Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin

Overview

General Information

Sample URL:http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin
Analysis ID:856421
Infos:

Detection

Score:1
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AV process strings found (often used to terminate AV products)
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • cmd.exe (PID: 2728 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin" > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 6352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 4796 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • OpenWith.exe (PID: 1172 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: D179D03728E95E040A889F760C1FC402)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Networking
  • System Summary
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection
  • Lowering of HIPS / PFW / Operating System Security Settings

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: wget.exe, 00000002.00000002.243059713.0000000000C65000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.drString found in binary or memory: http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: classification engineClassification label: clean1.win@5/2@0/0
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin"
Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin" Jump to behavior
Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1172:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6352:120:WilError_01
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: wget.exe, 00000002.00000002.243197144.0000000000CA8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlltt4
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin" Jump to behavior
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.23.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreAppList.scale-200.png VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
Source: OpenWith.exe, 00000003.00000003.252142971.000002B4194DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.254512049.000002B4194F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.253254064.000002B4194F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\192.168.2.1\all\procexp.exe
Source: OpenWith.exe, 00000003.00000003.252142971.000002B4194DE000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000002.254512049.000002B4194F6000.00000004.00000020.00020000.00000000.sdmp, OpenWith.exe, 00000003.00000003.253254064.000002B4194F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "c:\users\user\desktop\procexp.exe

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Command and Scripting Interpreter		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local SystemExfiltration Over Other Network MediumData ObfuscationEavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS Memory1
File and Directory Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account Manager11
System Information Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDS1
Remote System Discovery		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 856421 URL: http://sse-global-cdn.akama... Startdate: 29/04/2023 Architecture: WINDOWS Score: 1 5 cmd.exe 2 2->5         started        7 OpenWith.exe 17 9 2->7         started        process3 9 wget.exe 2 5->9         started        11 conhost.exe 5->11         started       

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin0%VirustotalBrowse
http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:37.0.0 Beryl
Analysis ID:856421
Start date and time:2023-04-29 19:13:25 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 3m 22s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:urldownload.jbs
Sample URL:http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin
Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:4
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • HDC enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean1.win@5/2@0/0
EGA Information:Failed
HDC Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Stop behavior analysis, all processes terminated
  • Excluded IPs from analysis (whitelisted): 80.67.82.242, 80.67.82.210
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, a326.dscg2.akamai.net, sse-global-cdn.akamaized.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

TimeTypeDescription
19:14:18API Interceptor1x Sleep call for process: OpenWith.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\Desktop\cmdline.out

Download File
Process:C:\Windows\SysWOW64\cmd.exe
File Type:ASCII text, with CRLF line terminators
Category:modified
Size (bytes):11144
Entropy (8bit):2.400338774490855
Encrypted:false
SSDEEP:48:BNEKGaTizHsgVMCIdYv0vNGaj2fjNasDdBo9udZMtgT6qYLE97LMZx5giCBqhmbb:rBgAYsVGayrN3RWIPd6vG+PgP8AReY
MD5:510E944CF33C72ADCE696B854CD259D8
SHA1:9EEC1DE9C222557AE16A2BF5AE85F496CBBE00AF
SHA-256:7EC1F35EAE79EEBC98AF4D4366F4C6F17345A8AE62174BEFD34197372B8AD6E8
SHA-512:59BC6A0767173C1AF183B59DAEAF4AC4A9DBAE8D90D686571EF2B81C9BCE456859C9B212F6409E3968057DFF464820EDD56AD46EA66FF6151B5B5442D723D331
Malicious:false
Reputation:low
Preview:--2023-04-29 19:14:15-- http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin..Resolving sse-global-cdn.akamaized.net (sse-global-cdn.akamaized.net)... 80.67.82.242, 80.67.82.210..Connecting to sse-global-cdn.akamaized.net (sse-global-cdn.akamaized.net)|80.67.82.242|:80... connected...HTTP request sent, awaiting response... 200 OK..Length: 7004386 (6.7M) [text/plain]..Saving to: 'C:/Users/user/Desktop/download/language_en.json.bin'.... 0K .......... .......... .......... .......... .......... 0% 770K 9s.. 50K .......... .......... .......... .......... .......... 1% 13.9M 5s.. 100K .......... .......... .......... .......... .......... 2% 19.8M 3s.. 150K .......... .......... .......... .......... .......... 2% 17.6M 2s.. 200K .......... .......... .......... .......... .......... 3% 5.11M 2s.. 250K .......... .......... .......... .......... .......... 4% 13.1M 2s.. 300K .......... .......... .......... .......... ..........

