Cuckoo Sandbox

File 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe

Summary
Download Resubmit sample

Size	87.9KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5	`d0331287ff520fa81e95b5ea22880009`
SHA1	`dd8ec97a8ecfd0f1b86221d92271d5e3a235555e`
SHA256	`0e007c2bc1d6ba25f1a2abe97ee4cd05f7fc12b6969be0292e924b815445176b`
SHA512	`611584eef83c1a241a748d3faacde6bed8e8c80b87ab52c1303ca18c1a7f6b20fd1e12f2e905d0ad50911d6051aa1d3387f6fc244c445c2e4e906a9058ca57cf`
CRC32	`0B154E81`
ssdeep	`None`
Yara	UPX - (no description) suspicious_packer_section - The packer/protector section names/keywords win_registry - Affect system registries

Score

This file is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Autosubmit

Parent_Task_ID:6824473

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis

Category	Started	Completed	Duration	Routing	Logs
FILE	Aug. 8, 2025, 6:58 a.m.	Aug. 8, 2025, 7:02 a.m.	240 seconds	internet	Show Analyzer Log Show Cuckoo Log

Analyzer Log

2025-08-08 06:58:02,015 [analyzer] DEBUG: Starting analyzer from: C:\tmppw5mq4
2025-08-08 06:58:02,030 [analyzer] DEBUG: Pipe server name: \??\PIPE\cgkLKknIGMvDSGSjudHOy
2025-08-08 06:58:02,030 [analyzer] DEBUG: Log pipe server name: \??\PIPE\JoPuezjlIQxSnonGrIpiAIOAuO
2025-08-08 06:58:02,030 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-08-08 06:58:02,030 [analyzer] INFO: Automatically selected analysis package "exe"
2025-08-08 06:58:02,546 [analyzer] DEBUG: Started auxiliary module Curtain
2025-08-08 06:58:02,546 [analyzer] DEBUG: Started auxiliary module DbgView
2025-08-08 06:58:03,233 [analyzer] DEBUG: Started auxiliary module Disguise
2025-08-08 06:58:03,421 [analyzer] DEBUG: Loaded monitor into process with pid 504
2025-08-08 06:58:03,421 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-08-08 06:58:03,421 [analyzer] DEBUG: Started auxiliary module Human
2025-08-08 06:58:03,421 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-08-08 06:58:03,437 [analyzer] DEBUG: Started auxiliary module Reboot
2025-08-08 06:58:03,546 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-08-08 06:58:03,546 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-08-08 06:58:03,546 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-08-08 06:58:03,546 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-08-08 06:58:03,733 [lib.api.process] INFO: Successfully executed process from path u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe' with arguments '' and pid 2856
2025-08-08 06:58:03,937 [analyzer] DEBUG: Loaded monitor into process with pid 2856
2025-08-08 06:58:04,250 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Windows\mssrv.exe
2025-08-08 06:58:04,342 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files\Common Files\Microsoft Shared\blowjob licking .mpeg.exe
2025-08-08 06:58:04,687 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files\DVD Maker\Shared\bukkake [milf] sweet .mpg.exe
2025-08-08 06:58:05,015 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files\Microsoft Office\Templates\russian nude full movie .zip.exe
2025-08-08 06:58:05,125 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files\Windows Journal\Templates\bukkake lesbian boobs gorgeoushorny .mpeg.exe
2025-08-08 06:58:05,296 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files\Windows Sidebar\Shared Gadgets\fucking voyeur ejaculation  (Kathrin).mpg.exe
2025-08-08 06:58:05,342 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese bukkake horse full movie feet .avi.exe
2025-08-08 06:58:05,483 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files (x86)\Common Files\microsoft shared\japanese gay horse [bangbus] mature .zip.exe
2025-08-08 06:58:05,890 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cumshot several models .mpg.exe
2025-08-08 06:58:06,015 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Network\Downloader\cumshot licking boots .mpg.exe
2025-08-08 06:58:06,092 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\RAC\Temp\italian nude full movie feet young .zip.exe
2025-08-08 06:58:06,203 [analyzer] INFO: Injected into process with pid 796 and name ''
2025-08-08 06:58:06,217 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Search\Data\Temp\animal public .mpeg.exe
2025-08-08 06:58:06,280 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Windows\Templates\american sperm licking .mpeg.exe
2025-08-08 06:58:06,358 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Windows\Templates\indian horse public  (Sonja,Tatjana).mpg.exe
2025-08-08 06:58:06,375 [analyzer] DEBUG: Loaded monitor into process with pid 796
2025-08-08 06:58:06,842 [analyzer] INFO: Added new file to list with pid 2856 and path C:\tmppw5mq4\french xxx trambling full movie .mpeg.exe
