Windows Analysis Report
dwagent.exe

Overview

General Information

Sample name: dwagent.exe
Analysis ID: 1417350
MD5: de9f6a0056655da1e52bda92aac6b584
SHA1: 03d0cbe3f4beecf468ee738c0a9b7c47529fdb75
SHA256: 50350bce3908539a15a51d661a698e52937348f18fffbfa525dc8baa80315220
Infos:

Detection

Score: 13
Range: 0 - 100
Whitelisted: false
Confidence: 20%

Signatures

Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files

Classification

Uses 32bit PE files
Source: dwagent.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\pyfiles\site-packages\README.txt Jump to behavior
Source: dwagent.exe Static PE information: certificate valid
Source: Binary string: class pdb.Pdb(completekey='tab', stdin=None, stdout=None, skip=None, nosigint=False, readrc=True) source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Changed in version 3.2: ".pdbrc" can now contain commands that source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_uuid.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856359677.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdbAA source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: commands as if given in a ".pdbrc" file, see Debugger Commands. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: import pdb; pdb.Pdb(skip=['django.*']).set_trace() source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: will load .pdbrc files from the filesystem. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856465899.00007FFE12E13000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\win32\winsound.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1s 1 Nov 2022built on: Mon Jan 9 20:43:18 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: dwagent.exe, 00000000.00000003.1655055280.00000000034BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856715888.00007FFE13390000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2857238648.00007FFE1A511000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pyexpat.pdb source: dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856123987.00007FFE11EA6000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: dwagent.exe, 00000000.00000003.1655055280.00000000034BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_bz2.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855484823.00007FFDFF326000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: in the ".pdbrc" file): source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_ctypes.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_zoneinfo.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855826962.00007FFE10252000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_asyncio.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856359677.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc) source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856856267.00007FFE1463D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856633792.00007FFE13208000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_socket.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdbr source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855997673.00007FFE11524000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_zoneinfo.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr
Source: Binary string: Raises an auditing event "pdb.Pdb" with no arguments. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855484823.00007FFDFF326000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in the user source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_queue.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: dwagent.exe, 00000000.00000003.1655055280.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2854391794.00007FFDFB56F000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_elementtree.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\python310.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_overlapped.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2857012515.00007FFE148B3000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_msi.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\python3.pdb source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ~/.pdbrcz source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\select.pdb source: dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855015224.00007FFDFB9B0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856545945.00007FFE130C3000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_hashlib.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_msi.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pythonw.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000000.1658569157.00007FF6B6922000.00000002.00000001.01000000.00000006.sdmp, dwagent.exe, 00000001.00000002.2853859299.00007FF6B6922000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1s 1 Nov 2022built on: Mon Jan 9 20:35:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: dwagent.exe, 00000000.00000003.1655055280.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2854391794.00007FFDFB56F000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851339840.000002380E080000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: dwagent.exe, 00000001.00000002.2854391794.00007FFDFB5F1000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856207371.00007FFE11ECD000.00000002.00000001.01000000.00000011.sdmp
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00425890 wcscpy,wcscat,FindFirstFileW,FindNextFileW,wcscmp,wcscmp,wcscpy,wcscat,wcscat,GetFileAttributesW,DeleteFileW,FindClose,RemoveDirectoryW, 0_2_00425890
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push edi 0_2_0043F040
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push edi 0_2_0043F040
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push ebx 0_2_0043F040
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push esi 0_2_00440089
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then sub esp, 1Ch 0_2_004394B0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push esi 0_2_0043F589
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push ebp 0_2_004466AD
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then mov eax, dword ptr [ecx] 0_2_0043A750
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then mov eax, dword ptr [ecx] 0_2_0043C7E0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push esi 0_2_004447E0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push ebx 0_2_00438977
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push edi 0_2_0043BAF0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push ebx 0_2_00439AB1
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push edi 0_2_0043ECC0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push ebx 0_2_0043ECC0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push edi 0_2_0043ACC0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push esi 0_2_00441DA0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then mov eax, ecx 0_2_00440E60
Source: C:\Users\user\Desktop\dwagent.exe Code function: 4x nop then push ebx 0_2_00437FE7
