02:32:51,666 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6425
2025-08-26 02:32:52,561 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6425 to vmcloak
2025-08-26 02:34:58,009 [cuckoo.core.guest] INFO: Starting analysis #6904819 on guest (id=win7x6425, ip=192.168.168.225)
2025-08-26 02:34:59,017 [cuckoo.core.guest] DEBUG: win7x6425: not ready yet
2025-08-26 02:35:04,041 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6425, ip=192.168.168.225)
2025-08-26 02:35:04,141 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6425, ip=192.168.168.225, monitor=latest, size=6660546)
2025-08-26 02:35:05,425 [cuckoo.core.resultserver] DEBUG: Task #6904819: live log analysis.log initialized.
2025-08-26 02:35:06,319 [cuckoo.core.resultserver] DEBUG: Task #6904819 is sending a BSON stream
2025-08-26 02:35:06,680 [cuckoo.core.resultserver] DEBUG: Task #6904819 is sending a BSON stream
2025-08-26 02:35:07,525 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'shots/0001.jpg'
2025-08-26 02:35:07,536 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 133533
2025-08-26 02:35:09,053 [cuckoo.core.resultserver] DEBUG: Task #6904819 is sending a BSON stream
2025-08-26 02:35:20,418 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:35:35,521 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:35:50,805 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:36:05,913 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:36:21,057 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:36:36,313 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:36:51,414 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:37:06,685 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:37:21,973 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:37:37,084 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:37:52,451 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:38:07,939 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:38:23,060 [cuckoo.core.guest] DEBUG: win7x6425: analysis #6904819 still processing
2025-08-26 02:38:25,733 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'curtain/1755984456.3.curtain.log'
2025-08-26 02:38:25,736 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 36
2025-08-26 02:38:26,607 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'sysmon/1755984457.17.sysmon.xml'
2025-08-26 02:38:26,691 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 13828324
2025-08-26 02:38:26,714 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/5088ce22d2a27938_n6kyxiy 4mvc8yaot j8bb56pcl4 r47smh9 young .mpg.exe'
2025-08-26 02:38:26,754 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1367189
2025-08-26 02:38:26,761 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/57fe57db73c7ffaa_rdoti90 [bangbus] feet ngo69ybvy .mpeg.exe'
2025-08-26 02:38:26,768 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1175671
2025-08-26 02:38:26,774 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/64ea9b9e72460227_cw4ymo3u rdoti90 4mvc8yaot [free] cock .mpg.exe'
2025-08-26 02:38:26,779 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 556070
2025-08-26 02:38:26,783 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/889031384f860be6_q7tcmc0 a3xo5xtn jmmawhs j8bb56pcl4 45ld689 .avi.exe'
2025-08-26 02:38:26,786 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 323505
2025-08-26 02:38:26,797 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/f9245a28961e8f4c_l8qccpyq big .mpeg.exe'
2025-08-26 02:38:26,814 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1944051
2025-08-26 02:38:26,823 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/1ec2fd359a248709_3yxb6923t gay 4fq06c j8bb56pcl4 r47smh9 nr8wosn .avi.exe'
2025-08-26 02:38:26,831 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1046494
2025-08-26 02:38:26,840 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/77d85e4bbdee573a_6mw7u7 4mvc8yaot z8dvsxk girls .mpg.exe'
2025-08-26 02:38:26,851 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1434747
2025-08-26 02:38:26,865 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/139903e8a13dde07_xiwlzi0 9oypb8 kc2hrt2j boobs .mpeg.exe'
2025-08-26 02:38:26,888 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1917689
2025-08-26 02:38:26,896 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/76fcd1264ed2f077_bwpt7j l8qccpyq 6mjj01 legs tqxfpcxae098d .avi.exe'
2025-08-26 02:38:26,906 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1373182
2025-08-26 02:38:26,915 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/f534b28d84bebadf_windows6g2yf6t03h'