2025-08-08 06:58:07,000 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cumshot hot (!) nipples bondage .mpg.exe
2025-08-08 06:58:07,108 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\trambling sperm voyeur mistress .zip.exe
2025-08-08 06:58:07,125 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\kicking horse full movie feet wifey .mpeg.exe
2025-08-08 06:58:07,140 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\brasilian sperm catfight circumcision .avi.exe
2025-08-08 06:58:07,312 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\russian bukkake uncut .mpg.exe
2025-08-08 06:58:07,375 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\norwegian trambling catfight granny .mpg.exe
2025-08-08 06:58:07,437 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\trambling bukkake catfight castration  (Ashley,Sarah).rar.exe
2025-08-08 06:58:07,515 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\Downloads\tyrkish cumshot trambling [free]  (Jenna).zip.exe
2025-08-08 06:58:07,562 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\cumshot girls pregnant .zip.exe
2025-08-08 06:58:07,640 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Network\Downloader\action xxx big latex .mpg.exe
2025-08-08 06:58:07,687 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\RAC\Temp\russian xxx catfight .zip.exe
2025-08-08 06:58:07,733 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Search\Data\Temp\beastiality catfight legs .rar.exe
2025-08-08 06:58:07,828 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Windows\Templates\canadian lingerie masturbation .avi.exe
2025-08-08 06:58:07,905 [analyzer] INFO: Added new file to list with pid 2856 and path C:\ProgramData\Microsoft\Windows\Templates\malaysia lesbian several models legs bondage .mpeg.exe
2025-08-08 06:58:07,921 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\action [milf] .mpg.exe
2025-08-08 06:58:07,937 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Default\AppData\Local\Temp\british beastiality cumshot catfight vagina .rar.exe
2025-08-08 06:58:07,967 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\asian kicking several models  (Jenna).mpg.exe
2025-08-08 06:58:08,000 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\swedish action cumshot uncut .mpeg.exe
2025-08-08 06:58:08,030 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Default\Downloads\bukkake fetish uncut beautyfull .avi.exe
2025-08-08 06:58:08,062 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\gang bang masturbation  (Janette,Jade).rar.exe
2025-08-08 06:58:08,092 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Users\Public\Downloads\norwegian fetish girls castration .zip.exe
2025-08-08 06:58:08,280 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\british xxx hidden cock sm .rar.exe
2025-08-08 06:58:08,296 [analyzer] INFO: Added new file to list with pid 2856 and path C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american animal fetish voyeur castration .zip.exe
2025-08-08 06:01:51,499 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-08-08 06:01:51,921 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-08-08 06:01:51,921 [lib.api.process] INFO: Successfully terminated process with pid 2856.
2025-08-08 06:01:51,921 [lib.api.process] INFO: Successfully terminated process with pid 796.
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\programdata\microsoft\rac\temp\russian xxx catfight .zip.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\program files (x86)\adobe\reader 9.0\reader\idtemplates\japanese bukkake horse full movie feet .avi.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\program files (x86)\common files\microsoft shared\japanese gay horse [bangbus] mature .zip.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\program files\microsoft office\templates\russian nude full movie .zip.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\templates\cumshot girls pregnant .zip.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\programdata\microsoft\windows\templates\indian horse public  (sonja,tatjana).mpg.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\iedownloadhistory\norwegian trambling catfight granny .mpg.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\users\default\downloads\bukkake fetish uncut beautyfull .avi.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\program files (x86)\windows sidebar\shared gadgets\cumshot several models .mpg.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\users\default\appdata\local\microsoft\windows\temporary internet files\action [milf] .mpg.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\microsoft\windows\temporary internet files\danish cumshot hot (!) nipples bondage .mpg.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\roaming\microsoft\windows\templates\trambling bukkake catfight castration  (ashley,sarah).rar.exe
2025-08-08 06:01:52,640 [analyzer] WARNING: Too many files: c:\users\administrator\appdata\local\temp\mozilla-temp-files\kicking horse full movie feet wifey .mpeg.exe
2025-08-08 06:01:52,640 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-08-08 06:58:05,967 [cuckoo.core.scheduler] INFO: Task #6824475: acquired machine win7x646 (label=win7x646)
2025-08-08 06:58:05,968 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.206 for task #6824475
2025-08-08 06:58:06,644 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 2579233 (interface=vboxnet0, host=192.168.168.206)
2025-08-08 06:58:06,743 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x646
2025-08-08 06:58:07,549 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x646 to vmcloak
2025-08-08 06:58:23,075 [cuckoo.core.guest] INFO: Starting analysis #6824475 on guest (id=win7x646, ip=192.168.168.206)
2025-08-08 06:58:24,081 [cuckoo.core.guest] DEBUG: win7x646: not ready yet
2025-08-08 06:58:29,120 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x646, ip=192.168.168.206)
2025-08-08 06:58:29,254 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x646, ip=192.168.168.206, monitor=latest, size=6660546)
2025-08-08 06:58:30,728 [cuckoo.core.resultserver] DEBUG: Task #6824475: live log analysis.log initialized.
2025-08-08 06:58:32,106 [cuckoo.core.resultserver] DEBUG: Task #6824475 is sending a BSON stream
2025-08-08 06:58:32,590 [cuckoo.core.resultserver] DEBUG: Task #6824475 is sending a BSON stream
2025-08-08 06:58:33,423 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'shots/0001.jpg'
2025-08-08 06:58:33,461 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 133470
2025-08-08 06:58:35,054 [cuckoo.core.resultserver] DEBUG: Task #6824475 is sending a BSON stream
2025-08-08 06:58:45,273 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 06:59:00,365 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 06:59:15,455 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 06:59:30,558 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 06:59:45,651 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:00:00,765 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:00:15,882 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:00:30,978 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:00:46,082 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:01:01,171 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:01:16,278 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:01:31,376 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:01:46,476 [cuckoo.core.guest] DEBUG: win7x646: analysis #6824475 still processing
2025-08-08 07:01:51,754 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'curtain/1754625711.75.curtain.log'
2025-08-08 07:01:51,758 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 36
2025-08-08 07:01:51,922 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'sysmon/1754625711.92.sysmon.xml'
2025-08-08 07:01:51,939 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 649508
2025-08-08 07:01:51,948 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/0fc7633498081b29_gang bang masturbation  (janette,jade).rar.exe'
2025-08-08 07:01:51,963 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1230050
2025-08-08 07:01:51,989 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/94d6a1dd76a784c9_norwegian fetish girls castration .zip.exe'
2025-08-08 07:01:52,042 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 2110437
2025-08-08 07:01:52,069 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/f3b7ce4b9735099c_american animal fetish voyeur castration .zip.exe'
2025-08-08 07:01:52,097 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1957960
2025-08-08 07:01:52,110 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/6d00ad54c314e331_french xxx trambling full movie .mpeg.exe'
2025-08-08 07:01:52,120 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 388897
2025-08-08 07:01:52,140 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/6c16e9b39e9c59fa_american sperm licking .mpeg.exe'
2025-08-08 07:01:52,164 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1423261
2025-08-08 07:01:52,188 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/67969f4ee5212f98_beastiality catfight legs .rar.exe'
2025-08-08 07:01:52,201 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1413288
2025-08-08 07:01:52,219 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/fab776fa4fe18d76_fucking voyeur ejaculation  (kathrin).mpg.exe'
2025-08-08 07:01:52,239 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1651005
2025-08-08 07:01:52,246 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/870aaca37635e982_blowjob licking .mpeg.exe'