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC90C3D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then mov r8, qword ptr [rdx+08h] 1_2_6CCD0DC0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCB6D50
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rsi 1_2_6CCA2ED3
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then add rcx, 50h 1_2_6CC2AF10
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC90F3D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC328B0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rsi 1_2_6CCA498F
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then jmp 6CCA6AD0h 1_2_6CCAE922
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rsi 1_2_6CCA2AF3
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCCABD
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCE65C0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then sub rsp, 38h 1_2_6CCCE5D0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rsi 1_2_6CCA65EF
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rsi 1_2_6CCA05F3
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC9060D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCC7BD
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then xor eax, eax 1_2_6CC36751
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCC18D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC321B0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC482C0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCAE249
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbx 1_2_6CCEA260
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC52270
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rsi 1_2_6CCA0223
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC9030D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then mov r8, qword ptr [rdx+08h] 1_2_6CCCE330
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC8FCED
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCA3DA0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCBE8D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push r15 1_2_6CCE9E90
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC33E30
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then jmp 6CC80030h 1_2_6CC87FC2
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then mov r8, qword ptr [r8] 1_2_6CC8DF00
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push r15 1_2_6CCE9E90
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCB86D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC9186D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC8F9ED
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then sub rsp, 38h 1_2_6CCD1B90
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCA3B60
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCE3B13
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then mov qword ptr [rcx+08h], rdx 1_2_6CCCF4F0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCB56D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CC9156D
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rsi 1_2_6CC3B7C0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCD0ED
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then sub rsp, 38h 1_2_6CCCF040
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then sub rsp, 38h 1_2_6CCD1060
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then mov rdx, qword ptr [rdx] 1_2_6CC951C3
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then push rbp 1_2_6CCCD3ED
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 4x nop then mov rdx, qword ptr [rdx] 1_2_6CC9538B
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://bugs.python.org/issue14443z
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
Source: dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: dwagent.exe.0.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
Source: dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://hdl.handle.net/1895.22/1013
Source: dwagent.exe, 00000001.00000002.2852711092.000002380F3AC000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://java.sun.com/dtd/properties.dtd
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1671037574.000002380F5BB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851508325.000002380E5F0000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2852926083.000002380F5E9000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1676945291.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1676542699.000002380F0FB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1671454105.000002380F217000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2852283577.000002380F0F1000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1673642546.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1669028132.000002380F217000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1664421310.000002380EA8F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1668387974.000002380F5BB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2852612754.000002380F2D4000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1676837713.000002380EA43000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1673517066.000002380F2D3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851820354.000002380EA30000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1672444740.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1674014297.000002380EB10000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1676259137.000002380EC88000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2852532261.000002380F1FE000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: http://ocsp.comodoca.com0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0N
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: dwaglnc.exe0.0.dr String found in binary or memory: http://ocsp.sectigo.com0
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.thawte.com0
Source: dwagent.exe, 00000001.00000002.2853366085.0000023811510000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://svn.red-bean.com/bob/macholib/trunk/macholib/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://svn.red-bean.com/bob/macholib/trunk/macholib/o
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cnri.reston.va.us)
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.cwi.nl)
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ibiblio.org/xml/examples/shakespeare/hamlet.xml)
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.ocert.org/advisories/ocert-2011-003.html
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.opensource.org
Source: dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.openssl.org/)
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.python.org/psf/)
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.pythonlabs.com/logos.html
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.rfc-editor.org/rfc/rfc%d.txtz)https://www.python.org/dev/peps/pep-%04d/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.rfc-editor.org/rfc/rfc%d.txtz)https://www.python.org/dev/peps/pep-%04d/rL
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.zope.com).
