Windows
Analysis Report
file.dll
Overview
General Information
Sample name: | file.dll (renamed file extension from exe to dll) |
Original sample name: | file.exe |
Analysis ID: | 1524233 |
MD5: | 03c9351e4fabe66d22bf80454e010069 |
SHA1: | 74552026cb09976c3b214623496001141b0a7146 |
SHA256: | cb85217d6232dbd4a1a5667b195254438b68a99edca1fc531ea7f5544a722b3d |
Tags: | dllexesignedx64user-jstrosch |
Infos: | |
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 1096 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\fil e.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 3556 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 3376 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\fil e.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 1820 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\file .dll",#1 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 1592 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,JNI_On Load MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 1524 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,Java_j dk_managem ent_resour ce_interna l_Resource Natives_co mputeRetai nedMemory0 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 2228 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,Java_j dk_managem ent_resour ce_interna l_Resource Natives_cr eateResour ceContext0 MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | DNS traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Process queried: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | 1 Non-Application Layer Protocol | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
18.31.95.13.in-addr.arpa | unknown | unknown | false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524233 |
Start date and time: | 2024-10-02 17:15:10 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 2m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.dll (renamed file extension from exe to dll) |
Original Sample Name: | file.exe |
Detection: | CLEAN |
Classification: | clean2.winDLL@12/0@1/0 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: file.dll
File type: | |
Entropy (8bit): | 6.583480471704661 |
TrID: |
|
File name: | file.dll |
File size: | 21'664 bytes |
MD5: | 03c9351e4fabe66d22bf80454e010069 |
SHA1: | 74552026cb09976c3b214623496001141b0a7146 |
SHA256: | cb85217d6232dbd4a1a5667b195254438b68a99edca1fc531ea7f5544a722b3d |
SHA512: | 801a7f1cb16f1d03455eccd20605f4b3175688080fdc8fdc7fee2d15c9b8a209c59264ce05cfbbbbb974680383830b90815f6fa74b362875741cecb19f1c4877 |
SSDEEP: | 384:K37U76Lz+X0eAgx+IYieTFhO0rmPxh8E9VF0NyQpNO:wY76LzWxTYiUFSPxWEeDO |
TLSH: | C6A27C63AB688C71E56B457070E5473AE631B681D9F0C3DB2328C2185FE734277687AE |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....T...T...T.aST...T.q.U...T.q.U...T.q.U...T.q.U...T.q.U...Thp.U...T...T...Thp.U...Thp.U...Thp?T...Thp.U...TRich...T....... |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x180001494 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x63BBD4C4 [Mon Jan 9 08:48:04 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | f279f07bdc54ce37775768e2e33cc25c |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2876C1BECB51837D0E3DE50903D025B6 |
Thumbprint SHA-1: | 940D69C0A34A1B4CFD8048488BA86F4CED60481A |
Thumbprint SHA-256: | EE46613A38B4F486164BCE7FB23178667715617F511B364594311A1548B08EB1 |
Serial: | 068BE2F53452C882F18ED41A5DD4E7A3 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007F2D1091BBB7h |
call 00007F2D1091BBD4h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007F2D1091BA44h |
int3 |
int3 |
int3 |
dec eax |
mov dword ptr [esp+20h], ebx |
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 20h |
dec eax |
mov eax, dword ptr [00001B28h] |
dec eax |
mov ebx, 2DDFA232h |
cdq |
sub eax, dword ptr [eax] |
add byte ptr [eax+3Bh], cl |
ret |
jne 00007F2D1091BC26h |
dec eax |
and dword ptr [ebp+18h], 00000000h |
dec eax |
lea ecx, dword ptr [ebp+18h] |
call dword ptr [00000B22h] |
dec eax |
mov eax, dword ptr [ebp+18h] |
dec eax |
mov dword ptr [ebp+10h], eax |
call dword ptr [00000B0Ch] |
mov eax, eax |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [00000AF8h] |
mov eax, eax |
dec eax |
lea ecx, dword ptr [ebp+20h] |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [00000AE0h] |
mov eax, dword ptr [ebp+20h] |
dec eax |
lea ecx, dword ptr [ebp+10h] |
dec eax |
shl eax, 20h |
dec eax |
xor eax, dword ptr [ebp+20h] |
dec eax |
xor eax, dword ptr [ebp+10h] |
dec eax |
xor eax, ecx |
dec eax |
