Windows Analysis Report
SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe

Overview

General Information

Sample name: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe
Analysis ID: 1431442
MD5: 316b0ac873282268974444a2f61fab9a
SHA1: 8de255463c78fba2c45d9d0193b38ba4246a88d8
SHA256: 860ce0f9ea887a41d1240608dccbfa2dbfbc2fc2772b455156833254d8089067
Tags: exe
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
One or more processes crash
PE file contains sections with non-standard names
PE file does not import any functions
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Virustotal: Detection: 32% Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI
Source: Amcache.hve.4.dr String found in binary or memory: http://upx.sf.net
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe String found in binary or memory: http://www.clamav.net
Detected potential crypto function
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_004462EC 0_2_004462EC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0044B4B8 0_2_0044B4B8
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: String function: 0040439C appears 69 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: String function: 00406434 appears 61 times
One or more processes crash
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 232
PE file does not import any functions
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Static PE information: No import functions for PE file found
Uses 32bit PE files
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, BYTES_REVERSED_LO, 32BIT_MACHINE, DEBUG_STRIPPED, REMOVABLE_RUN_FROM_SWAP, NET_RUN_FROM_SWAP, BYTES_REVERSED_HI
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Static PE information: Section .clam01
Source: classification engine Classification label: mal60.winEXE@2/5@0/0
Source: C:\Windows\SysWOW64\WerFault.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6532
Source: C:\Windows\SysWOW64\WerFault.exe File created: C:\ProgramData\Microsoft\Windows\WER\Temp\3725e3de-ade6-4aa1-bb6e-2707e5319200 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Virustotal: Detection: 32%
Source: unknown Process created: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe "C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 232
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Section loaded: apphelp.dll Jump to behavior
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .clam01
PE file contains sections with non-standard names
Source: SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Static PE information: section name: .clam01
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424084 push 004240B0h; ret 0_2_004240A8
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00426168 push 004261ABh; ret 0_2_004261A3
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0041610C push ecx; mov dword ptr [esp], edx 0_2_0041610E
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_004261CC push 00426218h; ret 0_2_00426210
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00406198 push 004061C4h; ret 0_2_004061BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0042627C push 004262A8h; ret 0_2_004262A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00406210 push 0040623Ch; ret 0_2_00406234
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00426224 push 0042626Fh; ret 0_2_00426267
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00422298 push 004222C4h; ret 0_2_004222BC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0042238C push 004223B8h; ret 0_2_004223B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_004263B4 push 0042642Ah; ret 0_2_00426422
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0042C49C push 0042C4C8h; ret 0_2_0042C4C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0042C604 push 0042C630h; ret 0_2_0042C628
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00410846 push 004108BEh; ret 0_2_004108B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00410848 push 004108BEh; ret 0_2_004108B6
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00440824 push 00440850h; ret 0_2_00440848
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_004108C0 push 00410968h; ret 0_2_00410960
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0041A932 push 0041A9DFh; ret 0_2_0041A9D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0041A934 push 0041A9DFh; ret 0_2_0041A9D7
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_0041A9E4 push 0041AA74h; ret 0_2_0041AA6C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00410A6C push 00410A98h; ret 0_2_00410A90
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424A78 push 00424AA4h; ret 0_2_00424A9C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424A08 push 00424A57h; ret 0_2_00424A4F
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424AE8 push 00424B14h; ret 0_2_00424B0C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424AB0 push 00424ADCh; ret 0_2_00424AD4
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00422B4C push 00422B78h; ret 0_2_00422B70
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424B58 push 00424B84h; ret 0_2_00424B7C
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00422B0C push 00422B38h; ret 0_2_00422B30
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424B20 push 00424B4Ch; ret 0_2_00424B44
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00424BC8 push 00424BF4h; ret 0_2_00424BEC
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00412BE4 push ecx; mov dword ptr [esp], edx 0_2_00412BE9
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: Amcache.hve.4.dr Binary or memory string: VMware
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.4.dr Binary or memory string: vmci.syshbin
Source: Amcache.hve.4.dr Binary or memory string: VMware, Inc.
Source: Amcache.hve.4.dr Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.4.dr Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.4.dr Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.4.dr Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.4.dr Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.4.dr Binary or memory string: vmci.sys
Source: Amcache.hve.4.dr Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.4.dr Binary or memory string: vmci.syshbin`
Source: Amcache.hve.4.dr Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.4.dr Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.4.dr Binary or memory string: VMware20,1
Source: Amcache.hve.4.dr Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.4.dr Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.4.dr Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.4.dr Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.4.dr Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.4.dr Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.4.dr Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.4.dr Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.4.dr Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.4.dr Binary or memory string: vmci.inf_amd64_68ed49469341f563
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe Code function: 0_2_00406154 LdrInitializeThunk, 0_2_00406154
AV process strings found (often used to terminate AV products)
Source: Amcache.hve.4.dr Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.4.dr Binary or memory string: MsMpEng.exe
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1431442 Sample: SecuriteInfo.com.W32.S-909c... Startdate: 25/04/2024 Architecture: WINDOWS Score: 60 10 Antivirus / Scanner detection for submitted sample 2->10 12 Multi AV Scanner detection for submitted file 2->12 14 Machine Learning detection for sample 2->14 6 SecuriteInfo.com.W32.S-909ca299.Eldorado.13478.26653.exe 2->6         started        process3 process4 8 WerFault.exe 19 16 6->8         started       
No contacted IP infos