C:\Users\user\Desktop\download\language_en.json.bin

Download File
Process:C:\Windows\SysWOW64\wget.exe
File Type:data
Category:dropped
Size (bytes):7004386
Entropy (8bit):5.302062338188823
Encrypted:false
SSDEEP:98304:rdNRQNMScwQVIxXjwNea+Dk5NCL6QTrx0xd6N:wErEOwkfCLXTrx0mN
MD5:EA85751DBDACAA5D0366D3868EAD6117
SHA1:27385E73616B4536045C3BF6F1EB8251E8E8456F
SHA-256:025C4ED060B367E2E25DA743FB7F2AEFC7F2EF566471FF3EB5236FAB11015065
SHA-512:336089805D7307902E76BCBC1139FAB2120BBEA8ADB172E9FC09CCDFD5E6C4CFE4B1384BE5F470E45841C119FEED76BDC12E6E6E890080417E56AD1D00477702
Malicious:false
Reputation:low
Preview:.......)...+item_2021twoyear_hq_lv3_skin_3d_description.......&event_cross_state_schedule_teach_des_2...0....dialog_jp_00_02_05_sarge........plot_story_s6_subtitle_012_5...(....resource_hero_exp_name...8...'item_beast_equipment_material_1_12_name...D...(emode_dialogue_chapter2_begin_3_intercom...a... emode_dialog_building_04_1_becca........chief_gear_divided_persist........item_resource_ammo_2_name.......'dialog_plot_gallery_16_77_08_wrath_cult........event_point_all_speedup_detail...F....emode_dialog_opening_20_sarge........chat_system_optimized_tap_save.../....monster_overseer_kill_step...P...!event_halloween_candy_description.......&id_points_earned_diamonds_monster_kill...t...1research_group_trading_capacity_base_value_4_name.......+event_thanksgiving_pass_upgrade_description........plot_story_s2_subcontent_010_2........event_season3_pass_liner...%...!item_plasma_special_exchange_name...n...6item_beast_stegosaurus_rank_12_equipment_2_description.......%stock_company_gigabit_technol

Static File Info

No static file info

Network Behavior

No network behavior found

Statistics

CPU Usage

051015s020406080100

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

  • File
  • Network

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:19:14:15
Start date:29/04/2023
Path:C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):true
Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin" > cmdline.out 2>&1
Imagebase:0xb0000
File size:232960 bytes
MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Show Windows behavior

Process Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:1
Start time:19:14:15
Start date:29/04/2023
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff745070000
File size:625664 bytes
MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:2
Start time:19:14:15
Start date:29/04/2023
Path:C:\Windows\SysWOW64\wget.exe
Wow64 process (32bit):true
Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://sse-global-cdn.akamaized.net/language/bin/master/1.18.99.12/language_en.json.bin"
Imagebase:0x400000
File size:3895184 bytes
MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Show Windows behavior

File Activities

Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Network Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

General

Target ID:3
Start time:19:14:18
Start date:29/04/2023
Path:C:\Windows\System32\OpenWith.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\OpenWith.exe -Embedding
Imagebase:0x7ff691b60000
File size:111120 bytes
MD5 hash:D179D03728E95E040A889F760C1FC402
Has elevated privileges:false
Has administrator privileges:false
Programmed in:C, C++ or other language
Reputation:low
There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Section Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Mutex Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
Show Windows behavior

Thread Activities

Show Windows behavior

Memory Activities

Show Windows behavior

System Activities

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Disassembly

No disassembly