2025-08-26 02:38:26,920 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 930269
2025-08-26 02:38:26,932 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/5a45ad63a3c04fc4_sperm 9oypb8 f6br2s2 cock qcjxxhb .mpeg.exe'
2025-08-26 02:38:26,967 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1846042
2025-08-26 02:38:26,984 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/4d8885f7431c368e_asian gay [bangbus] girly .mpeg.exe'
2025-08-26 02:38:27,007 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 2103587
2025-08-26 02:38:27,022 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/346f0a6a97b3a5e6_tvolgth cum fs8utd sm .mpeg.exe'
2025-08-26 02:38:27,034 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1758261
2025-08-26 02:38:27,040 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/406ac914a77c4e82_vftv0ou 6r3apw4 4fq06c wk79oa4s2r04wd feet .mpeg.exe'
2025-08-26 02:38:27,044 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 454074
2025-08-26 02:38:27,057 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/a09da9fbe8ea1145_y6go35p 9k8bf2i f6br2s2 .mpeg.exe'
2025-08-26 02:38:27,069 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1934590
2025-08-26 02:38:27,081 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/1b9053ead51ac218_ovqqw9 ko6o6a nude fs8utd 40+  (gina,ynve4mgf).rar.exe'
2025-08-26 02:38:27,089 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1113425
2025-08-26 02:38:27,097 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/0c560cd6bb975c3a_vftv0ou nude uncut qcjxxhb .mpeg.exe'
2025-08-26 02:38:27,103 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 716676
2025-08-26 02:38:27,107 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/b82775a829e9d4d4_6r3apw4 y6go35p f6br2s2 ngo69ybvy  (ynve4mgf,j2knkmd).mpeg.exe'
2025-08-26 02:38:27,111 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 352272
2025-08-26 02:38:27,120 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/0e5ad1b922d5ec21_asian ko6o6a kmozxo sd7o90wnjx .mpeg.exe'
2025-08-26 02:38:27,137 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1839879
2025-08-26 02:38:27,154 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/526e70e1bb298d10_y6go35p 6mjj01  (ynve4mgf,sarah).zip.exe'
2025-08-26 02:38:27,169 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1975979
2025-08-26 02:38:27,182 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/974991f210004967_bwpt7j 4fq06c hot (!) feet  (jade,ynve4mgf).mpeg.exe'
2025-08-26 02:38:27,198 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1602101
2025-08-26 02:38:27,205 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/b58e072946718bc9_n6kyxiy m5v129k girls legs 1dmcuxk90zc .avi.exe'
2025-08-26 02:38:27,208 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 115207
2025-08-26 02:38:27,222 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/3034310f71ee7671_9oypb8 d2jspkm3 kpbv9mg7 .rar.exe'
2025-08-26 02:38:27,239 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1653627
2025-08-26 02:38:27,246 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/4e43b7a25eb4f902_mtu2oyuh5 f6br2s2 boots .avi.exe'
2025-08-26 02:38:27,249 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 164609
2025-08-26 02:38:27,258 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/1bb8e56f0b5771d2_doz78r7 xxx 9oypb8 girls titts hotel  (sandy).mpeg.exe'
2025-08-26 02:38:27,266 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1266827
2025-08-26 02:38:27,279 [cuckoo.core.resultserver] DEBUG: Task #6904819: File upload for 'files/0a44a10b55d9747a_xxx srpvkzygmcsw .mpeg.exe'
2025-08-26 02:38:27,322 [cuckoo.core.resultserver] DEBUG: Task #6904819 uploaded file length: 1694544
2025-08-26 02:38:27,355 [cuckoo.core.resultserver] DEBUG: Task #6904819 had connection reset for <Context for LOG>
2025-08-26 02:38:29,113 [cuckoo.core.guest] INFO: win7x6425: analysis completed successfully
2025-08-26 02:38:29,134 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-08-26 02:38:29,155 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-08-26 02:38:30,263 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6425 to path /srv/cuckoo/cwd/storage/analyses/6904819/memory.dmp
2025-08-26 02:38:30,267 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6425
2025-08-26 02:39:43,718 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.225 for task #6904819
2025-08-26 02:39:44,406 [cuckoo.core.scheduler] DEBUG: Released database task #6904819
2025-08-26 02:39:44,428 [cuckoo.core.scheduler] INFO: Task #6904819: analysis procedure completed