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/namespacesz.http://xml.org/sax/features/namespace-prefixesz
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.org/sax/features/string-interningz&http://xml.org/sax/features/validationz5http://xml.org
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://xml.python.org/entities/fragment-builder/internalz
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://aiosmtpd.readthedocs.io/)
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851679491.000002380E6F0000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1660043869.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.dwservice.net/dws_site/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://devguide.python.org/grammar/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/%d.%d/libraryNrM
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/%d.%d/libraryNrMc
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://docs.python.org/distutils/
Source: dwaglnc.exe.0.dr String found in binary or memory: https://gcc.gnu.org/bugs/):
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://opensource.org
Source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855015224.00007FFDFB9B0000.00000002.00000001.01000000.00000007.sdmp String found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851679491.000002380E6F0000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1660043869.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://qa.dwservice.net/
Source: dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663638574.000002380EA81000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663593036.000002380EA80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://qa.dwservice.net/z#https://dev.dwservice.net/dws_site/
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000002.2851565002.00000000032FF000.00000004.00000010.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: https://sectigo.com/CPS0
Source: dwagent.exe, 00000000.00000003.1614045521.000000000372A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1614045521.00000000034F0000.00000004.00000020.00020000.00000000.sdmp, dwaglnc.exe.0.dr, dwaglnc.exe0.0.dr String found in binary or memory: https://sectigo.com/CPS0D
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://upload.pypi.org/legacy/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cnri.reston.va.us)
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.cwi.nl)
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D65000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000355F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2853259371.0000023811400000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1667819924.000002380F217000.00000004.00000020.00020000.00000000.sdmp, pt_BR.py.0.dr String found in binary or memory: https://www.dwservice.net
Source: dwagent.exe, 00000001.00000003.1660043869.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/cs/licenses-sources.html
Source: dwagent.exe, 00000001.00000002.2851508325.000002380E5F0000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851508325.000002380E69C000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851820354.000002380EA30000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1667819924.000002380F217000.00000004.00000020.00020000.00000000.sdmp, pt_BR.py.0.dr String found in binary or memory: https://www.dwservice.net/en/licenses-sources.html
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/it/licenses-sources.html
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851679491.000002380E6F0000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1660043869.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/licenses-sources.html
Source: dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663983599.000002380F2FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/licenses-sources.htmlZ
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/pl/licenses-sources.html
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851679491.000002380E6F0000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1660043869.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/privacy-policy.html
Source: dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663983599.000002380F2FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/privacy-policy.htmli
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/sk/licenses-sources.html
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/sv/licenses-sources.html
Source: dwagent.exe, 00000001.00000002.2851679491.000002380E6F0000.00000004.00001000.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1660043869.000002380EA5A000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/terms-and-conditions.html
Source: dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663983599.000002380F2FD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/terms-and-conditions.htmlZ
Source: dwagent.exe, 00000001.00000003.1663593036.000002380EA3B000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663638574.000002380EA81000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1663593036.000002380EA80000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.dwservice.net/z
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D5A000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.000000000354C000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2854673724.00007FFDFB666000.00000002.00000001.01000000.00000012.sdmp, dwagent.exe, 00000001.00000002.2855618634.00007FFDFF35B000.00000002.00000001.01000000.00000013.sdmp String found in binary or memory: https://www.openssl.org/H
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/.
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/psf/)
Source: dwagent.exe, 00000001.00000002.2851508325.000002380E69C000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/psf/license/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/psf/license/)
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.python.org/sigs/distutils-sig/
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.unicode.org/Public/13.0.0/ucd/DerivedCoreProperties.txt
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://xkcd.com/353/c
Contains functionality for read data from the clipboard
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0042A560 PostMessageW,OpenClipboard,EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,SetClipboardData,GlobalUnlock,CloseClipboard, 0_2_0042A560
Contains functionality to modify clipboard data
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0042A560 PostMessageW,OpenClipboard,EmptyClipboard,wcslen,GlobalAlloc,GlobalLock,memcpy,SetClipboardData,GlobalUnlock,CloseClipboard, 0_2_0042A560
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CD1ABDC SetClipboardData, 1_2_6CD1ABDC
Contains functionality to read the clipboard data
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0042A695 OpenClipboard,GetClipboardData,CloseClipboard, 0_2_0042A695
Potential key logger detected (key state polling based)
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00428C10 IsWindowUnicode,DefWindowProcW,PostQuitMessage,GetKeyState,BeginPaint,SetBkMode,SelectObject,EndPaint,DefWindowProcA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_00428C10
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00428B11 GetKeyState,GetKeyState,GetKeyState,GetKeyState, 0_2_00428B11
Detected potential crypto function
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00428C10 0_2_00428C10
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00406047 0_2_00406047
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00409060 0_2_00409060
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0040C060 0_2_0040C060
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00408165 0_2_00408165
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00413190 0_2_00413190
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00417259 0_2_00417259
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00404350 0_2_00404350
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00402380 0_2_00402380
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00447410 0_2_00447410
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0041F439 0_2_0041F439
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_004104E0 0_2_004104E0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00414497 0_2_00414497
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0040A570 0_2_0040A570
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0040858C 0_2_0040858C
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_004355B0 0_2_004355B0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00420650 0_2_00420650
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00408669 0_2_00408669
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00413740 0_2_00413740
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0041F770 0_2_0041F770
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0041687C 0_2_0041687C
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_004168D9 0_2_004168D9
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0041D8A0 0_2_0041D8A0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0041CA27 0_2_0041CA27