2025-08-08 07:01:52,251 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 417082
2025-08-08 07:01:52,265 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/271d08e3c1ebf81e_cumshot licking boots .mpg.exe'
2025-08-08 07:01:52,278 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1302793
2025-08-08 07:01:52,286 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/d2083839a5ebd064_asian kicking several models  (jenna).mpg.exe'
2025-08-08 07:01:52,290 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 281803
2025-08-08 07:01:52,312 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/21ad0ca2aeb5c25a_russian bukkake uncut .mpg.exe'
2025-08-08 07:01:52,331 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 2043809
2025-08-08 07:01:52,343 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/076da190f5f35939_british xxx hidden cock sm .rar.exe'
2025-08-08 07:01:52,354 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 933934
2025-08-08 07:01:52,359 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/0bf18b0e802ff2e7_action xxx big latex .mpg.exe'
2025-08-08 07:01:52,367 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1074426
2025-08-08 07:01:52,383 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/4f5393d8a65480c9_bukkake lesbian boobs gorgeoushorny .mpeg.exe'
2025-08-08 07:01:52,398 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1722178
2025-08-08 07:01:52,403 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/5b3f4c29da76891c_bukkake [milf] sweet .mpg.exe'
2025-08-08 07:01:52,406 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 133900
2025-08-08 07:01:52,426 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/622f1bb1c222a999_animal public .mpeg.exe'
2025-08-08 07:01:52,445 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 2168284
2025-08-08 07:01:52,451 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/1ba3f0a2ac9c7662_malaysia lesbian several models legs bondage .mpeg.exe'
2025-08-08 07:01:52,457 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 170068
2025-08-08 07:01:52,469 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/d40b65162e270c69_british beastiality cumshot catfight vagina .rar.exe'
2025-08-08 07:01:52,494 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1882490
2025-08-08 07:01:52,514 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/dcebb2b5927fc979_swedish action cumshot uncut .mpeg.exe'
2025-08-08 07:01:52,522 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1110002
2025-08-08 07:01:52,530 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/f2b41f7d961b3a93_brasilian sperm catfight circumcision .avi.exe'
2025-08-08 07:01:52,536 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 915588
2025-08-08 07:01:52,544 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/79928d6e7d149976_italian nude full movie feet young .zip.exe'
2025-08-08 07:01:52,556 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1323870
2025-08-08 07:01:52,566 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/5dfdde0d55302c34_canadian lingerie masturbation .avi.exe'
2025-08-08 07:01:52,573 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 845324
2025-08-08 07:01:52,582 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/cfc8f19eddeb9707_tyrkish cumshot trambling [free]  (jenna).zip.exe'
2025-08-08 07:01:52,592 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1382544
2025-08-08 07:01:52,600 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/b6036f53c1466cdc_trambling sperm voyeur mistress .zip.exe'
2025-08-08 07:01:52,608 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 736478
2025-08-08 07:01:52,619 [cuckoo.core.resultserver] DEBUG: Task #6824475: File upload for 'files/eb9781b5104f7a59_mssrv.exe'
2025-08-08 07:01:52,637 [cuckoo.core.resultserver] DEBUG: Task #6824475 uploaded file length: 1790919
2025-08-08 07:01:52,656 [cuckoo.core.resultserver] DEBUG: Task #6824475 had connection reset for <Context for LOG>
2025-08-08 07:01:55,530 [cuckoo.core.guest] INFO: win7x646: analysis completed successfully
2025-08-08 07:01:55,541 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-08-08 07:01:55,568 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-08-08 07:01:57,119 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x646 to path /srv/cuckoo/cwd/storage/analyses/6824475/memory.dmp
2025-08-08 07:01:57,120 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x646
2025-08-08 07:02:05,481 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.206 for task #6824475
2025-08-08 07:02:05,795 [cuckoo.core.scheduler] DEBUG: Released database task #6824475
2025-08-08 07:02:05,810 [cuckoo.core.scheduler] INFO: Task #6824475: analysis procedure completed