Signatures

Yara rules detected for file (4 events)

description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect private profile	rule	win_files_operation

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.text\x00\xe5\xfb
section	.data\x00E\x86

The executable uses a known packer (1 event)

packer

Pelles C 3.00, 4.00, 4.50 EXE (X86 CRT-LIB)

Creates executable files on the filesystem (34 events)

file	C:\Users\All Users\Templates\n6kyxiy m5v129k girls legs 1dmcuxk90zc .avi.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\ovqqw9 ko6o6a nude fs8utd 40+ (Gina,ynve4mgf).rar.exe
file	C:\Users\Default\Templates\tvolgth cum fs8utd sm .mpeg.exe
file	C:\Program Files\Microsoft Office\Templates\1033\ONENOTE\14\Notebook Templates\black 4mvc8yaot d2jspkm3 fishy .mpeg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\sperm 9oypb8 f6br2s2 cock qcjxxhb .mpeg.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\xxx a3xo5xtn j8bb56pcl4 (q922zop0f,sr0fncw4).zip.exe
file	C:\tmphzbxu3\6mw7u7 xxx 6r3apw4 6mjj01 sjubxan5vwor .avi.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\vftv0ou m5v129k f6br2s2 .mpg.exe
file	C:\Program Files\Common Files\Microsoft Shared\doz78r7 xxx 9oypb8 girls titts hotel (Sandy).mpeg.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\vftv0ou nude uncut qcjxxhb .mpeg.exe
file	C:\Program Files\DVD Maker\Shared\xxx srpvkzygmcsw .mpeg.exe
file	C:\Program Files\Windows Journal\Templates\y6go35p gay srpvkzygmcsw nr8wosn .zip.exe
file	C:\Users\Administrator\Templates\vftv0ou 6r3apw4 4fq06c wk79oa4s2r04wd feet .mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\asian ko6o6a kmozxo sd7o90wnjx .mpeg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\cw4ymo3u rdoti90 4mvc8yaot [free] cock .mpg.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\porn horse fs8utd fishy .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\bwpt7j 4fq06c hot (!) feet (Jade,ynve4mgf).mpeg.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\y6go35p 9k8bf2i f6br2s2 .mpeg.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\doz78r7 xxx kc2hrt2j ash (a89thik).rar.exe
file	C:\ProgramData\Microsoft\RAC\Temp\6r3apw4 y6go35p f6br2s2 ngo69ybvy (ynve4mgf,j2knkmd).mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\bwpt7j l8qccpyq 6mjj01 legs tqxfpcxae098d .avi.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\3yxb6923t gay 4fq06c j8bb56pcl4 r47smh9 nr8wosn .avi.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\mtu2oyuh5 f6br2s2 boots .avi.exe
file	C:\ProgramData\Microsoft\Windows\Templates\xiwlzi0 9oypb8 kc2hrt2j boobs .mpeg.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\rdoti90 [bangbus] feet ngo69ybvy .mpeg.exe
file	C:\ProgramData\Templates\asian gay [bangbus] girly .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\asian horse kmozxo (Jenna).rar.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\q7tcmc0 a3xo5xtn jmmawhs j8bb56pcl4 45ld689 .avi.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\l8qccpyq big .mpeg.exe
file	C:\Program Files\Microsoft Office\Templates\jmmawhs hot (!) 5n10bh .rar.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\9oypb8 d2jspkm3 kpbv9mg7 .rar.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\n6kyxiy 4mvc8yaot j8bb56pcl4 r47smh9 young .mpg.exe
file	C:\Windows\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\y6go35p 6mjj01 (ynve4mgf,Sarah).zip.exe
file	C:\Users\Default\AppData\Local\Temp\6mw7u7 4mvc8yaot z8dvsxk girls .mpg.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\rdoti90 [bangbus] feet ngo69ybvy .mpeg.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (30 events)

Time & API	Arguments	Status	Return
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: csrss.exe process_identifier: 360	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: wininit.exe process_identifier: 388	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: csrss.exe process_identifier: 408	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: winlogon.exe process_identifier: 444	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 688	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 824	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 348	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: spoolsv.exe process_identifier: 1056	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 1084	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: sysmon.exe process_identifier: 1236	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: taskhost.exe process_identifier: 1596	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: explorer.exe process_identifier: 1696	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: unsecapp.exe process_identifier: 1744	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 1980	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: WmiPrvSE.exe process_identifier: 2088	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: SearchIndexer.exe process_identifier: 2236	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: OSPPSVC.EXE process_identifier: 3032	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: svchost.exe process_identifier: 1120	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: mscorsvw.exe process_identifier: 2540	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: mscorsvw.exe process_identifier: 2608	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: sppsvc.exe process_identifier: 2668	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: WmiPrvSE.exe process_identifier: 944	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: mobsync.exe process_identifier: 2440	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: pythonw.exe process_identifier: 1368	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: taskhost.exe process_identifier: 2352	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: SearchProtocolHost.exe process_identifier: 2160	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: SearchFilterHost.exe process_identifier: 1424	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 1824	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002a4 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2020	1	1
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344	1	1

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000013c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 1824		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x000002a4 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2020		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:24 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000258 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002a8 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002a8 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002a8 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002a8 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002a8 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x000002a8 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x00000260 process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0
Process32NextW Aug. 24, 2025, 12:25 a.m.	snapshot_handle: 0x0000027c process_name: c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe process_identifier: 2344		0	0

A process attempted to delay the analysis task. (1 event)

description

c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe tried to sleep 1346 seconds, actually delayed analysis time by 1346 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 24, 2025, 12:24 a.m.	service_handle: 0x004bca48 service_type: 48 service_status: 1		0	0

File has been identified by 12 AntiVirus engine on IRMA as malicious (12 events)

G Data Antivirus (Windows)	Virus: Generic.Malware.PfVPk!!prn!.FE0B916D (Engine A)
Avast Core Security (Linux)	Win32:MalwareX-gen [Misc]
C4S ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Trellix (Linux)	GenericRXMK-QV
WithSecure (Linux)	Worm.WORM/Rbot.Gen
eScan Antivirus (Linux)	Generic.Malware.PfVPk!!prn!.FE0B916D(DB)
ESET Security (Windows)	a variant of Win32/Agent.CP worm
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Pvpk-10056926-0
Bitdefender Antivirus (Linux)	Generic.Malware.PfVPk!!prn!.FE0B916D
Kaspersky Standard (Windows)	HEUR:Trojan.Win32.Generic
Emsisoft Commandline Scanner (Windows)	Generic.Malware.PfVPk!!prn!.FE0B916D (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File c8b26a319d7659c7_27bjd3d2x xxx uv0dxwt8x4m uncut n12wc0jz71 .mpg.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample