Windows Analysis Report
pythoninzoo.exe

Overview

General Information

Sample name:	pythoninzoo.exe
Analysis ID:	1429036
MD5:	3a272e96b2a6682a76021561514d1906
SHA1:	69674411cab38710263415b8d710780f3752bded
SHA256:	934cb0e1c647de2ecfac8f33ec578c133e7a8e7b7e83ff476e082aa92d789894
Tags:	exe
Infos:

Detection

Score:	30
Range:	0 - 100
Whitelisted:	false
Confidence:	0%

Signatures

Contains functionality to infect the boot sector

Found pyInstaller with non standard icon

Hides threads from debuggers

Modifies the context of a thread in another process (thread injection)

Uses the Telegram API (likely for C&C communication)

Binary contains a suspicious time stamp

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to retrieve information about pressed keystrokes

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May check the online IP address of the machine

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

PE file does not import any functions

Potential key logger detected (key state polling based)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\pythoninzoo.exe

Code function: 3_2_70A380F0 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,

3_2_70A380F0

Source: C:\Users\user\AppData\Roaming\datura.exe

Window detected: You can also use the /accepteula command-line switch to accept the EULA.&Agree&Decline&PrintSYSINTERNALS SOFTWARE LICENSE TERMSThese license terms are an agreement between Sysinternals (a wholly owned subsidiary of Microsoft Corporation) and you. Please read them. They apply to the software you are downloading from Sysinternals.com which includes the media on which you received it if any. The terms also apply to any SysinternalsupdatessupplementsInternet-based services and support servicesfor this software unless other terms accompany those items. If so those terms apply.BY USING THE SOFTWARE YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM DO NOT USE THE SOFTWARE.If you comply with these license terms you have the rights below.1.INSTALLATION AND USE RIGHTS. You may install and use any number of copies of the software on your devices.2.Scope of License. The software is licensed not sold. This agreement only gives you some rights to use the software. Sysinternals reserves all other rights. Unless applicable law gives you more rights despite this limitation you may use the software only as expressly permitted in this agreement. In doing so you must comply with any technical limitations in the software that only allow you to use it in certain ways. You may notwork around any technical limitations in the binary versions of the software;reverse engineer decompile or disassemble the binary versions of the software except and only to the extent that applicable law expressly permits despite this limitation;make more copies of the software than specified in this agreement or allowed by applicable law despite this limitation;publish the software for others to copy;rent lease or lend the software;transfer the software or this agreement to any third party; oruse the software for commercial software hosting services.3.SENSITIVE INFORMATION. Please be aware that similar to other debug tools that capture "process state" information files saved by Sysinternals tools may include personally identifiable or other sensitive information (such as usernames passwords paths to files accessed and paths to registry accessed). By using this software you acknowledge that you are aware of this and take sole responsibility for any personally identifiable or other sensitive information provided to Microsoft or any other party through your use of the software.. DOCUMENTATION. Any person that has valid access to your computer or internal network may copy and use the documentation for your internal reference purposes.6.Export Restrictions. The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations end users and end use. For additional information see www.microsoft.com/exporting <<http://www.microsoft.com/exporting>>.7.SUPPORT SERVICES. Because this software is "as is "

Source: pythoninzoo.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\1\s\x64\Release\ZoomIt64.pdbH source: pythoninzoo.exe, 00000003.00000003.1881406882.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881595222.000001DFC9D98000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1882432563.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881675461.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, datura.exe, 00000005.00000000.1883024767.00007FF6DCF61000.00000002.00000001.01000000.00000031.sdmp, datura.exe, 00000005.00000002.3013590578.00007FF6DCF61000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1939983079.00007FFDFB06C000.00000002.00000001.01000000.0000001A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb## source: pythoninzoo.exe, 00000003.00000002.1944446085.00007FFE0CFB9000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbMM source: pythoninzoo.exe, 00000003.00000002.1946971554.00007FFE11EBB000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: ucrtbase.pdb source: pythoninzoo.exe, 00000003.00000002.1942403291.00007FFE007E1000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: pythoninzoo.exe, 00000003.00000002.1944446085.00007FFE0CFB9000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\a\1\s\x64\Release\ZoomIt64.pdb source: pythoninzoo.exe, 00000003.00000003.1881406882.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881595222.000001DFC9D98000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1882432563.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881675461.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, datura.exe, 00000005.00000000.1883024767.00007FF6DCF61000.00000002.00000001.01000000.00000031.sdmp, datura.exe, 00000005.00000002.3013590578.00007FF6DCF61000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb@@ source: pythoninzoo.exe, 00000003.00000002.1941208396.00007FFDFB636000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: pythoninzoo.exe, 00000003.00000002.1940708059.00007FFDFB2D0000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: ~/.pdbrc source: pythoninzoo.exe, 00000003.00000002.1935058788.000001DFC9A50000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: placed in the .pdbrc file): source: pythoninzoo.exe, 00000003.00000003.1919516611.000001DFC86BF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920026971.000001DFC86F0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919879661.000001DFC86E3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1935301022.000001DFC9B90000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925329556.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926769002.000001DFC8718000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1930618672.000001DFC871A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928214617.000001DFC871A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927371506.000001DFC871A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928309183.000001DFC935D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: pdb.Pdb source: pythoninzoo.exe, 00000003.00000002.1935058788.000001DFC9A50000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_tkinter.pdb source: pythoninzoo.exe, 00000003.00000002.1944675720.00007FFE0CFD8000.00000002.00000001.01000000.0000001B.sdmp
Source:	Binary string: -c are executed after commands from .pdbrc files. source: pythoninzoo.exe, 00000003.00000003.1925906376.000001DFC90D4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919850680.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932846690.000001DFC90D4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924041290.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924171198.000001DFC90D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdbGCTL source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: If a file ".pdbrc" exists in your home directory or in the current source: pythoninzoo.exe, 00000003.00000003.1927371506.000001DFC86F2000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919516611.000001DFC86BF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920026971.000001DFC86F0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919879661.000001DFC86E3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928214617.000001DFC8717000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-1_1.pdb source: pythoninzoo.exe, 00000003.00000002.1940708059.00007FFDFB352000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: D:\a\1\b\libssl-1_1.pdb source: pythoninzoo.exe, 00000003.00000002.1941208396.00007FFDFB636000.00000002.00000001.01000000.00000015.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: pythoninzoo.exe, 00000003.00000002.1948140537.00007FFE13263000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: api-ms-win-core-heap-l1-1-0.pdbGCTL source: api-ms-win-core-heap-l1-1-0.dll.0.dr
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1t 7 Feb 2023built on: Thu Feb 9 15:27:40 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: pythoninzoo.exe, 00000003.00000002.1940708059.00007FFDFB2D0000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: Initial commands are read from .pdbrc files in your home directory source: pythoninzoo.exe, 00000003.00000003.1925906376.000001DFC90D4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919850680.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932846690.000001DFC90D4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924041290.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924171198.000001DFC90D1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\a01\_work\12\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: pythoninzoo.exe, 00000003.00000002.1949346591.00007FFE1A461000.00000002.00000001.01000000.00000007.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: pythoninzoo.exe, 00000003.00000002.1948775674.00007FFE13310000.00000002.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: pythoninzoo.exe, 00000003.00000002.1945800720.00007FFE101D6000.00000002.00000001.01000000.00000017.sdmp
Source:	Binary string: .pdbrc source: pythoninzoo.exe, 00000003.00000002.1935058788.000001DFC9A50000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: pythoninzoo.exe, 00000003.00000002.1947571271.00007FFE130C2000.00000002.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python310.pdb source: pythoninzoo.exe, 00000003.00000002.1941583552.00007FFDFB9AF000.00000002.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: pythoninzoo.exe, 00000003.00000002.1945630544.00007FFE0EB52000.00000002.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: pythoninzoo.exe, 00000003.00000002.1947846047.00007FFE13203000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: pythoninzoo.exe, 00000003.00000002.1946971554.00007FFE11EBB000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: pythoninzoo.exe, 00000003.00000002.1948475852.00007FFE1327D000.00000002.00000001.01000000.0000000B.sdmp
Source:	Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr
Source:	Binary string: ucrtbase.pdbUGP source: pythoninzoo.exe, 00000003.00000002.1942403291.00007FFE007E1000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: pythoninzoo.exe, 00000003.00000002.1946732609.00007FFE11518000.00000002.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python3.pdb source: pythoninzoo.exe, 00000003.00000002.1929716969.000001DFC7E90000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: The standard debugger class (pdb.Pdb) is an example. source: pythoninzoo.exe, 00000003.00000003.1882178786.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919240428.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933387801.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925329556.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1921089848.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1880054148.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933995857.000001DFC934B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: pythoninzoo.exe, 00000003.00000002.1945048742.00007FFE0E16D000.00000002.00000001.01000000.00000014.sdmp

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3E7E20 FindFirstFileExW,FindClose,		0_2_00007FF7AA3E7E20
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF2CE40 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,		5_2_00007FF6DCF2CE40

Source: C:\Users\user\Desktop\pythoninzoo.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI69562\tcl\	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI69562\	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	File opened: C:\Users\user\	Jump to behavior

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 4x nop then push rbp		3_2_70A2BD40
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 4x nop then push rbp		3_2_70A2BD40

Networking

Uses the Telegram API (likely for C&C communication)

Source: unknown

DNS query: name: api.telegram.org

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 208.95.112.1 208.95.112.1
Source: Joe Sandbox View	IP Address: 149.154.167.220 149.154.167.220

May check the online IP address of the machine

Source: unknown

DNS query: name: ip-api.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /json?fields=proxy,hosting HTTP/1.1Host: ip-api.comUser-Agent: python-requests/2.31.0Accept-Encoding: gzip, deflateAccept: */*Connection: keep-alive

Source: unknown

DNS traffic detected: queries for: ip-api.com

Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://.../back.jpeg
Source: pythoninzoo.exe, 00000000.00000003.1753271709.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000000.00000003.1753856959.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000000.00000003.1753504722.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000000.00000003.1753009682.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933308628.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919516611.000001DFC86BF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1935574417.000001DFC9BB3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918894360.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920026971.000001DFC86F0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919879661.000001DFC86E3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881857087.000001DFC91E8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918926912.000001DFC9BD1000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925012511.000001DFC9BD3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925463465.000001DFC93A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926540406.000001DFC871F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925329556.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881675461.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1899977584.000001DFC93A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: pythoninzoo.exe, 00000003.00000003.1924642808.000001DFC8A11000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917963819.000001DFC8987000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919411917.000001DFC89CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931330864.000001DFC8A12000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920163901.000001DFC89E6000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920124971.000001DFC89E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: pythoninzoo.exe, 00000003.00000002.1930268012.000001DFC86B2000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919574071.000001DFC8656000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919778837.000001DFC86B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577916/
Source: pythoninzoo.exe, 00000003.00000003.1900948362.000001DFC9E58000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900811070.000001DFC9E6C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900848122.000001DFC9E46000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1902716179.000001DFC9E5D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900685277.000001DFC9E29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: pythoninzoo.exe, 00000003.00000003.1927512906.000001DFC90C0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1929334774.000001DFC643A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928272200.000001DFC6438000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC9070000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927837806.000001DFC641A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919473764.000001DFC6417000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918407600.000001DFC90B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: pythoninzoo.exe, 00000003.00000003.1919210390.000001DFC9283000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: pythoninzoo.exe, 00000003.00000003.1900948362.000001DFC9E58000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900811070.000001DFC9E6C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900848122.000001DFC9E46000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1902716179.000001DFC9E5D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900685277.000001DFC9E29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC931F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931367434.000001DFC8A39000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1899824490.000001DFC8A2A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926800506.000001DFC9320000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920896614.000001DFC8A39000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933879358.000001DFC9320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: pythoninzoo.exe, 00000003.00000003.1923705756.000001DFC90E8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919620119.000001DFC90E6000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932846690.000001DFC90E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC931F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926800506.000001DFC9320000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933879358.000001DFC9320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: pythoninzoo.exe, 00000003.00000003.1927512906.000001DFC90C0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC9070000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918407600.000001DFC90B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: pythoninzoo.exe, 00000000.00000003.1753271709.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919516611.000001DFC86BF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918894360.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920026971.000001DFC86F0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919879661.000001DFC86E3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918926912.000001DFC9BD1000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925012511.000001DFC9BD3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926540406.000001DFC871F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881675461.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: pythoninzoo.exe, 00000003.00000003.1899824490.000001DFC8A2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/p
Source: pythoninzoo.exe, 00000000.00000003.1753009682.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925463465.000001DFC93A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925329556.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1899977584.000001DFC93A3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: pythoninzoo.exe, 00000000.00000003.1753504722.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919516611.000001DFC86BF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1935574417.000001DFC9BB3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920026971.000001DFC86F0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919879661.000001DFC86E3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926540406.000001DFC871F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926703714.000001DFC9BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: pythoninzoo.exe, 00000000.00000003.1753703727.0000018E4F4A5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000000.00000003.1753190200.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000000.00000003.1752944055.0000018E4F4A5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000000.00000003.1753395247.0000018E4F4A5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000000.00000003.1753129605.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1934830733.000001DFC9820000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1882178786.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919240428.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1935058788.000001DFC9A50000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926672458.000001DFC9231000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1923543891.000001DFC91F4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919516611.000001DFC86BF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933387801.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927371506.000001DFC8723000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920026971.000001DFC86F0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919879661.000001DFC86E3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926630166.000001DFC91F8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881857087.000001DFC91E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: pythoninzoo.exe, 00000003.00000002.1934730381.000001DFC96F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: pythoninzoo.exe, 00000003.00000002.1931767871.000001DFC8B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC931F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925845532.000001DFC9333000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933958105.000001DFC933D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927613831.000001DFC933A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://docs.python.org/library/unittest.html
Source: pythoninzoo.exe, 00000003.00000002.1931870910.000001DFC8C90000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://github.com/ActiveState/appdirs
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://goo.gl/zeJZl.
Source: pythoninzoo.exe, 00000000.00000003.1856572026.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924007974.000001DFC913B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: pythoninzoo.exe, 00000003.00000003.1918699200.000001DFC9031000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1923823116.000001DFC903E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: pythoninzoo.exe, 00000003.00000002.1931185481.000001DFC89C5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932705062.000001DFC90B1000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917963819.000001DFC8987000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918511685.000001DFC90A8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918478827.000001DFC908A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC9070000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919681750.000001DFC89A3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1921001293.000001DFC89B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/json?fields=proxy
Source: pythoninzoo.exe, 00000003.00000002.1931972206.000001DFC8DA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: pythoninzoo.exe, 00000003.00000003.1899748219.000001DFC9CAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.es0
Source: pythoninzoo.exe, 00000003.00000003.1899748219.000001DFC9CAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.accv.est
Source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0N
Source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: pythoninzoo.exe, 00000003.00000002.1931767871.000001DFC8B70000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1930867439.000001DFC8870000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: pythoninzoo.exe, 00000003.00000003.1899748219.000001DFC9CAB000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924007974.000001DFC913B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918894360.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931417171.000001DFC8A7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/
Source: pythoninzoo.exe, 00000003.00000002.1931417171.000001DFC8A7B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://repository.swisssign.com/oW
Source: pythoninzoo.exe, 00000003.00000003.1882178786.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919240428.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933387801.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1921089848.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tip.tcl.tk/48)
Source: pythoninzoo.exe, 00000000.00000003.1753785034.0000018E4F4A5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1882178786.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919240428.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933387801.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933117684.000001DFC919F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924737883.000001DFC9198000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925096729.000001DFC9199000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC914D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1921089848.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928341451.000001DFC919E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: pythoninzoo.exe, 00000003.00000002.1935058788.000001DFC9B24000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1936573675.000001DFCA350000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: pythoninzoo.exe, 00000003.00000003.1926703714.000001DFC9BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: pythoninzoo.exe, 00000000.00000003.1753597140.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC931F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925845532.000001DFC9333000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1899748219.000001DFC9CAB000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: pythoninzoo.exe, 00000003.00000003.1902033058.000001DFC9E2B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900685277.000001DFC9E29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: pythoninzoo.exe, 00000003.00000002.1930268012.000001DFC86B2000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919574071.000001DFC8656000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919778837.000001DFC86B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1930268012.000001DFC86B2000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919574071.000001DFC8656000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919778837.000001DFC86B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.accv.es00
Source: pythoninzoo.exe, 00000003.00000002.1931767871.000001DFC8B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: pythoninzoo.exe, 00000003.00000003.1900948362.000001DFC9E58000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900848122.000001DFC9E46000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1930297941.000001DFC86B6000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920265031.000001DFC86B5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919574071.000001DFC8656000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918032438.000001DFC9E5B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900685277.000001DFC9E29000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919778837.000001DFC86B1000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1902884582.000001DFC9E5B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: pythoninzoo.exe, 00000000.00000003.1753856959.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933308628.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881857087.000001DFC91E8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926703714.000001DFC9BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: pythoninzoo.exe, 00000003.00000003.1917888008.000001DFC923B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900848122.000001DFC9E46000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900685277.000001DFC9E29000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918782905.000001DFC9294000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933714517.000001DFC9295000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925561488.000001DFC9295000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900991400.000001DFC9E52000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.firmaprofesional.com/cps0
Source: pythoninzoo.exe, 00000003.00000002.1932705062.000001DFC90B1000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918511685.000001DFC90A8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918478827.000001DFC908A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC9070000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: pythoninzoo.exe, 00000003.00000002.1931564827.000001DFC8AE1000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1922408350.000001DFC8ADA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps
Source: pythoninzoo.exe, 00000003.00000002.1932846690.000001DFC911B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cps0
Source: pythoninzoo.exe, 00000003.00000002.1931564827.000001DFC8AE1000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1922408350.000001DFC8ADA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadisglobal.com/cpsT
Source: pythoninzoo.exe, 00000000.00000003.1753597140.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC931F000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925845532.000001DFC9333000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933308628.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881857087.000001DFC91E8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91B0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1921187056.000001DFC91C6000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926836010.000001DFC91CD000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918564995.000001DFC91B7000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925205894.000001DFC91C6000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918647157.000001DFC91C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://wwwsearch.sf.net/):
Source: pythoninzoo.exe, 00000003.00000002.1936573675.000001DFCA3B8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot6817203487:AAGfQMFh4-TS-WgVyG93ZurdbvwMY8HRyjI/
Source: pythoninzoo.exe, 00000003.00000002.1936573675.000001DFCA3B8000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot6817203487:AAGfQMFh4-TS-WgVyG93ZurdbvwMY8HRyjI/0~
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1937230172.000001DFCAE18000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot6817203487:AAGfQMFh4-TS-WgVyG93ZurdbvwMY8HRyjI/sendPhoto
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1937230172.000001DFCAE18000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot6817203487:AAGfQMFh4-TS-WgVyG93ZurdbvwMY8HRyjI/sendPhotoPIn
Source: pythoninzoo.exe, 00000003.00000003.1882178786.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917888008.000001DFC923B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC921C000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927037781.000001DFC9288000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919210390.000001DFC9283000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://askubuntu.com/questions/697397/python3-is-not-supporting-gtk-module
Source: pythoninzoo.exe, 00000003.00000003.1919745731.000001DFC8FD9000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932223978.000001DFC8FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html
Source: pythoninzoo.exe, 00000003.00000003.1919745731.000001DFC8FD9000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932223978.000001DFC8FDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/pprint.html#pprint.pprint
Source: pythoninzoo.exe, 00000003.00000003.1917963819.000001DFC8987000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932179748.000001DFC8FB0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919745731.000001DFC8FD9000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931767871.000001DFC8B70000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932223978.000001DFC8FDA000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931151486.000001DFC89A8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1923662576.000001DFC89A5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919681750.000001DFC89A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html
Source: pythoninzoo.exe, 00000003.00000002.1930764288.000001DFC8750000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/re.html#re.sub
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: pythoninzoo.exe, 00000003.00000002.1931767871.000001DFC8B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: pythoninzoo.exe, 00000003.00000003.1924773257.000001DFC9195000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925096729.000001DFC9196000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC914D000.00000004.00000020.00020000.00000000.sdmp, __init__.pyc2.0.dr	String found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: pythoninzoo.exe, 00000003.00000003.1861713904.000001DFC7D98000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1929334774.000001DFC643A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928272200.000001DFC6438000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1861765801.000001DFC7D94000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927837806.000001DFC641A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919473764.000001DFC6417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: pythoninzoo.exe, 00000003.00000002.1935058788.000001DFC9B00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/asweigart/pyperclip/issues/55
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: pythoninzoo.exe, 00000003.00000002.1931767871.000001DFC8B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: pythoninzoo.exe, 00000003.00000002.1931972206.000001DFC8DA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packaging
Source: pythoninzoo.exe, 00000003.00000002.1931972206.000001DFC8DA0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pypa/packagingI69562pQ
Source: pythoninzoo.exe, 00000003.00000003.1920340222.000001DFC8674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/pyparsing/pyparsing/wiki
Source: pythoninzoo.exe, 00000003.00000002.1934730381.000001DFC96F0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python-pillow/Pillow/
Source: pythoninzoo.exe, 00000003.00000002.1929885448.000001DFC8210000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1861713904.000001DFC7D98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: pythoninzoo.exe, 00000003.00000003.1919473764.000001DFC6417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: pythoninzoo.exe, 00000003.00000003.1861713904.000001DFC7D98000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1929334774.000001DFC643A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928272200.000001DFC6438000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1861765801.000001DFC7D94000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927837806.000001DFC641A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919473764.000001DFC6417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: pythoninzoo.exe, 00000003.00000003.1861713904.000001DFC7D98000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1929334774.000001DFC643A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1928272200.000001DFC6438000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1861765801.000001DFC7D94000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927837806.000001DFC641A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919473764.000001DFC6417000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: pythoninzoo.exe, 00000003.00000003.1918699200.000001DFC9031000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932305763.000001DFC9031000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920X
Source: pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC914D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919574071.000001DFC8656000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919985976.000001DFC8667000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1923617347.000001DFC8731000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1930222162.000001DFC8675000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920340222.000001DFC8674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: pythoninzoo.exe, 00000003.00000003.1926994327.000001DFC8675000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1921944461.000001DFC91AF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC914D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919574071.000001DFC8656000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919985976.000001DFC8667000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1930222162.000001DFC8675000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920340222.000001DFC8674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: pythoninzoo.exe, 00000003.00000002.1933027166.000001DFC9163000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: pythoninzoo.exe, 00000003.00000003.1924737883.000001DFC9198000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC914D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: pythoninzoo.exe, 00000003.00000003.1923617347.000001DFC8731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: pythoninzoo.exe, 00000003.00000002.1934730381.000001DFC96F0000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC91B8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924869561.000001DFC91B9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/get
Source: pythoninzoo.exe, 00000003.00000003.1879959611.000001DFC8A49000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919805600.000001DFC8B0B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920293887.000001DFC8B1D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881758437.000001DFC8AD9000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931718442.000001DFC8B30000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926578613.000001DFC8B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/post
Source: pythoninzoo.exe, 00000003.00000003.1920505105.000001DFC9085000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924171198.000001DFC90D1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91B0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918564995.000001DFC91B7000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918647157.000001DFC91C3000.00000004.00000020.00020000.00000000.sdmp, request.pyc1.0.dr	String found in binary or memory: https://mahler:8092/site-updates.py
Source: pythoninzoo.exe, 00000003.00000002.1936573675.000001DFCA350000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://mouseinfo.readthedocs.io
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933308628.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881857087.000001DFC91E8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: pythoninzoo.exe, 00000003.00000002.1935058788.000001DFC9B00000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://pyperclip.readthedocs.io/en/latest/index.html#not-implemented-error
Source: pythoninzoo.exe, 00000003.00000002.1941583552.00007FFDFB9AF000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: pythoninzoo.exe, 00000003.00000002.1931767871.000001DFC8B70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: pythoninzoo.exe, 00000003.00000002.1934830733.000001DFC9820000.00000004.00001000.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1879959611.000001DFC8A49000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919805600.000001DFC8B0B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920293887.000001DFC8B1D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881758437.000001DFC8AD9000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931718442.000001DFC8B30000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926578613.000001DFC8B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.io
Source: pythoninzoo.exe, 00000003.00000002.1934830733.000001DFC9820000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://requests.readthedocs.ioP?
Source: pythoninzoo.exe, 00000003.00000003.1924297982.000001DFC8999000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917963819.000001DFC8987000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: pythoninzoo.exe, 00000003.00000002.1936690289.000001DFCA5C0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/a/20982715/185510
Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/18905702/python-ctypes-and-mutable-buffers
Source: pythoninzoo.exe, 00000003.00000003.1917963819.000001DFC8987000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919745731.000001DFC8FD9000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932223978.000001DFC8FDA000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931151486.000001DFC89A8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1923662576.000001DFC89A5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919681750.000001DFC89A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/questions/455434/how-should-i-use-formatmessage-properly-in-c
Source: pythoninzoo.exe, 00000003.00000003.1923705756.000001DFC90E8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919620119.000001DFC90E6000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918085251.000001DFC90CF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1932846690.000001DFC90E8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: pythoninzoo.exe, 00000000.00000003.1753009682.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925463465.000001DFC93A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925329556.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1899977584.000001DFC93A3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1924442878.000001DFC9343000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: pythoninzoo.exe, 00000000.00000003.1753856959.0000018E4F4A4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91D3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1933308628.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1903080407.000001DFC91E5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881857087.000001DFC91E8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900460349.000001DFC91DE000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926703714.000001DFC9BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: pythoninzoo.exe, 00000003.00000003.1924773257.000001DFC9195000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919516611.000001DFC86BF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1925096729.000001DFC9196000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920026971.000001DFC86F0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919879661.000001DFC86E3000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC914D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1923617347.000001DFC8731000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: pythoninzoo.exe, 00000003.00000002.1934630601.000001DFC95D0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyp
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings0yS
Source: pythoninzoo.exe, 00000000.00000003.1856572026.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsN
Source: pythoninzoo.exe, 00000003.00000003.1918894360.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918926912.000001DFC9BD1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20120328125543/http://www.jpegcameras.com/libjpeg/libjpeg-3.html
Source: pythoninzoo.exe, 00000003.00000003.1926961733.000001DFC9BCE000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918894360.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1935689526.000001DFC9BCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.archive.org/web/20240227115053/https://exiv2.org/tags.html)
Source: pythoninzoo.exe, 00000003.00000002.1929373500.000001DFC6456000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919473764.000001DFC6417000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1927744277.000001DFC644F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wiki.debian.org/XDGBaseDirectorySpecification#state
Source: pythoninzoo.exe, 00000000.00000003.1850420095.0000018E4F4D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: pythoninzoo.exe, 00000003.00000003.1926703714.000001DFC9BB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: pythoninzoo.exe, 00000003.00000002.1940963084.00007FFDFB3C9000.00000002.00000001.01000000.00000016.sdmp, pythoninzoo.exe, 00000003.00000002.1941287026.00007FFDFB66B000.00000002.00000001.01000000.00000015.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: pythoninzoo.exe, 00000003.00000003.1879959611.000001DFC8A49000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919805600.000001DFC8B0B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920293887.000001DFC8B1D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881758437.000001DFC8AD9000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931718442.000001DFC8B30000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1926578613.000001DFC8B2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org
Source: pythoninzoo.exe, 00000003.00000003.1900201560.000001DFC91B0000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918564995.000001DFC91B7000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1918647157.000001DFC91C3000.00000004.00000020.00020000.00000000.sdmp, request.pyc1.0.dr	String found in binary or memory: https://www.python.org/
Source: pythoninzoo.exe, 00000003.00000002.1930867439.000001DFC8870000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: pythoninzoo.exe, 00000003.00000002.1929885448.000001DFC8210000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: pythoninzoo.exe, 00000003.00000003.1881406882.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881595222.000001DFC9D98000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1882432563.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881675461.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp, datura.exe, datura.exe, 00000005.00000000.1883101790.00007FF6DCF9A000.00000002.00000001.01000000.00000031.sdmp, datura.exe, 00000005.00000002.3012228835.000001CE25913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sysinternals.com
Source: pythoninzoo.exe, 00000003.00000003.1881406882.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881595222.000001DFC9D98000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1882432563.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1881675461.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sysinternals.com0
Source: datura.exe, 00000005.00000002.3012228835.000001CE25913000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.sysinternals.comz
Source: pythoninzoo.exe, 00000000.00000003.1752577288.0000018E4F4A5000.00000004.00000020.00020000.00000000.sdmp, _EKSBlowfish.pyc.0.dr	String found in binary or memory: https://www.usenix.org/legacy/events/usenix99/provos/provos_html/node4.html
Source: pythoninzoo.exe, 00000003.00000003.1902033058.000001DFC9E2B000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900685277.000001DFC9E29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/
Source: pythoninzoo.exe, 00000003.00000003.1900948362.000001DFC9E58000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900848122.000001DFC9E46000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1902716179.000001DFC9E5D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1900685277.000001DFC9E29000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: pythoninzoo.exe, 00000003.00000003.1926994327.000001DFC8675000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1917614836.000001DFC911A000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1921944461.000001DFC91AF000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920535535.000001DFC914D000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919574071.000001DFC8656000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919985976.000001DFC8667000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1930222162.000001DFC8675000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1920340222.000001DFC8674000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\pythoninzoo.exe

Code function: 3_2_00007FFDFAC376E0 SendMessageW,ClientToScreen,WindowFromPoint,OpenClipboard,GetClipboardOwner,CloseClipboard,

3_2_00007FFDFAC376E0

Contains functionality to modify clipboard data

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC62AD0 OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,	3_2_00007FFDFAC62AD0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC18C00 GlobalAlloc,GlobalLock,memcpy,GlobalUnlock,SetClipboardData,	3_2_00007FFDFAC18C00
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF9AF0 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,GlobalFree,CloseClipboard,GlobalUnlock,SetClipboardData,CloseClipboard,	5_2_00007FF6DCEF9AF0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF174A6 _invalid_parameter_noinfo_noreturn,SwitchToThread,SwitchToThread,SwitchToThread,GetCursorPos,MonitorFromPoint,SwitchToThread,SwitchToThread,SendMessageW,SHGetKnownFolderItem,GetLastError,CoTaskMemFree,SetLastError,_invalid_parameter_noinfo_noreturn,CoTaskMemFree,SwitchToThread,_invalid_parameter_noinfo_noreturn,SwitchToThread,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,CoTaskMemFree,SwitchToThread,SwitchToThread,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GlobalFree,SendMessageW,SwitchToThread,_invalid_parameter_noinfo_noreturn,	5_2_00007FF6DCF174A6
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF1A3F2 SwitchToThread,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GlobalFree,SendMessageW,_invalid_parameter_noinfo_noreturn,	5_2_00007FF6DCF1A3F2

Contains functionality to read the clipboard data

Source: C:\Users\user\AppData\Roaming\datura.exe

Code function: 5_2_00007FF6DCEF7C90 OpenClipboard,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,GlobalUnlock,CloseClipboard,

5_2_00007FF6DCEF7C90

Contains functionality to record screenshots

Source: C:\Users\user\AppData\Roaming\datura.exe

Code function: 5_2_00007FF6DCF0D910 BeginPaint,SetStretchBltMode,StretchBlt,EndPaint,GetSysColorBrush,FillRect,GetObjectW,SetStretchBltMode,StretchBlt,BitBlt,DrawTextW,SelectObject,DrawTextW,SelectObject,DrawTextW,SelectObject,DrawTextW,SelectObject,BitBlt,EndPaint,PostMessageW,PostQuitMessage,GetStockObject,GetObjectW,CreateCompatibleDC,GetDeviceCaps,MulDiv,DeleteDC,SendMessageW,RegisterHotKey,MessageBoxW,RegisterHotKey,MessageBoxW,RegisterHotKey,RegisterHotKey,RegisterHotKey,RegisterHotKey,RegisterHotKey,RegisterHotKey,RegisterHotKey,RegisterHotKey,RegisterHotKey,MessageBoxW,SendMessageW,GetCurrentThread,SetThreadPriority,RegisterWindowMessageW,KillTimer,KillTimer,SetCursorPos,GetCursorPos,SetCursorPos,SendMessageW,SetCursorPos,SetWindowPos,DeleteObject,DeleteDC,SendMessageW,SetForegroundWindow,ClipCursor,SystemParametersInfoW,DeleteObject,DeleteDC,DeleteDC,DeleteDC,DeleteDC,DeleteObject,DeleteObject,DeleteObject,DeleteObject,SetFocus,ShowWindow,InvalidateRect,InvalidateRect,PlaySoundW,SendMessageW,SendMessageW,CreateDCW,GetCursorPos,SendMessageW,PostMessageW,DeleteObject,DeleteDC,GdipAlloc,GdipCreateBitmapFromFile,GdipCreateHBITMAPFromBitmap,SendMessageW,GetLastError,CreateCompatibleDC,SelectObject,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateSolidBrush,FillRect,AlphaBlend,SelectObject,DeleteDC,DeleteObject,ReleaseDC,CreateCompatibleDC,SelectObject,CreateFontIndirectW,CreateFontIndirectW,CreateCompatibleDC,GetDeviceCaps,GetDeviceCaps,CreateBitmap,SelectObject,SetTextColor,SetBkMode,SelectObject,SendMessageW,SetTimer,BringWindowToTop,SetForegroundWindow,SetActiveWindow,SetWindowPos,PostMessageW,DialogBoxParamW,Shell_NotifyIconW,DestroyWindow,DestroyWindow,GetCursorPos,SetCursorPos,DestroyWindow,GetClipCursor,ClipCursor,GetSaveFileNameW,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,SetStretchBltMode,StretchBlt,GdipCreateBitmapFromHBITMAP,GdipGetImageEncodersSize,GdipGetImageEncoders,GdipSaveImageToFile,GetLastError,GdipDisposeImage,DeleteDC,SetCursorPos,ClipCursor,GetCursorPos,DestroyWindow,SetCursorPos,DestroyWindow,CreateCompatibleBitmap,CreateCompatibleDC,SelectObject,SetStretchBltMode,StretchBlt,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,DeleteDC,SendMessageW,GetAsyncKeyState,GetAsyncKeyState,DeleteObject,CreateFontIndirectW,SelectObject,BitBlt,DrawTextW,BitBlt,DrawTextW,BitBlt,InvalidateRect,SendMessageW,SetROP2,CreatePen,SelectObject,SelectObject,DeleteObject,SetRect,SetRect,SetRect,SetROP2,GdipCreateFromHDC,GdipSetSmoothingMode,GdipCreatePen1,GdipSetPenLineCap197819,GdipBitmapUnlockBits,InvalidateRect,CreateDIBSection,CreateCompatibleDC,SelectObject,BitBlt,CreateDIBSection,GetLastError,CreateCompatibleDC,SelectObject,BitBlt,BitBlt,DeleteObject,DeleteDC,SelectObject,DeleteObject,DeleteDC,InvalidateRect,GdipDrawLineI,GdipDeletePen,GdipDeleteGraphics,InvalidateRect,InvalidateRect,BitBlt,BitBlt,DrawTextW,DrawTextW,DrawTextW,InvalidateRect,PostMessageW,Sleep,SetForegroundWindow,GetCursorPos,CreatePopupMenu,Ins

5_2_00007FF6DCF0D910

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\pythoninzoo.exe

Code function: 3_2_00007FFDFAC27B00 ClientToScreen,GetSystemMetrics,GetAsyncKeyState,GetAsyncKeyState,TrackPopupMenu,GetCursorPos,WindowFromPoint,

3_2_00007FFDFAC27B00

Potential key logger detected (key state polling based)

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC2BB70 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,		3_2_00007FFDFAC2BB70
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF17320 GetKeyState,GetKeyState,GetKeyState,SetMessageExtraInfo,SendMessageW,		5_2_00007FF6DCF17320

Contains functionality to communicate with device drivers

Source: C:\Users\user\Desktop\pythoninzoo.exe

Code function: 3_2_70A97091: DeviceIoControl,

3_2_70A97091

Detected potential crypto function

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3E68E0	0_2_00007FF7AA3E68E0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3EA29E	0_2_00007FF7AA3EA29E
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3E7F80	0_2_00007FF7AA3E7F80
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3EA34F	0_2_00007FF7AA3EA34F
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3EDFB0	0_2_00007FF7AA3EDFB0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3EA3C3	0_2_00007FF7AA3EA3C3
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3EA3D2	0_2_00007FF7AA3EA3D2
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3ECC70	0_2_00007FF7AA3ECC70
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3E90C0	0_2_00007FF7AA3E90C0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3E8520	0_2_00007FF7AA3E8520
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3F45BB	0_2_00007FF7AA3F45BB
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3EC650	0_2_00007FF7AA3EC650
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3EA305	0_2_00007FF7AA3EA305
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A0E6F0	3_2_70A0E6F0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A0A7B0	3_2_70A0A7B0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A6FFB0	3_2_70A6FFB0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A0F7C0	3_2_70A0F7C0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3A0A0	3_2_70A3A0A0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3D800	3_2_70A3D800
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3E860	3_2_70A3E860
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A77190	3_2_70A77190
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A27110	3_2_70A27110
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3B110	3_2_70A3B110
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A7D910	3_2_70A7D910
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A23940	3_2_70A23940
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A5E140	3_2_70A5E140
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A43950	3_2_70A43950
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A6E150	3_2_70A6E150
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A35AF0	3_2_70A35AF0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A0F220	3_2_70A0F220
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A38270	3_2_70A38270
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A36250	3_2_70A36250
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A013E0	3_2_70A013E0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A6C330	3_2_70A6C330
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3D310	3_2_70A3D310
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A22360	3_2_70A22360
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A57370	3_2_70A57370
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A6BB70	3_2_70A6BB70
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3EC80	3_2_70A3EC80
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A34C20	3_2_70A34C20
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A6CC15	3_2_70A6CC15
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A24DA0	3_2_70A24DA0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A265B0	3_2_70A265B0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A965E0	3_2_70A965E0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A7DDF0	3_2_70A7DDF0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A38DC0	3_2_70A38DC0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A6EDC0	3_2_70A6EDC0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A7E510	3_2_70A7E510
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A31570	3_2_70A31570
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A22540	3_2_70A22540
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A2BD40	3_2_70A2BD40
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A41D40	3_2_70A41D40
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3B550	3_2_70A3B550
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A436D0	3_2_70A436D0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A07E20	3_2_70A07E20
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A31E30	3_2_70A31E30
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A6D630	3_2_70A6D630
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A29E70	3_2_70A29E70
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A18E40	3_2_70A18E40
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A56FE2	3_2_70A56FE2
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A3CF20	3_2_70A3CF20
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A36F00	3_2_70A36F00
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A40700	3_2_70A40700
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A26F70	3_2_70A26F70
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC25B20	3_2_00007FFDFAC25B20
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAD0BA60	3_2_00007FFDFAD0BA60
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACCDC40	3_2_00007FFDFACCDC40
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACBDBF0	3_2_00007FFDFACBDBF0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC8BBE0	3_2_00007FFDFAC8BBE0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACB9BB0	3_2_00007FFDFACB9BB0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC95BB0	3_2_00007FFDFAC95BB0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC91BD0	3_2_00007FFDFAC91BD0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC9B880	3_2_00007FFDFAC9B880
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC1D9A0	3_2_00007FFDFAC1D9A0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC379C0	3_2_00007FFDFAC379C0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC9FEE0	3_2_00007FFDFAC9FEE0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC53EB0	3_2_00007FFDFAC53EB0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACFDED0	3_2_00007FFDFACFDED0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC93E60	3_2_00007FFDFAC93E60
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC75E90	3_2_00007FFDFAC75E90
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC59E80	3_2_00007FFDFAC59E80
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC8BD30	3_2_00007FFDFAC8BD30
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC13D20	3_2_00007FFDFAC13D20
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC85D50	3_2_00007FFDFAC85D50
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACF7D10	3_2_00007FFDFACF7D10
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC1DD00	3_2_00007FFDFAC1DD00
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC97CA0	3_2_00007FFDFAC97CA0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC89C60	3_2_00007FFDFAC89C60
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACCFE10	3_2_00007FFDFACCFE10
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACFBDD0	3_2_00007FFDFACFBDD0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACEF300	3_2_00007FFDFACEF300
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACF9427	3_2_00007FFDFACF9427
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACA1420	3_2_00007FFDFACA1420
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACF941E	3_2_00007FFDFACF941E
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACF9417	3_2_00007FFDFACF9417
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACF940B	3_2_00007FFDFACF940B
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACF9404	3_2_00007FFDFACF9404
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACC53D0	3_2_00007FFDFACC53D0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC25380	3_2_00007FFDFAC25380
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACF70F0	3_2_00007FFDFACF70F0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC110E0	3_2_00007FFDFAC110E0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC910E0	3_2_00007FFDFAC910E0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACE91F0	3_2_00007FFDFACE91F0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACE71B0	3_2_00007FFDFACE71B0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC31180	3_2_00007FFDFAC31180
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC6B720	3_2_00007FFDFAC6B720
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACCD6F0	3_2_00007FFDFACCD6F0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC3D6D0	3_2_00007FFDFAC3D6D0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACE36D0	3_2_00007FFDFACE36D0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACD14C0	3_2_00007FFDFACD14C0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC81480	3_2_00007FFDFAC81480
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACD7600	3_2_00007FFDFACD7600
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACC0B40	3_2_00007FFDFACC0B40
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACCCB40	3_2_00007FFDFACCCB40
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACC4A60	3_2_00007FFDFACC4A60
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC1AC50	3_2_00007FFDFAC1AC50
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC22C00	3_2_00007FFDFAC22C00
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACBEB80	3_2_00007FFDFACBEB80
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACD48F0	3_2_00007FFDFACD48F0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFACD68E0	3_2_00007FFDFACD68E0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC328B0	3_2_00007FFDFAC328B0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAC768A0	3_2_00007FFDFAC768A0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF08E30	5_2_00007FF6DCF08E30
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF14A00	5_2_00007FF6DCF14A00
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF1AD20	5_2_00007FF6DCF1AD20
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF0D910	5_2_00007FF6DCF0D910
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF232C0	5_2_00007FF6DCF232C0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF2CE40	5_2_00007FF6DCF2CE40
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF35EE4	5_2_00007FF6DCF35EE4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF36EE8	5_2_00007FF6DCF36EE8
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF06D70	5_2_00007FF6DCF06D70
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF44D3C	5_2_00007FF6DCF44D3C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF3ED40	5_2_00007FF6DCF3ED40
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF45D7C	5_2_00007FF6DCF45D7C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF8EE0	5_2_00007FF6DCEF8EE0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF3CE0C	5_2_00007FF6DCF3CE0C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF4B04C	5_2_00007FF6DCF4B04C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF00FF0	5_2_00007FF6DCF00FF0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF360E8	5_2_00007FF6DCF360E8
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF8120	5_2_00007FF6DCEF8120
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF60B0	5_2_00007FF6DCEF60B0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF57FC4	5_2_00007FF6DCF57FC4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF39010	5_2_00007FF6DCF39010
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF0BA90	5_2_00007FF6DCF0BA90
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF35AD4	5_2_00007FF6DCF35AD4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF12AF9	5_2_00007FF6DCF12AF9
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF0CB00	5_2_00007FF6DCF0CB00
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEE1C00	5_2_00007FF6DCEE1C00
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF4A9CC	5_2_00007FF6DCF4A9CC
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF13A09	5_2_00007FF6DCF13A09
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF43A2C	5_2_00007FF6DCF43A2C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF11C37	5_2_00007FF6DCF11C37
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF9BD0	5_2_00007FF6DCEF9BD0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF35CD8	5_2_00007FF6DCF35CD8
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF0AB50	5_2_00007FF6DCF0AB50
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF23BC0	5_2_00007FF6DCF23BC0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF38C0C	5_2_00007FF6DCF38C0C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF07C40	5_2_00007FF6DCF07C40
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF11652	5_2_00007FF6DCF11652
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF0A660	5_2_00007FF6DCF0A660
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEEE5D0	5_2_00007FF6DCEEE5D0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF356C4	5_2_00007FF6DCF356C4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF2550	5_2_00007FF6DCEF2550
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF47724	5_2_00007FF6DCF47724
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF4A538	5_2_00007FF6DCF4A538
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF485F4	5_2_00007FF6DCF485F4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF5561C	5_2_00007FF6DCF5561C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF0B620	5_2_00007FF6DCF0B620
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEE1C00	5_2_00007FF6DCEE1C00
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF017E0	5_2_00007FF6DCF017E0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEE57B0	5_2_00007FF6DCEE57B0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF358C8	5_2_00007FF6DCF358C8
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEEA790	5_2_00007FF6DCEEA790
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF3C900	5_2_00007FF6DCF3C900
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF507B0	5_2_00007FF6DCF507B0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF387D4	5_2_00007FF6DCF387D4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF0880	5_2_00007FF6DCEF0880
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF37280	5_2_00007FF6DCF37280
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF7140	5_2_00007FF6DCEF7140
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF0A1D0	5_2_00007FF6DCF0A1D0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEE1270	5_2_00007FF6DCEE1270
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF174A6	5_2_00007FF6DCF174A6
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF394D4	5_2_00007FF6DCF394D4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEF0390	5_2_00007FF6DCEF0390
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF58510	5_2_00007FF6DCF58510
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF13531	5_2_00007FF6DCF13531
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF1237D	5_2_00007FF6DCF1237D
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCEEF4C0	5_2_00007FF6DCEEF4C0

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: String function: 70A2D400 appears 325 times
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: String function: 70A96CA0 appears 192 times
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: String function: 70A96730 appears 31 times
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: String function: 00007FF7AA3E21D0 appears 44 times
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: String function: 00007FF6DCEEC280 appears 35 times

PE file contains executable resources (Code or Archives)

Source: unicodedata.pyd.0.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

PE file does not import any functions

Source: api-ms-win-core-processenvironment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.0.dr	Static PE information: No import functions for PE file found

Sample file is different than original file name gathered from version info

Source: pythoninzoo.exe, 00000000.00000003.1855380552.0000018E4F4D8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe	Binary or memory string: OriginalFilename vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1939477645.00007FFDFAD62000.00000002.00000001.01000000.0000001D.sdmp	Binary or memory string: OriginalFilenametk86.dllP vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1945957294.00007FFE101DE000.00000002.00000001.01000000.00000017.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000003.1881406882.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameZoomIt.exeH vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1945195776.00007FFE0E185000.00000002.00000001.01000000.00000014.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1942101406.00007FFDFBAB8000.00000002.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilenamepython310.dll. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1939873128.00007FFDFAF48000.00000002.00000001.01000000.0000001C.sdmp	Binary or memory string: OriginalFilenametcl86.dllP vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1946867809.00007FFE11522000.00000002.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1945700282.00007FFE0EB5D000.00000002.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamepyexpat.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1940963084.00007FFDFB3C9000.00000002.00000001.01000000.00000016.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1947077028.00007FFE11EC4000.00000002.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1944576768.00007FFE0CFCA000.00000002.00000001.01000000.0000001F.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1940229043.00007FFDFB071000.00000002.00000001.01000000.0000001A.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000003.1881595222.000001DFC9D98000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameZoomIt.exeH vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000003.1882432563.000001DFC9BE8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameZoomIt.exeH vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1944742287.00007FFE0CFDE000.00000002.00000001.01000000.0000001B.sdmp	Binary or memory string: OriginalFilename_tkinter.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1941287026.00007FFDFB66B000.00000002.00000001.01000000.00000015.sdmp	Binary or memory string: OriginalFilenamelibsslH vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1942480145.00007FFE0081C000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenameucrtbase.dllj% vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1948290407.00007FFE13266000.00000002.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1948567256.00007FFE13282000.00000002.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000003.1881675461.000001DFC9BC4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameZoomIt.exeH vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1948862224.00007FFE1331D000.00000002.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1949493285.00007FFE1A467000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1947663483.00007FFE130C4000.00000002.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilename_uuid.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1947992490.00007FFE13206000.00000002.00000001.01000000.00000010.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs pythoninzoo.exe
Source: pythoninzoo.exe, 00000003.00000002.1929716969.000001DFC7E90000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamepython3.dll. vs pythoninzoo.exe

Source: classification engine

Classification label: sus30.troj.evad.winEXE@8/1027@2/2

Source: C:\Users\user\Desktop\pythoninzoo.exe

Code function: 0_2_00007FF7AA3E7760 GetLastError,FormatMessageW,WideCharToMultiByte,

0_2_00007FF7AA3E7760

Source: C:\Users\user\AppData\Roaming\datura.exe

Code function: 5_2_00007FF6DCEECC80 CoCreateInstance,

5_2_00007FF6DCEECC80

Source: C:\Users\user\Desktop\pythoninzoo.exe

Code function: 3_2_00007FFDFAC17D20 GetModuleHandleW,FindResourceW,LoadResource,LockResource,memcpy,

3_2_00007FFDFAC17D20

Source: C:\Users\user\Desktop\pythoninzoo.exe

File created: C:\Users\user\AppData\Roaming\datura.exe

Source: pythoninzoo.exe	String found in binary or memory: -startline must be less than or equal to -endline
Source: pythoninzoo.exe	String found in binary or memory: -help

Source: unknown	Process created: C:\Users\user\Desktop\pythoninzoo.exe "C:\Users\user\Desktop\pythoninzoo.exe"
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process created: C:\Users\user\Desktop\pythoninzoo.exe "C:\Users\user\Desktop\pythoninzoo.exe"
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process created: C:\Users\user\AppData\Roaming\datura.exe C:\Users\user\AppData\Roaming\datura.exe
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process created: C:\Users\user\Desktop\pythoninzoo.exe "C:\Users\user\Desktop\pythoninzoo.exe"	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process created: C:\Users\user\AppData\Roaming\datura.exe C:\Users\user\AppData\Roaming\datura.exe	Jump to behavior

Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: libffi-7.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: libssl-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: libcrypto-1_1.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: tcl86t.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: tk86t.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: riched32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: magnification.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: structuredquery.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: icu.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: mswb7.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: ddores.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Section loaded: defaultdevicemanager.dll	Jump to behavior

Source: C:\Users\user\AppData\Roaming\datura.exe	Automated click: Agree
Source: C:\Users\user\AppData\Roaming\datura.exe	Automated click: OK

Source: pythoninzoo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: pythoninzoo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: pythoninzoo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: pythoninzoo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: pythoninzoo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: pythoninzoo.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: pythoninzoo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: pythoninzoo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: pythoninzoo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: pythoninzoo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: pythoninzoo.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: pythoninzoo.exe	Static PE information: section name: .buildid
Source: datura.exe.3.dr	Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D4AEE push 6FFDC5D5h; iretd	3_2_00007FFDFA9D4AF4
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D7425 push 60F5C5F1h; iretd	3_2_00007FFDFA9D742D
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D7983 push 6FFDC5CAh; ret	3_2_00007FFDFA9D7989
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D79CF push 6FFDC5C3h; iretd	3_2_00007FFDFA9D79D5
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D76D3 push 6FFDC5D5h; iretd	3_2_00007FFDFA9D76D9
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D4FEA push 6FFDC5C3h; iretd	3_2_00007FFDFA9D4FF0
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D4F9E push 6FFDC5CAh; ret	3_2_00007FFDFA9D4FA4
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFA9D4640 push 60F5C5F1h; iretd	3_2_00007FFDFA9D4648

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d		3_2_70A22B90
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d		3_2_70A227E0

Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\charset_normalizer\md.cp310-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\charset_normalizer\md__mypyc.cp310-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Roaming\datura.exe	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_x25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\ucrtbase.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file

Source: C:\Users\user\AppData\Roaming\datura.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\datura.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Util\_cpuid_c.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-time-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-sysinfo-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-processenvironment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-profile-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-localization-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-utility-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-stdio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-synch-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-handle-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-convert-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-processthreads-l1-1-1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\charset_normalizer\md.cp310-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Util\_strxor.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-conio-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-rtlsupport-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-synch-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\charset_normalizer\md__mypyc.cp310-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-file-l1-2-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-libraryloader-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_x25519.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-environment-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_chacha20.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-file-l2-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-runtime-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-processthreads-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-locale-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-string-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-math-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-process-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-memory-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-timezone-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-heap-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_ARC4.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-namedpipe-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-interlocked-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-core-util-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\api-ms-win-crt-filesystem-l1-1-0.dll	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\pythoninzoo.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI69562\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file

Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Videoku
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware SVGA 3D
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-gap
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmusrvcp
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Video
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmware
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: VMware SVGA 3D0Jw
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmusrvc
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmsrvc
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: pythoninzoo.exe, 00000003.00000002.1934524160.000001DFC94B0000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmware_exit__
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: pythoninzoo.exe, 00000003.00000003.1917963819.000001DFC8987000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000002.1931151486.000001DFC89A8000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1923662576.000001DFC89A5000.00000004.00000020.00020000.00000000.sdmp, pythoninzoo.exe, 00000003.00000003.1919681750.000001DFC89A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareservice
Source: pythoninzoo.exe, 00000003.00000002.1936837828.000001DFCA750000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice0

Source: C:\Users\user\Desktop\pythoninzoo.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 0_2_00007FF7AA3E1160 Sleep,Sleep,_amsg_exit,_initterm,SetUnhandledExceptionFilter,malloc,wcslen,malloc,memcpy,_cexit,exit,	0_2_00007FF7AA3E1160
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_70A95380 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	3_2_70A95380
Source: C:\Users\user\Desktop\pythoninzoo.exe	Code function: 3_2_00007FFDFAD0F7C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FFDFAD0F7C0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF2E580 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_00007FF6DCF2E580
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: 5_2_00007FF6DCF34178 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_00007FF6DCF34178

Source: C:\Users\user\Desktop\pythoninzoo.exe	Thread register set: target process: 6984	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Thread register set: target process: 6984	Jump to behavior
Source: C:\Users\user\Desktop\pythoninzoo.exe	Thread register set: target process: 6984	Jump to behavior

Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: EnumSystemLocalesW,	5_2_00007FF6DCF4BDE4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	5_2_00007FF6DCF54FD0
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: EnumSystemLocalesW,	5_2_00007FF6DCF54AC8
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: GetLocaleInfoEx,FormatMessageA,	5_2_00007FF6DCF2CC60
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: EnumSystemLocalesW,	5_2_00007FF6DCF54B98
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	5_2_00007FF6DCF5476C
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	5_2_00007FF6DCF551B4
Source: C:\Users\user\AppData\Roaming\datura.exe	Code function: GetLocaleInfoW,	5_2_00007FF6DCF4C1D0

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
208.95.112.1	ip-api.com	United States		53334	TUT-ASUS	false
149.154.167.220	api.telegram.org	United Kingdom		62041	TELEGRAMRU	false

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
ip-api.com	208.95.112.1	true
api.telegram.org	149.154.167.220	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

ID:	1429036
Product:	CloudBasic
Start time:	09:00:07
Start date:	20.04.2024
Sample:	pythoninzoo.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	3a272e96b2a6682a76021561514d1906
SHA1:	69674411cab38710263415b8d710780f3752bded
SHA256:	934cb0e1c647de2ecfac8f33ec578c133e7a8e7b7e83ff476e082aa92d789894
Filetype:	Win64 Executable Console (202006/5) 92.65%

Windows Analysis Report pythoninzoo.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Cryptography

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
pythoninzoo.exe