Report #13513 check_circle

  • Creation Date: Aug. 20, 2021, 2:33 p.m.
  • Last Update: Aug. 21, 2021, 8:09 a.m.
  • File: VBoxTray.exe
  • Results:
Binary
DLL
False cancel
Size
1.62MB
trid
50.0% Generic Win/DOS Executable
49.9% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows GUI
Hashes
md5
7a91cf84b95040b65605de09ceee11d1
sha1
a817ec8feca75fc3ea14b615cb0eec33763772d5
crc32
0xe5996a56
sha224
a7cd62037a0fcd70c93ef12fc6a6011dd8cb45a2c8c25993868a932e
sha256
d570dae63a068ecb9abc7035ded09221250b759591386c2f3c67bf125c05cf58
sha384
77a0c1171eda749ac26deb88833fed0c0d686116ff4492fe8a58d3611ca852375cafd4f26c18a623a5f6e391069bcfe2
sha512
bdb7f6a1cff1d773098dd45f8a6c06acf85d1753dc0a0976f7db68d8780b24ff1e525b55284fb18696c6f772a2f503434c5d76cd52a22841cb125a090858d964
ssdeep
24576:T03YtXxt1h6RmisUbNncPOyYVUnSayDXTlrrldx5XeWKKv:RhtGRTpNnOOyYVUADXTBldrXeWKW
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
domain, IP, HasDebugData, VirtualBox_Detection, escalate_priv, HasRichSignature, VC8_Microsoft_Corporation, Check_OutputDebugStringA_iat, network_dns, Check_VBox_Guest_Additions, IsPE32, win_files_operation, HasModified_DOS_Message, contentis_base64, network_tcp_socket, screenshot, win_token, win_mutex, maldoc_find_kernel32_base_method_1, shylock, vmdetect, IsWindowsGUI, network_udp_sock, anti_dbg, DebuggerHiding__Active, network_tcp_listen, DebuggerCheck__QueryInfo, url, android_meterpreter, Microsoft_Visual_Cpp_8, win_registry, HasOverlay, vmdetect_misc, Misc_Suspicious_Strings, powershell, Big_Numbers0

Suspicious
True check_circle

Imports
GDI32.dll
DeleteDC, CreateDCA, GetRegionData, CreateRectRgn, SetRectRgn, OffsetRgn, CombineRgn, ExtEscape, DeleteObject
ntdll.dll
NtOpenProcess, RtlFreeUnicodeString, NtSetInformationFile, NtQueryObject, NtCreateFile, NtOpenDirectoryObject, NtQueryVolumeInformationFile, NtQueryInformationProcess, NtClose, NtQueryInformationFile, NtQueryDirectoryFile, NtQueryDirectoryObject
ole32.dll
ReleaseStgMedium, CoTaskMemAlloc, CoTaskMemFree, OleDuplicateData, OleInitialize, OleUninitialize, DoDragDrop, CoLockObjectExternal, RegisterDragDrop, RevokeDragDrop
USER32.dll
SetClipboardData, SetWindowPos, OpenClipboard, CloseClipboard, EmptyClipboard, SetClipboardViewer, ChangeClipboardChain, SendMessageTimeoutA, GetClipboardFormatNameA, EnumClipboardFormats, SendMessageCallbackA, GetClipboardViewer, ShowWindow, SetWindowLongA, GetSystemMetrics, ClientToScreen, GetClipboardFormatNameW, GetUserObjectSecurity, SetUserObjectSecurity, CloseDesktop, OpenDesktopA, SetProcessWindowStation, OpenWindowStationA, GetProcessWindowStation, GetWindowThreadProcessId, AttachThreadInput, ShowCursor, ChangeDisplaySettingsA, EnumDisplayDevicesA, GetClipboardOwner, PostMessageA, EnumWindows, GetWindowLongA, GetWindowRect, GetWindowTextA, GetClassNameA, GetWindowRgn, GetClassInfoExA, EnumDisplaySettingsA, PostThreadMessageA, GetMessageA, PostQuitMessage, GetDC, ReleaseDC, LoadCursorA, RegisterClassExA, CreateWindowExA, DefWindowProcA, MsgWaitForMultipleObjectsEx, PeekMessageA, TranslateMessage, DispatchMessageA, KillTimer, SetTimer, DestroyWindow, UnregisterClassA, GetDesktopWindow, MessageBoxA, RegisterWindowMessageA, FindWindowA, FindWindowExA, GetClipboardData, RegisterClipboardFormatA, GetCursorPos, SystemParametersInfoA, WindowFromPoint, DestroyIcon, LoadIconA, SendMessageA
SHELL32.dll
DragQueryFileA, DragQueryFileW, Shell_NotifyIconA, ShellExecuteW
ADVAPI32.dll
RegSetValueExW, GetUserNameW, LookupAccountSidW, InitializeAcl, CopySid, AddAce, GetAce, GetSecurityDescriptorDacl, GetAclInformation, SetSecurityDescriptorSacl, GetSecurityDescriptorSacl, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegEnumValueW, RegOpenKeyExA, OpenThreadToken, OpenProcessToken, EqualSid, IsValidSid, GetTokenInformation, AdjustTokenPrivileges, LookupPrivilegeValueA, GetLengthSid
KERNEL32.dll
HeapAlloc, HeapReAlloc, RtlUnwind, GetCommandLineA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, GetCurrentProcess, HeapCreate, GetModuleHandleW, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, HeapSize, GetModuleFileNameA, WideCharToMultiByte, SetHandleCount, GetFileType, QueryPerformanceCounter, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LoadLibraryW, GetLocaleInfoW, SetStdHandle, WriteConsoleW, MultiByteToWideChar, LCMapStringW, GetStringTypeW, CreateFileW, FlushFileBuffers, GetUserDefaultLCID, GetVersion, FileTimeToLocalFileTime, GetTimeZoneInformation, LocalFree, HeapFree, GetThreadTimes, CreateNamedPipeW, CreateEventW, GetOverlappedResult, ReadFile, ResetEvent, PeekNamedPipe, DisconnectNamedPipe, ConnectNamedPipe, OpenProcess, WriteProcessMemory, ReadProcessMemory, DuplicateHandle, GetExitCodeProcess, WaitForSingleObjectEx, ResumeThread, SetEndOfFile, SetFileAttributesW, DeviceIoControl, GetFileSize, LockFileEx, UnlockFile, SetFileTime, DeleteFileW, SetErrorMode, OutputDebugStringA, VirtualProtect, VirtualLock, LoadLibraryExW, GetSystemDirectoryW, GetFileAttributesW, GetFullPathNameW, GetEnvironmentVariableW, MoveFileExW, GetCurrentDirectoryW, SetCurrentDirectoryW, CreateFileA, CreateNamedPipeA, GetNamedPipeHandleStateA, GetNamedPipeInfo, SystemTimeToFileTime, GetSystemTime, GetProcessHeap, GetSystemInfo, CreateDirectoryW, RemoveDirectoryW, SetEnvironmentVariableA, ExitThread, CompareStringW, RaiseException, FreeLibrary, GetSystemDirectoryA, LoadLibraryA, SetEnvironmentVariableW, GetCurrentProcessId, CreateProcessW, GetStartupInfoW, InterlockedDecrement, InterlockedIncrement, SetLastError, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalReAlloc, GlobalFree, lstrlenW, GlobalSize, GetCurrentThreadId, GetTickCount, InitializeCriticalSection, CreateThread, GetProcAddress, Sleep, WaitForSingleObject, DeleteCriticalSection, GetModuleHandleA, EnterCriticalSection, LeaveCriticalSection, CreateMutexA, GetCurrentThread, SetThreadPriority, SetEvent, CloseHandle, CreateEventA, GetCommandLineW, GetLastError
Strings
List
A virtual machine is running with its memory allocated across multiple NUMA nodes. This does not indicate a problem unless the performance of your virtual machine is unusually slow. If you are experiencing performance problems, you may need to modify the NUMA configuration. For detailed information, see http://go.microsoft.com/fwlink/?LinkId=92362.
The non-uniform memory access (NUMA) node settings do not match the system NUMA topology. In order to start the virtual machine, you will need to modify the NUMA configuration. For detailed information, see http://go.microsoft.com/fwlink/?LinkId=92362.
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
7http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
4http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
4http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Bhttp://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Chttp://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
,http://crl4.digicert.com/sha2-assured-ts.crl0
,http://crl3.digicert.com/sha2-assured-ts.crl02
,http://crl4.digicert.com/sha2-assured-ts.crl0
,http://crl3.digicert.com/sha2-assured-ts.crl02
/http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
/http://crl3.digicert.com/sha2-assured-cs-g1.crl05
@http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
https://www.virtualbox.org/
*http://crl3.digicert.com/assured-cs-g1.crl00
*http://crl4.digicert.com/assured-cs-g1.crl0L
.http://www.digicert.com/ssl-cps-repository.htm0
http://www.digicert.com/CPS0
http://www.digicert.com/CPS0
https://www.digicert.com/CPS0
http://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
https://www.digicert.com/CPS0
Process Verification Failure: Symantec Endpoint Protection must be disabled for the VirtualBox VM processes. http://www.symantec.com/connect/articles/creating-application-control-exclusions-symantec-endpoint-protection-121.
D:\tinderbox\add-6.1\src\VBox\Additions\WINNT\VBoxTray\VBoxDnDDataObject.cpp
D:\tinderbox\add-6.1\out\win.x86\release\obj\VBoxTray\VBoxTray.pdb
D:\tinderbox\add-6.1\src\VBox\Additions\WINNT\VBoxTray\VBoxIPC.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\WINNT\VBoxTray\VBoxDnD.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\WINNT\VBoxTray\VBoxLA.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\WINNT\VBoxTray\VBoxTray.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\WINNT\VBoxTray\VBoxDnDDropTarget.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\WINNT\VBoxTray\VBoxClipboard.cpp
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
./VBoxGAs-%04d-%02d-%02d-%02d-%02d-%02d.%03d-%s-%d.log
\\.\pipe\iprt-pipe-%u-%u
D:\tinderbox\add-6.1\src\VBox\Additions\common\VBoxGuest\lib\VBoxGuestR3LibGuestProp.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\path\RTPathFindCommon.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\path\RTPathJoinA.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\common\VBoxGuest\lib\VBoxGuestR3LibLog.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\path\RTPathAbsExDup.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\path\RTPathAbsEx.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\rtProcInitExePath-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\misc\lockvalidator.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\RTFileCopyPartEx-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\rand\randparkmiller.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\log\log.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\string\utf-8.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\RTSystemQueryOSInfo-win.cpp
D:\tinderbox\add-6.1\src\VBox\GuestHost\DragAndDrop\DnDDroppedFiles.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\string\RTStrSplit.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\RTPathGetCurrentDrive-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\misc\uri.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\misc\term.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\common\VBoxGuest\lib\VBoxGuestR3LibVideo.cpp
The displayData.name field cannot be null.
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\process-win.cpp
D:\tinderbox\add-6.1\src\VBox\GuestHost\DragAndDrop\DnDTransferObject.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\spinlock-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\misc\getoptargv.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\misc\thread.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\err\RTErrConvertFromErrno.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\critsect-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\semevent-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\semeventmulti-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\semxroads-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\semrw-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\nt\pathint-nt.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\nt\RTErrConvertFromNtStatus.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\socket.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\tls-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\pipe-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\path-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\env-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\utf8-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\localipc-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\env-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\generic\semspinmutex-r3-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\semfastmutex-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\generic\RTEnvDupEx-generic.cpp
D:\tinderbox\add-6.1\src\VBox\Additions\common\VBoxGuest\lib\VBoxGuestR3LibClipboard.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\common\ldr\ldrNative.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\win\RTErrConvertFromWin32.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\win\thread-win.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\nt\direnum-r3-nt.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\init.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\fileio.cpp
D:\tinderbox\add-6.1\src\VBox\Runtime\r3\dir.cpp

Foremost
Matches
0.exe, 1 MB, 2770.png, 67 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: True check_circle
Allowed
Suspicious: 2.5.5.1, 0, Unknown, 2.5.5.14, 0, Unknown, 2.5.5.7, 0, Unknown
hasAllowed: False cancel
hasSuspicious: True check_circle

URLs
Allowed: http://crl.microsoft.com/pki/crl/products/microsoftcodeverifroot.crl0, http://go.microsoft.com/fwlink/?linkid=92362.
hasURLs: True check_circle
Suspicious: http://crl4.digicert.com/sha2-assured-cs-g1.crl0k, http://www.digicert.com/cps0, http://crl3.digicert.com/sha2-assured-cs-g1.crl05, http://cacerts.digicert.com/digicertassuredidrootca.crt0, http://crl3.digicert.com/digicertassuredidrootca.crl0:, http://cacerts.digicert.com/digicertassuredidcodesigningca-1.crt0, http://cacerts.digicert.com/digicertsha2assuredidtimestampingca.crt0, http://ocsp.digicert.com0l, http://ocsp.digicert.com0c, http://ocsp.digicert.com0o, http://ocsp.digicert.com0n, http://crl3.digicert.com/digicertassuredidrootca.crl0p, file:///, http://crl3.digicert.com/assured-cs-g1.crl00, http://crl3.digicert.com/digicertassuredidrootca.crl0o, https://www.virtualbox.org/, http://crl3.digicert.com/sha2-assured-ts.crl02, http://cacerts.digicert.com/digicertsha2assuredidcodesigningca.crt0, http://crl4.digicert.com/sha2-assured-ts.crl0, http://crl4.digicert.com/digicertassuredidrootca.crl0, http://www.symantec.com/connect/articles/creating-application-control-exclusions-symantec-endpoint-protection-121., http://crl4.digicert.com/digicertassuredidrootca.crl0:, http://crl4.digicert.com/assured-cs-g1.crl0l, https://www.digicert.com/cps0, http://www.digicert.com/ssl-cps-repository.htm0
hasAllowed: True check_circle
hasSuspicious: True check_circle

Files
Allowed: kernel32.dll, ntdll.dll, WUSER32.DLL, ws2_32.dll, mscoree.dll, UxTheme.dll, VBoxHook.dll, user32.dll, SHELL32.dll, ole32.dll, advapi32.dll, WTSAPI32.DLL, GDI32.dll, psapi.dll, userenv.dll, wsock32.dll
hasFiles: True check_circle
Suspicious: ./VBoxGAs-%04d-%02d-%02d-%02d-%02d-%02d.%03d-%s-%d.log
hasAllowed: True check_circle
hasSuspicious: True check_circle

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 1217536
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 1705495
Suspicous: False cancel

Sections
Allowed: .text, .bss, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 1
Suspicious: False cancel
Image
Version: False cancel
Suspicious: 1
Linker
Version: 10.0
Suspicious: False cancel
Subsystem
Version: 3.10
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 78223
Suspicious: False cancel

Anomalies
Anomalies
hasAnomalies: False cancel

Libraries
Allowed: kernel32.dll, ntdll.dll, ws2_32.dll, mscoree.dll, uxtheme.dll, user32.dll, shell32.dll, ole32.dll, advapi32.dll, wtsapi32.dll, gdi32.dll, psapi.dll, userenv.dll, wsock32.dll
hasLibs: True check_circle
Suspicious: wuser32.dll, vboxhook.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2021-07-28 13:27:37
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: False cancel

PEDetector
Matches
None
Suspicious
False cancel
Disassembly
hasTricks
True check_circle
Tricks
ldr
.text: 3

pushret
.rsrc: 42
.text: 2
.rdata: 10

pushpopmath
.rsrc: 22
.rdata: 1025
.reloc: 61

sizeofimage
.text: 3

ss register
.rsrc: 3

garbagebytes
.rsrc: 15
.text: 2
.rdata: 1

hookdetection
.text: 1
.rdata: 1
.reloc: 1

stealthimport
.text: 2

isdebbugerpresent
.text: 3

software breakpoint
.rsrc: 1
.text: 1
.rdata: 1
.reloc: 24

fakeconditionaljumps
.rsrc: 1

programcontrolflowchange
.rsrc: 14
.text: 2
.rdata: 1

cpuinstructionsresultscomparison
.rsrc: 9
.rdata: 28

AVclass
File
Trace

Process
Trace

Analysis
Reason
Blue Screen

Status
Execution Failed

Results
0

Registry
Trace

File Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Process Summary
Created
Identified: False cancel

Deleted
Identified: False cancel

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: False cancel

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: False cancel

Loading...

DNS
Query

Response

TCP
Info

UDP
Info

HTTP
Info

Summary
DNS
False cancel

TCP
False cancel

UDP
False cancel

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 77.50%
suspicious: False cancel

NFS 3.0 (Threshold = 0.75)
confidence: 72.00%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 68.56%
suspicious: False cancel

Random Forest (100 estimators, NFS-BRMalware)
confidence: 78.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 81.10%
suspicious: False cancel

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 100.00%
suspicious: False cancel

Add to Collection
Download