Signatures

Yara rules detected for file (3 events)

description	(no description)	rule	UPX
description	The packer/protector section names/keywords	rule	suspicious_packer_section
description	Affect system registries	rule	win_registry

Creates executable files on the filesystem (38 events)

file	C:\ProgramData\Microsoft\Windows\Templates\american sperm licking .mpeg.exe
file	C:\Users\All Users\Microsoft\Network\Downloader\action xxx big latex .mpg.exe
file	C:\ProgramData\Microsoft\Search\Data\Temp\animal public .mpeg.exe
file	C:\Users\Default\AppData\Local\Temp\british beastiality cumshot catfight vagina .rar.exe
file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\swedish action cumshot uncut .mpeg.exe
file	C:\Users\Default\AppData\Local\Temporary Internet Files\asian kicking several models (Jenna).mpg.exe
file	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\cumshot several models .mpg.exe
file	C:\ProgramData\Microsoft\Network\Downloader\cumshot licking boots .mpg.exe
file	C:\Users\Administrator\Downloads\tyrkish cumshot trambling [free] (Jenna).zip.exe
file	C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\danish cumshot hot (!) nipples bondage .mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\trambling bukkake catfight castration (Ashley,Sarah).rar.exe
file	C:\Users\Administrator\AppData\Local\Temp\mozilla-temp-files\kicking horse full movie feet wifey .mpeg.exe
file	C:\ProgramData\Microsoft\RAC\Temp\italian nude full movie feet young .zip.exe
file	C:\tmppw5mq4\french xxx trambling full movie .mpeg.exe
file	C:\Users\Default\Downloads\bukkake fetish uncut beautyfull .avi.exe
file	C:\Users\Public\Downloads\norwegian fetish girls castration .zip.exe
file	C:\Users\All Users\Microsoft\Windows\Templates\canadian lingerie masturbation .avi.exe
file	C:\Windows\mssrv.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\british xxx hidden cock sm .rar.exe
file	C:\Program Files\Microsoft Office\Templates\russian nude full movie .zip.exe
file	C:\Users\Administrator\Templates\cumshot girls pregnant .zip.exe
file	C:\Program Files\Windows Sidebar\Shared Gadgets\fucking voyeur ejaculation (Kathrin).mpg.exe
file	C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\action [milf] .mpg.exe
file	C:\Users\Administrator\AppData\Local\Temp\trambling sperm voyeur mistress .zip.exe
file	C:\Users\All Users\Templates\malaysia lesbian several models legs bondage .mpeg.exe
file	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\japanese bukkake horse full movie feet .avi.exe
file	C:\Program Files (x86)\Common Files\microsoft shared\japanese gay horse [bangbus] mature .zip.exe
file	C:\Program Files\Windows Journal\Templates\bukkake lesbian boobs gorgeoushorny .mpeg.exe
file	C:\Users\Default\Templates\gang bang masturbation (Janette,Jade).rar.exe
file	C:\Program Files\DVD Maker\Shared\bukkake [milf] sweet .mpg.exe
file	C:\Users\All Users\Microsoft\Search\Data\Temp\beastiality catfight legs .rar.exe
file	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\norwegian trambling catfight granny .mpg.exe
file	C:\Windows\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american animal fetish voyeur castration .zip.exe
file	C:\Program Files\Common Files\Microsoft Shared\blowjob licking .mpeg.exe
file	C:\Users\Administrator\AppData\Local\Temporary Internet Files\brasilian sperm catfight circumcision .avi.exe
file	C:\ProgramData\Templates\indian horse public (Sonja,Tatjana).mpg.exe
file	C:\Users\Administrator\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\russian bukkake uncut .mpg.exe
file	C:\Users\All Users\Microsoft\RAC\Temp\russian xxx catfight .zip.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates\gang bang masturbation (Janette,Jade).rar.exe

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (34 events)

Time & API	Arguments	Status	Return
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: csrss.exe process_identifier: 356	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: wininit.exe process_identifier: 384	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: csrss.exe process_identifier: 408	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: winlogon.exe process_identifier: 444	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: services.exe process_identifier: 488	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 628	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 700	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 832	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 880	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 912	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: spoolsv.exe process_identifier: 1048	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 1088	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: sysmon.exe process_identifier: 1244	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: dwm.exe process_identifier: 1596	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: explorer.exe process_identifier: 1696	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: unsecapp.exe process_identifier: 1788	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 1984	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: pythonw.exe process_identifier: 1744	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: SearchIndexer.exe process_identifier: 2268	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: OSPPSVC.EXE process_identifier: 3064	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: svchost.exe process_identifier: 2600	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: mscorsvw.exe process_identifier: 2096	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: mscorsvw.exe process_identifier: 2632	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: sppsvc.exe process_identifier: 2772	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: WmiPrvSE.exe process_identifier: 2456	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: WmiPrvSE.exe process_identifier: 1964	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: SearchProtocolHost.exe process_identifier: 792	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: SearchFilterHost.exe process_identifier: 1540	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: mobsync.exe process_identifier: 1536	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: pythonw.exe process_identifier: 2952	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: taskhost.exe process_identifier: 1332	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 2856	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000274 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 796	1	1
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00008800', u'virtual_address': u'0x00012000', u'entropy': 7.943864614025491, u'name': u'UPX1', u'virtual_size': u'0x00009000'}

entropy

7.94386461403

description

A section with a high entropy has been found

entropy

0.985507246377

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 197 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000130 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 2856		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000274 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 796		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:58 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x00000200 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x000002e0 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0
Process32NextW Aug. 8, 2025, 7:59 a.m.	snapshot_handle: 0x00000288 process_name: 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe process_identifier: 1836		0	0

The executable is compressed using UPX (3 events)

section	UPX0	description	Section name indicates UPX
section	UPX1	description	Section name indicates UPX
section	UPX2	description	Section name indicates UPX

A process attempted to delay the analysis task. (1 event)

description

0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe tried to sleep 1343 seconds, actually delayed analysis time by 1343 seconds

Enumerates services, possibly for anti-virtualization (1 event)

Time & API	Arguments	Status	Return	Repeated
EnumServicesStatusA Aug. 8, 2025, 7:58 a.m.	service_handle: 0x0088cb70 service_type: 48 service_status: 1		0	0

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32

reg_value

C:\Windows\mssrv.exeH:ÿsaP<ÿÀ::P0/ÊlPw Ü0/`È9H:Äèú´õqø;ª8ûxÿõqTwYîþÿÿÿª8Pw¢4PwH:`a@:0ü7.9vH:Ã@\ýÀÂH:Øþâ@

Creates known WinSxsBot/Sfone Worm files, registry keys and/or mutexes (1 event)

mutex

mutex666

File has been identified by 14 AntiVirus engine on IRMA as malicious (14 events)

G Data Antivirus (Windows)	Virus: Gen:Heur.Mint.Murphy.3 (Engine A), Win32.Worm.Sfone.B (Engine B)
Avast Core Security (Linux)	Win32:MalwareX-gen [Wrm]
C4S ClamAV (Linux)	Win.Malware.Bbabdcdc-7358314-0
Trend Micro SProtect (Linux)	Worm.Win32.SFONE.SM
Trellix (Linux)	GenericRXKN-BX
WithSecure (Linux)	Trojan.TR/Crypt.ULPM.Gen
eScan Antivirus (Linux)	Gen:Heur.Mint.Murphy.3(DB)
ESET Security (Windows)	Win32/Agent.CP worm
Sophos Anti-Virus (Linux)	W32/Sfone-A
DrWeb Antivirus (Linux)	Win32.HLLW.Siggen.1607
ClamAV (Linux)	Win.Malware.Bbabdcdc-7358314-0
Bitdefender Antivirus (Linux)	Gen:Heur.Mint.Murphy.3
Kaspersky Standard (Windows)	Worm.Win32.Agent.cp
Emsisoft Commandline Scanner (Windows)	Gen:Heur.Mint.Murphy.3 (B)

Screenshots

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action	VT	Location
No hosts contacted.

Browser recommendation

File 0e007c2bc1d6ba25_horse masturbation glans 40+ .mpg.exe

Summary Download Resubmit sample

Score

Autosubmit

Feedback

Information on Execution

Analyzer Log

Cuckoo Log

Signatures

Feedback

Summary
Download Resubmit sample