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00414AF0 0_2_00414AF0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00416AFC 0_2_00416AFC
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00416AB9 0_2_00416AB9
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00414BCC 0_2_00414BCC
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00411C49 0_2_00411C49
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00407D70 0_2_00407D70
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00409DF0 0_2_00409DF0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0041AE40 0_2_0041AE40
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00405E00 0_2_00405E00
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00418E00 0_2_00418E00
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00413F60 0_2_00413F60
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00409F70 0_2_00409F70
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00405F00 0_2_00405F00
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00416F09 0_2_00416F09
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00405FF0 0_2_00405FF0
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00411F99 0_2_00411F99
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC03870 1_2_6CC03870
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CCEAD90 1_2_6CCEAD90
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CCE4D60 1_2_6CCE4D60
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CCC8EF0 1_2_6CCC8EF0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC26844 1_2_6CC26844
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC40BE0 1_2_6CC40BE0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC38B00 1_2_6CC38B00
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC406D0 1_2_6CC406D0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CCDC616 1_2_6CCDC616
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC4E160 1_2_6CC4E160
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC44270 1_2_6CC44270
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC27D80 1_2_6CC27D80
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC6FEB0 1_2_6CC6FEB0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC219E0 1_2_6CC219E0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC2D9E0 1_2_6CC2D9E0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC1DA20 1_2_6CC1DA20
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC37B30 1_2_6CC37B30
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC370F0 1_2_6CC370F0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC1F150 1_2_6CC1F150
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC532C4 1_2_6CC532C4
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC73350 1_2_6CC73350
Found potential string decryption / allocating functions
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: String function: 6CC29B80 appears 48 times
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: String function: 6CCCA6C0 appears 104 times
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: String function: 6CCE2E40 appears 77 times
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: String function: 6CC29AB0 appears 47 times
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: String function: 6CCE9E50 appears 40 times
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: String function: 6CCE3850 appears 165 times
PE file contains executable resources (Code or Archives)
Source: dwagent.exe.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: dwagent.exe0.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd0.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd0.0.dr Static PE information: Resource name: RT_VERSION type: COM executable for DOS
PE file contains more sections than normal
Source: dwaggdi_x86_64.dll.0.dr Static PE information: Number of sections : 11 > 10
PE file does not import any functions
Source: python3.dll0.0.dr Static PE information: No import functions for PE file found
Source: python3.dll.0.dr Static PE information: No import functions for PE file found
Sample file is different than original file name gathered from version info
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameunicodedata.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewinsound.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_asyncio.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_bz2.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_ctypes.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_decimal.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_elementtree.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_hashlib.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_lzma.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_msi.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_multiprocessing.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_overlapped.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_queue.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_socket.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_ssl.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_uuid.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_zoneinfo.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameunicodedata.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamewinsound.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_asyncio.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_bz2.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_ctypes.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_decimal.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_elementtree.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_hashlib.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_lzma.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_msi.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_multiprocessing.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_overlapped.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_queue.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_socket.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_ssl.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_uuid.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilename_zoneinfo.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepyexpat.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameselect.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003D5A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibcryptoH vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepythonw.exe. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.000000000354C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibcryptoH vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepython310.dll. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dllT vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140_1.dllT vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibsslH vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepython3.dll. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamelibsslH vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepython3.dll. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepyexpat.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameselect.pyd. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepython310.dll. vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamevcruntime140.dllT vs dwagent.exe
Source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenamepythonw.exe. vs dwagent.exe
Source: dwagent.exe Binary or memory string: OriginalFilename vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856157309.00007FFE11EAE000.00000002.00000001.01000000.00000014.sdmp Binary or memory string: OriginalFilename_hashlib.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2851339840.000002380E080000.00000002.00000001.01000000.00000009.sdmp Binary or memory string: OriginalFilenamepython3.dll. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2853875428.00007FF6B6924000.00000002.00000001.01000000.00000006.sdmp Binary or memory string: OriginalFilenamepythonw.exe. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2854673724.00007FFDFB666000.00000002.00000001.01000000.00000012.sdmp Binary or memory string: OriginalFilenamelibcryptoH vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2855618634.00007FFDFF35B000.00000002.00000001.01000000.00000013.sdmp Binary or memory string: OriginalFilenamelibsslH vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856890071.00007FFE14642000.00000002.00000001.01000000.0000000A.sdmp Binary or memory string: OriginalFilename_bz2.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2855899710.00007FFE1025D000.00000002.00000001.01000000.00000016.sdmp Binary or memory string: OriginalFilenamepyexpat.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856582067.00007FFE130C6000.00000002.00000001.01000000.00000010.sdmp Binary or memory string: OriginalFilename_queue.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2857310637.00007FFE1A517000.00000002.00000001.01000000.00000008.sdmp Binary or memory string: OriginalFilenamevcruntime140.dllT vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856497367.00007FFE12E16000.00000002.00000001.01000000.00000017.sdmp Binary or memory string: OriginalFilename_multiprocessing.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856306570.00007FFE11EE5000.00000002.00000001.01000000.00000011.sdmp Binary or memory string: OriginalFilename_ssl.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2855391788.00007FFDFBAB9000.00000002.00000001.01000000.00000007.sdmp Binary or memory string: OriginalFilenamepython310.dll. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856666603.00007FFE13212000.00000002.00000001.01000000.0000000E.sdmp Binary or memory string: OriginalFilename_socket.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856409805.00007FFE126F4000.00000002.00000001.01000000.0000000B.sdmp Binary or memory string: OriginalFilename_lzma.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2857045520.00007FFE148B6000.00000002.00000001.01000000.0000000F.sdmp Binary or memory string: OriginalFilenameselect.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856031902.00007FFE1152D000.00000002.00000001.01000000.00000015.sdmp Binary or memory string: OriginalFilename_elementtree.pyd. vs dwagent.exe
Source: dwagent.exe, 00000001.00000002.2856750833.00007FFE1339D000.00000002.00000001.01000000.0000000C.sdmp Binary or memory string: OriginalFilename_ctypes.pyd. vs dwagent.exe
Source: dwagent.exe.0.dr Binary or memory string: OriginalFilenamepythonw.exe. vs dwagent.exe
Tries to load missing DLLs
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: python310.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: libffi-7.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: libcrypto-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: libssl-1_1.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: mscms.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: coloradapterclient.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: icm32.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Section loaded: textshaping.dll Jump to behavior
Uses 32bit PE files
Source: dwagent.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: classification engine Classification label: clean13.winEXE@6/780@0/0
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7704:120:WilError_03
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ Jump to behavior
Source: dwagent.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\dwagent.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe File read: C:\Users\user\Desktop\dwagent.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\dwagent.exe "C:\Users\user\Desktop\dwagent.exe"
Source: C:\Users\user\Desktop\dwagent.exe Process created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe "C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe" -S -m installer
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\dwagent.exe Process created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe "C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe" -S -m installer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5E5F29CE-E0A8-49D3-AF32-7A7BDC173478}\InProcServer32 Jump to behavior
Source: dwagent.exe Static PE information: certificate valid
Source: dwagent.exe Static file information: File size 13746912 > 1048576
Source: Binary string: class pdb.Pdb(completekey='tab', stdin=None, stdout=None, skip=None, nosigint=False, readrc=True) source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Changed in version 3.2: ".pdbrc" can now contain commands that source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_multiprocessing.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_uuid.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856359677.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb%% source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_ssl.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdbAA source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: commands as if given in a ".pdbrc" file, see Debugger Commands. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: import pdb; pdb.Pdb(skip=['django.*']).set_trace() source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: will load .pdbrc files from the filesystem. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856465899.00007FFE12E13000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: D:\a\1\b\bin\win32\winsound.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 1.1.1s 1 Nov 2022built on: Mon Jan 9 20:43:18 2023 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Program Files (x86)\OpenSSL\lib\engines-1_1"not available source: dwagent.exe, 00000000.00000003.1655055280.00000000034BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856715888.00007FFE13390000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2857238648.00007FFE1A511000.00000002.00000001.01000000.00000008.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pyexpat.pdb source: dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856123987.00007FFE11EA6000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: dwagent.exe, 00000000.00000003.1655055280.00000000034BA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_bz2.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855484823.00007FFDFF326000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: in the ".pdbrc" file): source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_ctypes.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_zoneinfo.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855826962.00007FFE10252000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_asyncio.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856359677.00007FFE126EB000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\win32\unicodedata.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbrc) source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856856267.00007FFE1463D000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856633792.00007FFE13208000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_socket.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\winsound.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdb.Pdbr source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_elementtree.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855997673.00007FFE11524000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_zoneinfo.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdbOO source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr
Source: Binary string: Raises an auditing event "pdb.Pdb" with no arguments. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855484823.00007FFDFF326000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: d:\a01\_work\11\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: If a file ".pdbrc" exists in the user source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_lzma.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_queue.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: dwagent.exe, 00000000.00000003.1655055280.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2854391794.00007FFDFB56F000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_elementtree.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\python310.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -c are executed after commands from .pdbrc files. source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_overlapped.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2857012515.00007FFE148B3000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: Initial commands are read from .pdbrc files in your home directory source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_msi.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\python3.pdb source: dwagent.exe, 00000000.00000003.1655055280.00000000035CB000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ~/.pdbrcz source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\select.pdb source: dwagent.exe, 00000000.00000003.1645690661.0000000003321000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\pythonw.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003320000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python310.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000004158000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2855015224.00007FFDFB9B0000.00000002.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856545945.00007FFE130C3000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_decimal.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_hashlib.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000034F7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\win32\_msi.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000035B0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pythonw.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003924000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000000.1658569157.00007FF6B6922000.00000002.00000001.01000000.00000006.sdmp, dwagent.exe, 00000001.00000002.2853859299.00007FF6B6922000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1s 1 Nov 2022built on: Mon Jan 9 20:35:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: dwagent.exe, 00000000.00000003.1655055280.0000000003C6D000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2854391794.00007FFDFB56F000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: dwagent.exe, 00000000.00000003.1655055280.0000000003DE3000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851339840.000002380E080000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: dwagent.exe, 00000001.00000002.2854391794.00007FFDFB5F1000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: dwagent.exe, 00000000.00000003.1645690661.00000000037FC000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2856207371.00007FFE11ECD000.00000002.00000001.01000000.00000011.sdmp
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0042A349 LoadLibraryA,GetProcAddress,FreeLibrary,GetModuleHandleA,LoadImageW,wcscpy,Shell_NotifyIconW,DestroyIcon, 0_2_0042A349
PE file contains sections with non-standard names
Source: libcrypto-1_1.dll.0.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll.0.dr Static PE information: section name: .00cfg
Source: python310.dll.0.dr Static PE information: section name: PyRuntim
Source: libcrypto-1_1.dll0.0.dr Static PE information: section name: .00cfg
Source: libssl-1_1.dll0.0.dr Static PE information: section name: .00cfg
Source: python310.dll0.0.dr Static PE information: section name: PyRuntim
Source: vcruntime140.dll0.0.dr Static PE information: section name: _RDATA
Source: dwaggdi_x86_64.dll.0.dr Static PE information: section name: .xdata
Source: dwaglnc.exe0.0.dr Static PE information: section name: .xdata
Source: dwagsvc.exe0.0.dr Static PE information: section name: .xdata
Drops PE files
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_zoneinfo.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_uuid.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\python310.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_msi.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\libffi-7.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\dwaggdi_x86_64.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\winsound.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_elementtree.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_64\dwaglnc.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_32\dwaglnc.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\dwaggdi_x86_32.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\libffi-7.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_uuid.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_msi.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\winsound.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_queue.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\python310.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_zoneinfo.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\vcruntime140.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\libssl-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\dwagent.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\dwagent.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\libcrypto-1_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_elementtree.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_64\dwagsvc.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_32\dwagsvc.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_queue.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\LICENSE.txt Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe File created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\pyfiles\site-packages\README.txt Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Window / User API: threadDelayed 7127 Jump to behavior
Found dropped PE file which has not been started or loaded
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_zoneinfo.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_uuid.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_msi.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\dwaggdi_x86_64.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\winsound.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_elementtree.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_lzma.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_64\dwaglnc.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_32\dwaglnc.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\select.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_socket.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\dwaggdi_x86_32.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\vcruntime140_1.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\pyexpat.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_uuid.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_bz2.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_msi.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\winsound.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_queue.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_ctypes.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_ssl.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_decimal.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_multiprocessing.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_asyncio.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_zoneinfo.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_overlapped.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\dwagent.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_elementtree.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\unicodedata.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit64\_hashlib.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\python3.dll Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_64\dwagsvc.exe Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtimepy3\bit32\_queue.pyd Jump to dropped file
Source: C:\Users\user\Desktop\dwagent.exe Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\native_win_x86_32\dwagsvc.exe Jump to dropped file
Found large amount of non-executed APIs
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe API coverage: 5.8 %
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe TID: 7680 Thread sleep time: -71270s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00425890 wcscpy,wcscat,FindFirstFileW,FindNextFileW,wcscmp,wcscmp,wcscpy,wcscat,wcscat,GetFileAttributesW,DeleteFileW,FindClose,RemoveDirectoryW, 0_2_00425890
Source: dwagent.exe, 00000001.00000003.1667718716.000002380EACF000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1674014297.000002380EB10000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1668302312.000002380EB16000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1665361147.000002380EB16000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1676673377.000002380EB10000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1671530408.000002380EB11000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1672026025.000002380EB13000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1673461071.000002380EB13000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000002.2851820354.000002380EB10000.00000004.00000020.00020000.00000000.sdmp, dwagent.exe, 00000001.00000003.1671608389.000002380EB13000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW8
Source: dwagent.exe, 00000000.00000002.2851194309.00000000006A8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: dwagent.exe, 00000000.00000003.1611904000.0000000003323000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
Source: dwagent.exe, 00000000.00000002.2851194309.00000000006A8000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}3
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_00007FF6B69217D0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00007FF6B69217D0
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0042A349 LoadLibraryA,GetProcAddress,FreeLibrary,GetModuleHandleA,LoadImageW,wcscpy,Shell_NotifyIconW,DestroyIcon, 0_2_0042A349
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0040115C Sleep,Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_cexit,_amsg_exit,_initterm,GetStartupInfoW,_initterm,exit, 0_2_0040115C
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00401150 Sleep,SetUnhandledExceptionFilter,__p__wcmdln,malloc,malloc,memcpy,__winitenv,_cexit, 0_2_00401150
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00435E40 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort, 0_2_00435E40
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00435E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort, 0_2_00435E3C
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC29F01 SetUnhandledExceptionFilter, 1_2_6CC29F01
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_6CC1B340 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort, 1_2_6CC1B340
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_00007FF6B69217D0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00007FF6B69217D0
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_00007FF6B69212CC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00007FF6B69212CC
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Code function: 1_2_00007FF6B69219B8 SetUnhandledExceptionFilter, 1_2_00007FF6B69219B8
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\dwagent.exe Process created: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe "C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe" -S -m installer Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver" Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0042BA70 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,GetLastError,FreeSid, 0_2_0042BA70
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_0040A450 cpuid 0_2_0040A450
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\codecs.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\codecs.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\codecs.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\aliases.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\aliases.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\aliases.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\utf_8.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\utf_8.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\utf_8.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\cp1252.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\cp1252.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\encodings\cp1252.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\io.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\io.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\io.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\site.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\site.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\site.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\os.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\os.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\os.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\stat.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\stat.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\stat.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_collections_abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_collections_abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_collections_abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ntpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ntpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ntpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\genericpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\genericpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\genericpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_sitebuiltins.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_sitebuiltins.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_sitebuiltins.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\sitecustomize.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\sitecustomize.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\sitecustomize.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\sitecustomize.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\sitecustomize.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\__pycache__\sitecustomize.cpython-310.pyc.2439782870960 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\runpy.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\runpy.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\runpy.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\warnings.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\warnings.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\warnings.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\machinery.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\machinery.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\machinery.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\util.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\util.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\util.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\_abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\_abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\importlib\_abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\contextlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\contextlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\contextlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\keyword.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\keyword.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\keyword.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\operator.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\operator.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\operator.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\reprlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\reprlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\reprlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\functools.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\functools.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\functools.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\types.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\types.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\types.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\__pycache__\installer.cpython-310.pyc.2439788123392 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__pycache__\__init__.cpython-310.pyc.2439788124112 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\installer.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__pycache__ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\__pycache__\installer.cpython-310.pyc.2439788134448 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\messages\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\messages\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\messages\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\messages\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\messages\__init__.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\messages VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\ui\messages\__pycache__\__init__.cpython-310.pyc.2439788136528 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\resources.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\resources.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\resources.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\resources.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\resources.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\__pycache__ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\__pycache__\resources.cpython-310.pyc.2439788127712 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\locale.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\locale.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\locale.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\re.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\re.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\re.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\enum.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\enum.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\enum.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_compile.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_compile.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_compile.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_parse.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_parse.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_parse.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_constants.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_constants.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\sre_constants.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\copyreg.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\copyreg.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\copyreg.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\subprocess.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\subprocess.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\subprocess.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\signal.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\signal.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\signal.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\threading.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\threading.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\threading.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_weakrefset.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_weakrefset.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_weakrefset.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\utils.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\utils.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\utils.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\utils.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\utils.py VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\__pycache__ VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\__pycache__\utils.cpython-310.pyc.2439788350608 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\shutil.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\shutil.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\shutil.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\fnmatch.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\fnmatch.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\fnmatch.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\posixpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\posixpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\posixpath.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\bz2.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\bz2.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\bz2.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_compression.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_compression.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_compression.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\_bz2.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\lzma.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\lzma.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\lzma.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\_lzma.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\zipfile.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\zipfile.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\zipfile.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\struct.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\struct.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\pathlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\pathlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\pathlib.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib\parse.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib\parse.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\urllib\parse.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\platform.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\platform.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\platform.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\traceback.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\traceback.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\traceback.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\linecache.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\linecache.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\linecache.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\tokenize.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\tokenize.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\tokenize.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\token.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\token.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\token.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\_ctypes.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes\_endian.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes\_endian.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\ctypes\_endian.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\weakref.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\weakref.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\weakref.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections\abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections\abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\collections\abc.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\string.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\string.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\string.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging\handlers.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging\handlers.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\logging\handlers.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\socket.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\socket.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\socket.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\_socket.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\selectors.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\selectors.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\selectors.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\select.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\pickle.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\pickle.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\pickle.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_compat_pickle.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_compat_pickle.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\_compat_pickle.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\queue.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\queue.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\queue.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\heapq.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\heapq.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\heapq.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\_queue.pyd VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\copy.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\copy.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\copy.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\base64.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\base64.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\base64.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http\server.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http\server.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\http\server.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\datetime.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\datetime.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\datetime.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email\__init__.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email\utils.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email\utils.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\pyfiles\email\utils.pyc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Queries volume information: C:\Users\user\AppData\Local\Temp\dwagent20240329011021 VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00435D90 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 0_2_00435D90
Source: C:\Users\user\Desktop\dwagent.exe Code function: 0_2_00427520 SetCurrentDirectoryW,SetCurrentDirectoryW,wcslen,SetCurrentDirectoryW,GetTempPathW,MessageBoxW,time,gmtime,wcsftime,wcslen,wcslen,wcslen,CreateDirectoryW,SetCurrentDirectoryW,MessageBoxW,memcpy,memcpy,MessageBoxW,MessageBoxW,memcpy,wcslen,GetModuleHandleA,GetProcAddress,GetCurrentProcess,MoveFileExW,CopyFileW,GetCurrentProcess,MoveFileExW,wcslen,MessageBoxW,wcslen,GetModuleHandleA,GetProcAddress,GetCurrentProcess,MoveFileExW,MoveFileExW,MoveFileExW,GetVersionExA,memcpy,memcpy,MoveFileExW,MoveFileExW, 0_2_00427520
Source: C:\Users\user\AppData\Local\Temp\dwagent20240329011021\runtime\dwagent.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
OS version to string mapping found (often used in BOTs)
Source: dwagent.exe, 00000001.00000002.2853471078.0000023811610000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: is_win_xpce
Source: dwagent.exe, 00000001.00000003.1676542699.000002380F0FB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Zis_win_xpZ
Source: dwagent.exe, 00000001.00000003.1676728505.000002380F2D3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: def is_win_xp(self):
Source: dwagent.exe, 00000001.00000002.2853555530.0000023811750000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: is_win_xp
Source: dwagent.exe, 00000001.00000003.1674330235.000002380F113000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: return (utils.is_windows() and (native.get_instance().is_win_xp()==1 or native.get_instance().is_win_2003_server()==1))
Source: dwagent.exe, 00000001.00000002.2853471078.0000023811610000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: is_win_xp@
Source: dwagent.exe, 00000001.00000002.2852283577.000002380F0F1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Windows.is_win_xpc
Source: dwagent.exe, 00000001.00000002.2853555530.0000023811750000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: is_win_xp z{
Source: dwagent.exe, 00000001.00000002.2852283577.000002380F0F1000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: is_win_xp
Source: dwagent.exe, 00000001.00000002.2853471078.0000023811610000.00000004.00001000.00020000.00000000.sdmp Binary or memory string: Windows.is_win_xp
Source: dwagent.exe, 00000001.00000003.1676542699.000002380F0FB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: r*rFrxryZis_win_xpZ
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1417350 Sample: dwagent.exe Startdate: 29/03/2024 Architecture: WINDOWS Score: 13 7 dwagent.exe 844 2->7         started        file3 16 C:\Users\user\AppData\Local\...\winsound.pyd, PE32+ 7->16 dropped 18 C:\Users\user\AppData\...\vcruntime140_1.dll, PE32+ 7->18 dropped 20 C:\Users\user\AppData\...\vcruntime140.dll, PE32+ 7->20 dropped 22 71 other files (none is malicious) 7->22 dropped 10 dwagent.exe 20 7->10         started        process4 process5 12 cmd.exe 1 10->12         started        process6 14 conhost.exe 12->14         started       
No contacted IP infos