mov ecx, FFFFFFFFh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x2740 | 0x470 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2bb0 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5000 | 0x3a8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x4000 | 0x180 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2c00 | 0x28a0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6000 | 0x14 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2190 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x21f0 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0xf8 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xdb3 | 0xe00 | e85b91159c86a14a4a9f3b541267e3c2 | False | 0.6417410714285714 | data | 6.0424158857658234 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x2000 | 0xfcc | 0x1000 | ba5d9366be4c8d85f3367c10f43673dd | False | 0.38134765625 | data | 4.6482792014586005 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3000 | 0xc8 | 0x200 | f80f80858fe0cc19877afbeb1cfa6697 | False | 0.09375 | DOS executable (block device driver \322f\324\377\3772) | 0.4295224506328726 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x4000 | 0x180 | 0x200 | f86246b720d8f2464e5f0d170466667f | False | 0.439453125 | data | 2.9726848454778283 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x5000 | 0x3a8 | 0x400 | a18e3c24e92b0b5ec68cc41d52813b9b | False | 0.41015625 | data | 3.0687025588586345 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6000 | 0x14 | 0x200 | 10e129f688dafb72e26ac1e86eb7dc14 | False | 0.060546875 | data | 0.21473251778718186 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x5060 | 0x344 | data | 0.46172248803827753 |
DLL | Import |
---|---|
jvm.dll | JVM_GetManagementExt |
java.dll | JNU_ThrowInternalError |
KERNEL32.dll | IsProcessorFeaturePresent, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, DisableThreadLibraryCalls, InitializeSListHead, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter |
VCRUNTIME140.dll | __std_type_info_destroy_list, __C_specific_handler, memset |
api-ms-win-crt-runtime-l1-1-0.dll | _cexit, _execute_onexit_table, _initterm, _initterm_e, _seh_filter_dll, _configure_narrow_argv, _initialize_narrow_environment, _initialize_onexit_table |
Name | Ordinal | Address |
---|---|---|
JNI_OnLoad | 1 | 0x180001000 |
Java_jdk_management_resource_internal_ResourceNatives_computeRetainedMemory0 | 2 | 0x180001054 |
Java_jdk_management_resource_internal_ResourceNatives_createResourceContext0 | 3 | 0x180001068 |
Java_jdk_management_resource_internal_ResourceNatives_destroyResourceContext0 | 4 | 0x180001078 |
Java_jdk_management_resource_internal_ResourceNatives_featuresEnabled0 | 5 | 0x18000108c |
Java_jdk_management_resource_internal_ResourceNatives_getContextsRetainedMemory0 | 6 | 0x180001098 |
Java_jdk_management_resource_internal_ResourceNatives_getCurrentThreadAllocatedHeap0 | 7 | 0x1800010b4 |
Java_jdk_management_resource_internal_ResourceNatives_getCurrentThreadCPUTime0 | 8 | 0x1800010c0 |
Java_jdk_management_resource_internal_ResourceNatives_getThreadResourceContext0 | 9 | 0x1800010d0 |
Java_jdk_management_resource_internal_ResourceNatives_getThreadStats0 | 10 | 0x1800010e0 |
Java_jdk_management_resource_internal_ResourceNatives_sampleInterval0 | 11 | 0x180001128 |
Java_jdk_management_resource_internal_ResourceNatives_setRetainedMemoryNotificationEnabled0 | 12 | 0x180001134 |
Java_jdk_management_resource_internal_ResourceNatives_setThreadResourceContext0 | 13 | 0x180001144 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 2, 2024 17:16:44.371423960 CEST | 53 | 63948 | 162.159.36.2 | 192.168.2.9 |
Oct 2, 2024 17:16:44.853156090 CEST | 63115 | 53 | 192.168.2.9 | 1.1.1.1 |
Oct 2, 2024 17:16:44.860466957 CEST | 53 | 63115 | 1.1.1.1 | 192.168.2.9 |
Oct 2, 2024 17:16:47.702954054 CEST | 53 | 51096 | 1.1.1.1 | 192.168.2.9 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 2, 2024 17:16:44.853156090 CEST | 192.168.2.9 | 1.1.1.1 | 0xb955 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 2, 2024 17:16:44.860466957 CEST | 1.1.1.1 | 192.168.2.9 | 0xb955 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 11:16:13 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7081d0000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 11:16:13 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff70f010000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 11:16:13 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff702e40000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 11:16:13 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61c990000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 11:16:13 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61c990000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 11:16:16 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61c990000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 11:16:19 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61c990000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |