Edit tour

Windows Analysis Report
https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe

Overview

General Information

Sample URL:https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe
Analysis ID:1604271
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Creates HTML files with .exe extension (expired dropper behavior)
Sigma detected: Invoke-Obfuscation CLIP+ Launcher
Sigma detected: Invoke-Obfuscation VAR+ Launcher
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Usage Of Web Request Commands And Cmdlets
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64
  • cmd.exe (PID: 6264 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
    • conhost.exe (PID: 6320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • wget.exe (PID: 5328 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • cleanup
No configs have been found
No yara matches

System Summary

barindex
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 6108, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, ProcessId: 6264, ProcessName: cmd.exe
Source: Process startedAuthor: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 6108, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, ProcessId: 6264, ProcessName: cmd.exe
Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 6108, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1, ProcessId: 6264, ProcessName: cmd.exe
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 140.82.113.3:443 -> 192.168.2.4:55333 version: TLS 1.2

Networking

barindex
Source: C:\Windows\SysWOW64\wget.exeFile created: Scooby.exe.2.dr
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: */*Accept-Encoding: identityHost: github.comConnection: Keep-Alive
Source: global trafficDNS traffic detected: DNS query: github.com
Source: Scooby.exe.2.drString found in binary or memory: http://schema.org/SoftwareSourceCode
Source: Scooby.exe.2.drString found in binary or memory: https://api.github.com/_private/browser/errors
Source: Scooby.exe.2.drString found in binary or memory: https://api.github.com/_private/browser/stats
Source: Scooby.exe.2.drString found in binary or memory: https://avatars.githubusercontent.com
Source: Scooby.exe.2.drString found in binary or memory: https://avatars.githubusercontent.com/u/172450613?v=4
Source: Scooby.exe.2.drString found in binary or memory: https://collector.github.com/github/collect
Source: Scooby.exe.2.drString found in binary or memory: https://desktop.github.com
Source: Scooby.exe.2.drString found in binary or memory: https://docs.github.com
Source: Scooby.exe.2.drString found in binary or memory: https://docs.github.com/
Source: Scooby.exe.2.drString found in binary or memory: https://docs.github.com/get-started/accessibility/keyboard-shortcuts
Source: Scooby.exe.2.drString found in binary or memory: https://docs.github.com/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-
Source: Scooby.exe.2.drString found in binary or memory: https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Source: Scooby.exe.2.drString found in binary or memory: https://docs.github.com/site-policy/github-terms/github-terms-of-service
Source: Scooby.exe.2.drString found in binary or memory: https://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Source: Scooby.exe.2.drString found in binary or memory: https://github-cloud.s3.amazonaws.com
Source: Scooby.exe.2.drString found in binary or memory: https://github.blog
Source: Scooby.exe.2.drString found in binary or memory: https://github.com
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io.git
Source: wget.exe, 00000002.00000002.1694790003.0000000000B18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/m
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe"
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe?raw=tr
Source: wget.exe, 00000002.00000002.1694864311.00000000011E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exeC:
Source: wget.exe, 00000002.00000002.1694864311.00000000011E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exeD
Source: wget.exe, 00000002.00000002.1694948307.0000000002B80000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1694469663.0000000002B7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exeSw
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/raw/refs/heads/main/Scooby.
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/collections
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/customer-stories
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/enterprise
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/enterprise/advanced-security
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/enterprise/startups
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features/actions
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features/code-review
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features/code-search
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features/codespaces
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features/copilot
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features/discussions
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/features/issues
Source: wget.exe, 00000002.00000002.1694908782.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1694489968.0000000002B4A000.00000004.00000020.00020000.00000000.sdmp, Scooby.exe.2.drString found in binary or memory: https://github.com/features/security
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/fluidicon.png
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/pricing
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/readme
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/security
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/solutions/executive-insights
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/team
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/topics
Source: Scooby.exe.2.drString found in binary or memory: https://github.com/trending
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_as
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_m
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-nav
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-5316a27f
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/behaviors-6af14f7fc2ee.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/code-0210be90f4d3.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/code-menu-bfd00ac7c892.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/dark-f65db3e8d171.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/dark_colorblind-01d869f460be.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/dark_dimmed-a8258e3c6dda.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/dark_high_contrast-7e97d834719c.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/dark_tritanopia-cf4cc5f62dfe.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/element-registry-0237e7f19fec.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/environment-04ca94cb6e8a.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/github-8049f990d299.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/github-elements-b487d8db3717.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/global-d579f4a5b443.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/keyboard-shortcuts-dialog-4ac6f562b41b.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/light-7aa84bb7e11e.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/light_colorblind-534f3e971240.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/light_high_contrast-a8cc7d138001.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/light_tritanopia-35e9dfdc4f9f.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/notifications-global-bd5619ba39ac.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/notifications-subscriptions-menu-7eba7d01e0ba.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/octicons-react-611691cca2f6.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/pinned-octocat-093da3e6fa40.svg
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/primer-93aded0ee8a1.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/primer-primitives-d9abecd14f1e.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/primer-react-4f904282b093.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/primer-react.1275b2aabc5faff7be57.module.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/react-code-view-ee858ad8bfe5.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/react-code-view.ab7d8fac328c00e5e0cc.module.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/react-core-5257d05d161f.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/react-lib-f09868a8643f.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/repository-4fce88777fa8.css
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/sessions-fc22c41247ca.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-r
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-ui
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_commit-attribution_index_ts-ui_packages_commit-ch
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_copilot-chat_utils_copilot-chat-types_ts-ui_packa
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_diffs_diff-parts_ts-b01c1ac6f203.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_failbot_failbot_ts-25697e0f4c47.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_paths_index_ts-a30153db44f6.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_ref-selector_RefSelector_tsx-9f1e57bbb696.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_ui-commands_ui-commands_ts-ac3420ecd15f.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/ui_packages_updatable-content_updatable-content_ts-439f484704
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browser
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-e3180fe3bcb3.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_modu
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-b89b98661809.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_emotion_is-prop-valid_dist_emotion-is-pr
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-po
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_auto-complete-element_dist_index_
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_file-attachment-element_dist_inde
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_j
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_markdown-toolbar-element_dist_ind
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-nod
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_mo
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_text-expander-element_dist_index_
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-e3
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-be8cb88f481b.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_lodash-es__Stack_js-node_modules_lodash-
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_lodash-es__baseIsEqual_js-8929eb9718d5.j
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fn
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-0dbb
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/vendors-node_modules_react-reverse-portal_dist_web_index_js-n
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/assets/wp-runtime-0344c4588f5c.js
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/favicons/favicon
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/favicons/favicon.png
Source: Scooby.exe.2.drString found in binary or memory: https://github.githubassets.com/favicons/favicon.svg
Source: Scooby.exe.2.drString found in binary or memory: https://opengraph.githubassets.com/e4d0b51c1eb5514ae1bda49392596b921da65723764354edf95a7b122b8300ab/
Source: Scooby.exe.2.drString found in binary or memory: https://partner.github.com
Source: Scooby.exe.2.drString found in binary or memory: https://resources.github.com
Source: Scooby.exe.2.drString found in binary or memory: https://resources.github.com/learn/pathways
Source: Scooby.exe.2.drString found in binary or memory: https://skills.github.com
Source: Scooby.exe.2.drString found in binary or memory: https://support.github.com?tags=dotcom-footer
Source: Scooby.exe.2.drString found in binary or memory: https://user-images.githubusercontent.com/
Source: Scooby.exe.2.drString found in binary or memory: https://www.githubstatus.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55333
Source: unknownNetwork traffic detected: HTTP traffic on port 55333 -> 443
Source: unknownHTTPS traffic detected: 140.82.113.3:443 -> 192.168.2.4:55333 version: TLS 1.2
Source: classification engineClassification label: mal52.win@4/2@2/1
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6320:120:WilError_03
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\wget.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: wget.exe, 00000002.00000002.1694790003.0000000000B18000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/raccoonwithlightsaber/raccoonwithlightsaber.github.io/blob/main/scooby.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/raccoonwithlightsaber/raccoonwithlightsaber.github.io/blob/main/scooby.exe"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/raccoonwithlightsaber/raccoonwithlightsaber.github.io/blob/main/scooby.exe" Jump to behavior
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Command and Scripting Interpreter
1
DLL Side-Loading
1
Process Injection
1
Masquerading
OS Credential Dumping1
Security Software Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading
1
Process Injection
LSASS Memory12
System Information Discovery
Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
DLL Side-Loading
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer
Traffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1604271 URL: https://github.com/RACCOONw... Startdate: 01/02/2025 Architecture: WINDOWS Score: 52 15 github.com 2->15 19 Sigma detected: Invoke-Obfuscation CLIP+ Launcher 2->19 21 Sigma detected: Invoke-Obfuscation VAR+ Launcher 2->21 7 cmd.exe 2 2->7         started        signatures3 process4 process5 9 wget.exe 2 7->9         started        13 conhost.exe 7->13         started        dnsIp6 17 github.com 140.82.113.3, 443, 55333 GITHUBUS United States 9->17 23 Creates HTML files with .exe extension (expired dropper behavior) 9->23 signatures7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://resources.github.com/learn/pathways0%Avira URL Cloudsafe
https://skills.github.com0%Avira URL Cloudsafe

Download Network PCAP: filteredfull

NameIPActiveMaliciousAntivirus DetectionReputation
github.com
140.82.113.3
truefalse
    high
    NameMaliciousAntivirus DetectionReputation
    https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exefalse
      high
      NameSourceMaliciousAntivirus DetectionReputation
      https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe?raw=trScooby.exe.2.drfalse
        high
        https://github.githubassets.com/assets/repository-4fce88777fa8.cssScooby.exe.2.drfalse
          high
          https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/mwget.exe, 00000002.00000002.1694790003.0000000000B18000.00000004.00000020.00020000.00000000.sdmpfalse
            high
            https://github.githubassets.com/assets/vendors-node_modules_braintree_browser-detection_dist_browserScooby.exe.2.drfalse
              high
              https://github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_moScooby.exe.2.drfalse
                high
                https://github.githubassets.com/assets/ui_packages_paths_index_ts-a30153db44f6.jsScooby.exe.2.drfalse
                  high
                  https://github.com/customer-storiesScooby.exe.2.drfalse
                    high
                    https://github.com/readmeScooby.exe.2.drfalse
                      high
                      https://github.com/features/code-reviewScooby.exe.2.drfalse
                        high
                        https://github.com/featuresScooby.exe.2.drfalse
                          high
                          https://github.com/features/issuesScooby.exe.2.drfalse
                            high
                            https://user-images.githubusercontent.com/Scooby.exe.2.drfalse
                              high
                              https://opengraph.githubassets.com/e4d0b51c1eb5514ae1bda49392596b921da65723764354edf95a7b122b8300ab/Scooby.exe.2.drfalse
                                high
                                https://github.githubassets.com/assets/vendors-node_modules_react-reverse-portal_dist_web_index_js-nScooby.exe.2.drfalse
                                  high
                                  https://github.githubassets.com/assets/vendors-node_modules_github_mini-throttle_dist_index_js-node_Scooby.exe.2.drfalse
                                    high
                                    https://skills.github.comScooby.exe.2.drfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://github.githubassets.com/assets/dark_high_contrast-7e97d834719c.cssScooby.exe.2.drfalse
                                      high
                                      https://github.githubassets.com/assets/vendors-node_modules_github_arianotify-polyfill_ariaNotify-poScooby.exe.2.drfalse
                                        high
                                        https://api.github.com/_private/browser/statsScooby.exe.2.drfalse
                                          high
                                          https://github.githubassets.com/assets/primer-react.1275b2aabc5faff7be57.module.cssScooby.exe.2.drfalse
                                            high
                                            https://github.githubassets.com/assets/wp-runtime-0344c4588f5c.jsScooby.exe.2.drfalse
                                              high
                                              https://github.githubassets.com/assets/keyboard-shortcuts-dialog-4ac6f562b41b.jsScooby.exe.2.drfalse
                                                high
                                                https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover-fnScooby.exe.2.drfalse
                                                  high
                                                  https://github.githubassets.com/assets/app_assets_modules_github_behaviors_ajax-error_ts-app_assets_Scooby.exe.2.drfalse
                                                    high
                                                    https://github.githubassets.com/assets/ui_packages_copilot-chat_utils_copilot-chat-types_ts-ui_packaScooby.exe.2.drfalse
                                                      high
                                                      https://github.githubassets.com/assets/app_assets_modules_github_blob-anchor_ts-ui_packages_code-navScooby.exe.2.drfalse
                                                        high
                                                        https://github.githubassets.com/assets/ui_packages_updatable-content_updatable-content_ts-439f484704Scooby.exe.2.drfalse
                                                          high
                                                          https://github.githubassets.com/assets/ui_packages_commit-attribution_index_ts-ui_packages_commit-chScooby.exe.2.drfalse
                                                            high
                                                            https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/raw/refs/heads/main/Scooby.Scooby.exe.2.drfalse
                                                              high
                                                              https://github.githubassets.com/assets/vendors-node_modules_color-convert_index_js-e3180fe3bcb3.jsScooby.exe.2.drfalse
                                                                high
                                                                https://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntaxScooby.exe.2.drfalse
                                                                  high
                                                                  https://docs.github.com/site-policy/privacy-policies/github-privacy-statementScooby.exe.2.drfalse
                                                                    high
                                                                    https://github.githubassets.com/assets/vendors-node_modules_github_selector-observer_dist_index_esm_Scooby.exe.2.drfalse
                                                                      high
                                                                      https://github.githubassets.com/assets/github-8049f990d299.cssScooby.exe.2.drfalse
                                                                        high
                                                                        https://github.githubassets.com/assets/vendors-node_modules_primer_behaviors_dist_esm_index_mjs-0dbbScooby.exe.2.drfalse
                                                                          high
                                                                          https://github.com/solutions/executive-insightsScooby.exe.2.drfalse
                                                                            high
                                                                            https://github.githubassets.com/assets/code-menu-bfd00ac7c892.jsScooby.exe.2.drfalse
                                                                              high
                                                                              https://github.githubassets.com/favicons/faviconScooby.exe.2.drfalse
                                                                                high
                                                                                https://docs.github.com/get-started/accessibility/keyboard-shortcutsScooby.exe.2.drfalse
                                                                                  high
                                                                                  https://github.com/features/code-searchScooby.exe.2.drfalse
                                                                                    high
                                                                                    https://github.githubassets.com/assets/vendors-node_modules_dompurify_dist_purify_js-b89b98661809.jsScooby.exe.2.drfalse
                                                                                      high
                                                                                      https://github.githubassets.com/assets/element-registry-0237e7f19fec.jsScooby.exe.2.drfalse
                                                                                        high
                                                                                        https://github.githubassets.com/assets/app_assets_modules_github_sticky-scroll-into-view_ts-5316a27fScooby.exe.2.drfalse
                                                                                          high
                                                                                          https://github.githubassets.com/assets/vendors-node_modules_delegated-events_dist_index_js-node_moduScooby.exe.2.drfalse
                                                                                            high
                                                                                            https://avatars.githubusercontent.com/u/172450613?v=4Scooby.exe.2.drfalse
                                                                                              high
                                                                                              https://resources.github.com/learn/pathwaysScooby.exe.2.drfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              unknown
                                                                                              https://github.githubassets.com/assets/vendors-node_modules_github_filter-input-element_dist_index_jScooby.exe.2.drfalse
                                                                                                high
                                                                                                https://github.githubassets.com/assets/notifications-subscriptions-menu.1bcff9205c241e99cff2.module.Scooby.exe.2.drfalse
                                                                                                  high
                                                                                                  https://github.githubassets.com/assets/vendors-node_modules_oddbird_popover-polyfill_dist_popover_jsScooby.exe.2.drfalse
                                                                                                    high
                                                                                                    https://github.com/trendingScooby.exe.2.drfalse
                                                                                                      high
                                                                                                      https://github.githubassets.com/assets/primer-react-4f904282b093.jsScooby.exe.2.drfalse
                                                                                                        high
                                                                                                        https://github.com/enterprise/advanced-securityScooby.exe.2.drfalse
                                                                                                          high
                                                                                                          https://github.githubassets.com/assets/light-7aa84bb7e11e.cssScooby.exe.2.drfalse
                                                                                                            high
                                                                                                            https://github.githubassets.com/assets/dark_colorblind-01d869f460be.cssScooby.exe.2.drfalse
                                                                                                              high
                                                                                                              https://api.github.com/_private/browser/errorsScooby.exe.2.drfalse
                                                                                                                high
                                                                                                                https://github.githubassets.com/assets/dark_tritanopia-cf4cc5f62dfe.cssScooby.exe.2.drfalse
                                                                                                                  high
                                                                                                                  https://github.githubassets.com/assets/light_tritanopia-35e9dfdc4f9f.cssScooby.exe.2.drfalse
                                                                                                                    high
                                                                                                                    https://docs.github.com/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-Scooby.exe.2.drfalse
                                                                                                                      high
                                                                                                                      https://github.com/features/discussionsScooby.exe.2.drfalse
                                                                                                                        high
                                                                                                                        https://docs.github.com/site-policy/github-terms/github-terms-of-serviceScooby.exe.2.drfalse
                                                                                                                          high
                                                                                                                          https://github.com/topicsScooby.exe.2.drfalse
                                                                                                                            high
                                                                                                                            https://github.githubassets.com/assets/octicons-react-611691cca2f6.jsScooby.exe.2.drfalse
                                                                                                                              high
                                                                                                                              https://github.githubassets.com/assets/ui_packages_code-view-shared_hooks_use-canonical-object_ts-uiScooby.exe.2.drfalse
                                                                                                                                high
                                                                                                                                https://github.com/enterprise/startupsScooby.exe.2.drfalse
                                                                                                                                  high
                                                                                                                                  https://github.comScooby.exe.2.drfalse
                                                                                                                                    high
                                                                                                                                    https://partner.github.comScooby.exe.2.drfalse
                                                                                                                                      high
                                                                                                                                      https://github.com/fluidicon.pngScooby.exe.2.drfalse
                                                                                                                                        high
                                                                                                                                        https://github.githubassets.com/assets/light_colorblind-534f3e971240.cssScooby.exe.2.drfalse
                                                                                                                                          high
                                                                                                                                          https://github.githubassets.com/favicons/favicon.pngScooby.exe.2.drfalse
                                                                                                                                            high
                                                                                                                                            https://github.githubassets.com/assets/behaviors-6af14f7fc2ee.jsScooby.exe.2.drfalse
                                                                                                                                              high
                                                                                                                                              https://github.githubassets.com/assets/ui_packages_diffs_diff-parts_ts-b01c1ac6f203.jsScooby.exe.2.drfalse
                                                                                                                                                high
                                                                                                                                                https://github.githubassets.com/assets/global-d579f4a5b443.cssScooby.exe.2.drfalse
                                                                                                                                                  high
                                                                                                                                                  https://github.githubassets.com/Scooby.exe.2.drfalse
                                                                                                                                                    high
                                                                                                                                                    https://github.githubassets.com/assets/light_high_contrast-a8cc7d138001.cssScooby.exe.2.drfalse
                                                                                                                                                      high
                                                                                                                                                      https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exeDwget.exe, 00000002.00000002.1694864311.00000000011E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        https://github.githubassets.com/assets/notifications-global-bd5619ba39ac.jsScooby.exe.2.drfalse
                                                                                                                                                          high
                                                                                                                                                          https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe"Scooby.exe.2.drfalse
                                                                                                                                                            high
                                                                                                                                                            https://github.githubassets.com/assets/ui_packages_ref-selector_RefSelector_tsx-9f1e57bbb696.jsScooby.exe.2.drfalse
                                                                                                                                                              high
                                                                                                                                                              https://github.githubassets.com/assets/github-elements-b487d8db3717.jsScooby.exe.2.drfalse
                                                                                                                                                                high
                                                                                                                                                                https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_Scooby.exe.2.drfalse
                                                                                                                                                                  high
                                                                                                                                                                  https://github.githubassets.com/assets/dark_dimmed-a8258e3c6dda.cssScooby.exe.2.drfalse
                                                                                                                                                                    high
                                                                                                                                                                    https://github.githubassets.com/assets/ui_packages_ui-commands_ui-commands_ts-ac3420ecd15f.jsScooby.exe.2.drfalse
                                                                                                                                                                      high
                                                                                                                                                                      https://github.com/features/actionsScooby.exe.2.drfalse
                                                                                                                                                                        high
                                                                                                                                                                        https://www.githubstatus.com/Scooby.exe.2.drfalse
                                                                                                                                                                          high
                                                                                                                                                                          https://github.com/features/copilotScooby.exe.2.drfalse
                                                                                                                                                                            high
                                                                                                                                                                            https://support.github.com?tags=dotcom-footerScooby.exe.2.drfalse
                                                                                                                                                                              high
                                                                                                                                                                              https://github.githubassets.com/assets/vendors-node_modules_lit-html_lit-html_js-be8cb88f481b.jsScooby.exe.2.drfalse
                                                                                                                                                                                high
                                                                                                                                                                                https://github.githubassets.com/assets/react-core-5257d05d161f.jsScooby.exe.2.drfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  https://github.githubassets.com/assets/vendors-node_modules_lodash-es__Stack_js-node_modules_lodash-Scooby.exe.2.drfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    https://github.githubassets.com/assets/ui_packages_aria-live_aria-live_ts-ui_packages_promise-with-rScooby.exe.2.drfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      https://github.githubassets.com/assets/ui_packages_failbot_failbot_ts-25697e0f4c47.jsScooby.exe.2.drfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        https://github.githubassets.com/assets/app_assets_modules_github_behaviors_task-list_ts-app_assets_mScooby.exe.2.drfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          https://github.githubassets.com/assets/vendors-node_modules_github_markdown-toolbar-element_dist_indScooby.exe.2.drfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            https://github.githubassets.com/assets/primer-93aded0ee8a1.cssScooby.exe.2.drfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              https://github.githubassets.com/assets/vendors-node_modules_github_quote-selection_dist_index_js-nodScooby.exe.2.drfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                https://github.githubassets.com/favicons/favicon.svgScooby.exe.2.drfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  https://github.githubassets.com/assets/notifications-subscriptions-menu-7eba7d01e0ba.jsScooby.exe.2.drfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    https://github.githubassets.com/assets/app_assets_modules_github_behaviors_commenting_edit_ts-app_asScooby.exe.2.drfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      https://collector.github.com/github/collectScooby.exe.2.drfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs
                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        140.82.113.3
                                                                                                                                                                                                        github.comUnited States
                                                                                                                                                                                                        36459GITHUBUSfalse
                                                                                                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                        Analysis ID:1604271
                                                                                                                                                                                                        Start date and time:2025-02-01 01:40:59 +01:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 1m 40s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:urldownload.jbs
                                                                                                                                                                                                        Sample URL:https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:3
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                        Classification:mal52.win@4/2@2/1
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                        • VT rate limit hit for: https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe
                                                                                                                                                                                                        No simulations
                                                                                                                                                                                                        No context
                                                                                                                                                                                                        No context
                                                                                                                                                                                                        No context
                                                                                                                                                                                                        No context
                                                                                                                                                                                                        No context
                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                        Size (bytes):835
                                                                                                                                                                                                        Entropy (8bit):4.46897062506837
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:12:HA+2C/FDYFDbRnk9NS8t5S8tyoT1De5RhKkk1DbfbKFR8kebp9ThDQK6XxnifbKr:30Hpk1fySxePgJ1XbCKk29W1KbCKkFT
                                                                                                                                                                                                        MD5:39C0F1C18A6820DA3A5C14857BEB12DF
                                                                                                                                                                                                        SHA1:39A67D8FE45EAFB761A56420962B5F3069B6B3EE
                                                                                                                                                                                                        SHA-256:2481ADE8A0FA5E820DF84089D1892CB4E724504AC8A079BCE58CB621D5167AB9
                                                                                                                                                                                                        SHA-512:7F1CF38A98026EC21E8D2A1421679F9EE7361C790D447D54E7D4A663AEF3690C85BC87DC0B3CDE32CA24FF7731B3195DE6605DD132909D446230081BD73D79B5
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:--2025-01-31 19:41:51-- https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe..Resolving github.com (github.com)... 140.82.113.3..Connecting to github.com (github.com)|140.82.113.3|:443... connected...HTTP request sent, awaiting response... 200 OK..Length: unspecified [text/html]..Saving to: 'C:/Users/user/Desktop/download/Scooby.exe'.... 0K .......... .......... .......... .......... .......... 275K.. 50K .......... .......... .......... .......... .......... 1014K.. 100K .......... .......... .......... .......... .......... 669K.. 150K .......... .......... .......... .......... .......... 4.83M.. 200K .......... .......... .. 476K=0.4s....2025-01-31 19:41:53 (612 KB/s) - 'C:/Users/user/Desktop/download/Scooby.exe' saved [227404]....
                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1616)
                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                        Size (bytes):227404
                                                                                                                                                                                                        Entropy (8bit):5.413366454917652
                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                        SSDEEP:6144:pWs4bpOL/saqkPV9FH2LtcIDSsmw39svZJT3CqbMrhryf65NRPaCieMjAkvCJv1+:Us4bpOL/saqkPV9FH2LtcIDSsmw39sv9
                                                                                                                                                                                                        MD5:9EA17EE6B050E56FF78F3FA9C8917528
                                                                                                                                                                                                        SHA1:528F10A0A6B787DC6A424E174280C7D7C9A9A0B1
                                                                                                                                                                                                        SHA-256:4AA1AEE038F913B399D2669FD24A736F8A490FACC9248A76CB8F2035C2BA3D4F
                                                                                                                                                                                                        SHA-512:C453F5494F51DB5D08271D7A3AAF96C52628268374AF8BFE3DB351CA2042B7C640DA123120ADB77438A8AABC0C362764B147DE0928050A659E68C7559BF3635E
                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Preview:......<!DOCTYPE html>.<html. lang="en". . data-color-mode="auto" data-light-theme="light" data-dark-theme="dark". data-a11y-animated-images="system" data-a11y-link-underlines="true". . >.... <head>. <meta charset="utf-8">. <link rel="dns-prefetch" href="https://github.githubassets.com">. <link rel="dns-prefetch" href="https://avatars.githubusercontent.com">. <link rel="dns-prefetch" href="https://github-cloud.s3.amazonaws.com">. <link rel="dns-prefetch" href="https://user-images.githubusercontent.com/">. <link rel="preconnect" href="https://github.githubassets.com" crossorigin>. <link rel="preconnect" href="https://avatars.githubusercontent.com">.. ... <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/light-7aa84bb7e11e.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/dark-f65db3e8d171.css" /><link data-color-theme="dark_dimmed" crossorigin="anonymous" m
                                                                                                                                                                                                        No static file info

                                                                                                                                                                                                        Download Network PCAP: filteredfull

                                                                                                                                                                                                        • Total Packets: 103
                                                                                                                                                                                                        • 443 (HTTPS)
                                                                                                                                                                                                        • 53 (DNS)
                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.228454113 CET5533253192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.233376980 CET53553321.1.1.1192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.233453989 CET5533253192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.233472109 CET5533253192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.238300085 CET53553321.1.1.1192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.695832014 CET53553321.1.1.1192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.696794033 CET5533253192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.700556993 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.700603008 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.700675011 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.701836109 CET53553321.1.1.1192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.702075005 CET5533253192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.702290058 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.702305079 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.207974911 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.208058119 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.210196972 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.210217953 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.210613966 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.211605072 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.259334087 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.698443890 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.698509932 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.698579073 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.698611021 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.698662043 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.698683977 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.699318886 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.699352026 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.699398041 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.699405909 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.699446917 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.700059891 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.700694084 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.701308012 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.701314926 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.705293894 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.705545902 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.705595970 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.705605984 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.705652952 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.790762901 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.791196108 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.791258097 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.791290045 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.792310953 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.792371035 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.792386055 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.792951107 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.793026924 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.793036938 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.793894053 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.793930054 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.793946028 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.793956041 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.794001102 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.794775963 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.795299053 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.795360088 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.795368910 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.795753956 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.795799971 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.795808077 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.796413898 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.796438932 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.796459913 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.796471119 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.796514034 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.797183037 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.798507929 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.798552990 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.798562050 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.798963070 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.799005985 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.799014091 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.800228119 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.800268888 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.800276995 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.850615978 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.883599043 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.884005070 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.884058952 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.884080887 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.884332895 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.884411097 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.884421110 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.885538101 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.885572910 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.885591984 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.885601044 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.885658026 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.885664940 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.886452913 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.886509895 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.886517048 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.887489080 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.887516022 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.887554884 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.887568951 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.887641907 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.888360023 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.888417959 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.888513088 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.888523102 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.889147043 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.889184952 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.889194965 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.890069008 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.890100002 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.890120983 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.890129089 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.890178919 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.891056061 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.891110897 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.891139030 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.891179085 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.891189098 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.891230106 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.892060995 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.893048048 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.893079042 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.893095970 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.893105030 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.893166065 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.893172026 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.894068956 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.894100904 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.894124031 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.894133091 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.894186020 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.894984961 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.895047903 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.895124912 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.895133972 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.896050930 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.896075964 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.896115065 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.896123886 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.896179914 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.896980047 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.897030115 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.897102118 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.897109985 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.897944927 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.897973061 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.898000002 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.898008108 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.898117065 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.976440907 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.976792097 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.976852894 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.976874113 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.977194071 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.977253914 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.977263927 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.977760077 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.977803946 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.977813005 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.978588104 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.978612900 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.978636980 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.978646040 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.978693008 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.979120970 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.979952097 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.979979992 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.980001926 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.980005980 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.980015993 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.980048895 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.980832100 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.980873108 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.980880976 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.981740952 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.981770992 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.981781006 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.981789112 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.981829882 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.981836081 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.982654095 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.982675076 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.982707024 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.982716084 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.982758045 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.983444929 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984210968 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984239101 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984252930 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984261036 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984296083 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984303951 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984308958 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984358072 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.984363079 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.985161066 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.985179901 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.985209942 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.985218048 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.985260963 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986036062 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986082077 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986109972 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986116886 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986124992 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986175060 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986181021 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986953020 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.986977100 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987001896 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987010956 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987068892 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987889051 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987936974 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987961054 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987979889 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.987987995 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.988030910 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.988037109 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.988862991 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.988888979 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.988913059 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.988919973 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.988965034 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.989773035 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.989815950 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.989840031 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.989860058 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.989867926 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.989928007 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.990654945 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.990709066 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.990734100 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.990752935 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.990760088 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.990797997 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.991039038 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.991560936 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.991620064 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.991642952 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.991666079 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.991672993 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.991714954 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.992328882 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.992377043 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.992402077 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.992434025 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.992443085 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.992484093 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.993148088 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.993195057 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.993231058 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.993238926 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.993798971 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.993998051 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994041920 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994044065 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994051933 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994082928 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994088888 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994836092 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994865894 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994874001 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994880915 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994920015 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.994925022 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995587111 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995613098 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995624065 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995630980 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995659113 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995672941 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995677948 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.995719910 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.996577978 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:53.996649027 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.009120941 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.069396973 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.069454908 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.069510937 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.069530964 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.069756985 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.069804907 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.071568012 CET55333443192.168.2.4140.82.113.3
                                                                                                                                                                                                        Feb 1, 2025 01:41:54.071590900 CET44355333140.82.113.3192.168.2.4
                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.221357107 CET5685553192.168.2.41.1.1.1
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.228096008 CET53568551.1.1.1192.168.2.4
                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.221357107 CET192.168.2.41.1.1.10x8548Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.233472109 CET192.168.2.41.1.1.10x1Standard query (0)github.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                        Feb 1, 2025 01:41:52.695832014 CET1.1.1.1192.168.2.40x1No error (0)github.com140.82.113.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                        • github.com
                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                        0192.168.2.455333140.82.113.34435328C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC260OUTGET /RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe HTTP/1.1
                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko
                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                        Host: github.com
                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC506INHTTP/1.1 200 OK
                                                                                                                                                                                                        Server: GitHub.com
                                                                                                                                                                                                        Date: Sat, 01 Feb 2025 00:41:53 GMT
                                                                                                                                                                                                        Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                        Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
                                                                                                                                                                                                        ETag: W/"bb2256d145678f69658f03061afa0022"
                                                                                                                                                                                                        Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
                                                                                                                                                                                                        X-Frame-Options: deny
                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                        Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC3305INData Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f
                                                                                                                                                                                                        Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC784INData Raw: 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 5f 67 68 5f 73 65 73 73 3d 71 49 7a 44 74 76 51 54 56 41 4a 6f 50 62 30 74 52 25 32 42 54 49 6d 38 38 61 36 25 32 46 52 4d 6c 53 58 25 32 46 63 47 4c 70 33 39 70 6f 59 35 64 63 69 73 68 65 6c 7a 42 25 32 42 6a 37 4c 48 4a 56 4a 61 35 33 70 33 54 44 70 45 36 66 25 32 42 52 38 5a 4b 70 61 31 56 67 49 35 61 32 51 6e 68 52 53 61 77 35 64 7a 4b 58 56 44 69 69 4a 55 53 7a 71 31 52 6f 25 32 46 58 4d 57 6f 36 63 46 6a 4a 58 66 25 32 46 48 41 75 4f 70 34 36 4f 7a 6b 38 4b 36 50 53 6e 6c 4a 51 4a 76 36 45 62 67 5a 43 42 36 4a 61 59 6f 77 36 39 78 64 55 39 4c 57 48 52 48 4a 50 66 77 54 30 50 53 65 79 78 67 70 6e 74 6b 39 70 4f 73 6b 4e 52 7a 43 25 32 46 59 51 74 56 32 4e 67 64 48 4d 45 63 37 72 63 58 78 45 44 55 77 7a 31 46 72 50
                                                                                                                                                                                                        Data Ascii: Set-Cookie: _gh_sess=qIzDtvQTVAJoPb0tR%2BTIm88a6%2FRMlSX%2FcGLp39poY5dcishelzB%2Bj7LHJVJa53p3TDpE6f%2BR8ZKpa1VgI5a2QnhRSaw5dzKXVDiiJUSzq1Ro%2FXMWo6cFjJXf%2FHAuOp46Ozk8K6PSnlJQJv6EbgZCB6JaYow69xdU9LWHRHJPfwT0PSeyxgpntk9pOskNRzC%2FYQtV2NgdHMEc7rcXxEDUwz1FrP
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 38 30 30 30 0d 0a 0a 0a 0a 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 0a 20 20 6c 61 6e 67 3d 22 65 6e 22 0a 20 20 0a 20 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 6d 6f 64 65 3d 22 61 75 74 6f 22 20 64 61 74 61 2d 6c 69 67 68 74 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 22 20 64 61 74 61 2d 64 61 72 6b 2d 74 68 65 6d 65 3d 22 64 61 72 6b 22 0a 20 20 64 61 74 61 2d 61 31 31 79 2d 61 6e 69 6d 61 74 65 64 2d 69 6d 61 67 65 73 3d 22 73 79 73 74 65 6d 22 20 64 61 74 61 2d 61 31 31 79 2d 6c 69 6e 6b 2d 75 6e 64 65 72 6c 69 6e 65 73 3d 22 74 72 75 65 22 0a 20 20 0a 20 20 3e 0a 0a 0a 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 64 6e 73 2d
                                                                                                                                                                                                        Data Ascii: 8000<!DOCTYPE html><html lang="en" data-color-mode="auto" data-light-theme="light" data-dark-theme="dark" data-a11y-animated-images="system" data-a11y-link-underlines="true" > <head> <meta charset="utf-8"> <link rel="dns-
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 64 61 72 6b 5f 63 6f 6c 6f 72 62 6c 69 6e 64 2d 30 31 64 38 36 39 66 34 36 30 62 65 2e 63 73 73 22 20 2f 3e 3c 6c 69 6e 6b 20 64 61 74 61 2d 63 6f 6c 6f 72 2d 74 68 65 6d 65 3d 22 6c 69 67 68 74 5f 63 6f 6c 6f 72 62 6c 69 6e 64 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 64 61 74 61 2d 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74
                                                                                                                                                                                                        Data Ascii: ia="all" rel="stylesheet" data-href="https://github.githubassets.com/assets/dark_colorblind-01d869f460be.css" /><link data-color-theme="light_colorblind" crossorigin="anonymous" media="all" rel="stylesheet" data-href="https://github.githubassets.com/asset
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 74 73 2f 67 69 74 68 75 62 2d 38 30 34 39 66 39 39 30 64 32 39 39 2e 63 73 73 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 72 65 70 6f 73 69 74 6f 72 79 2d 34 66 63 65 38 38 37 37 37 66 61 38 2e 63 73 73 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62
                                                                                                                                                                                                        Data Ascii: ts/github-8049f990d299.css" /> <link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.githubassets.com/assets/repository-4fce88777fa8.css" /><link crossorigin="anonymous" media="all" rel="stylesheet" href="https://github.github
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 78 5f 77 6f 72 6b 61 72 6f 75 6e 64 22 2c 22 6c 69 66 65 63 79 63 6c 65 5f 6c 61 62 65 6c 5f 6e 61 6d 65 5f 75 70 64 61 74 65 73 22 5d 7d 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 77 70 2d 72 75 6e 74 69 6d 65 2d 30 33 34 34 63 34 35 38 38 66 35 63 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65
                                                                                                                                                                                                        Data Ascii: x_workaround","lifecycle_label_name_updates"]}</script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/wp-runtime-0344c4588f5c.js"></script><script crossorigin="anonymous" defer="de
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 62 73 65 72 76 65 72 5f 64 69 73 74 5f 69 6e 64 65 78 5f 65 73 6d 5f 6a 73 2d 66 36 39 30 66 64 39 61 65 33 64 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6c 61 74 69 76 65 2d 74 69 6d 65 2d 65 6c 65 6d 65 6e 74 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 66 36 64 61 34 62 33 66 61 33 34 63 2e 6a 73 22 3e 3c
                                                                                                                                                                                                        Data Ascii: bserver_dist_index_esm_js-f690fd9ae3d5.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/vendors-node_modules_github_relative-time-element_dist_index_js-f6da4b3fa34c.js"><
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 70 72 69 6d 65 72 5f 76 69 65 77 2d 63 6f 2d 63 34 34 61 36 39 2d 66 30 63 38 61 37 39 35 64 31 66 64 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 67 69 74 68 75 62 2d 65 6c 65 6d 65 6e 74 73 2d 62 34 38 37 64 38 64 62 33 37 31 37 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75
                                                                                                                                                                                                        Data Ascii: -node_modules_primer_view-co-c44a69-f0c8a795d1fd.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/github-elements-b487d8db3717.js"></script><script crossorigin="anonymou
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 72 65 6d 6f 74 65 2d 66 6f 72 6d 5f 64 69 73 74 5f 69 6e 64 65 78 5f 6a 73 2d 6e 6f 64 65 5f 6d 6f 64 75 6c 65 73 5f 64 65 6c 65 67 61 74 65 64 2d 65 76 65 6e 74 73 5f 64 69 73 74 5f 69 6e 64 65 2d 38 39 33 66 39 66 2d 36 63 66 33 33 32 30 34 31 36 62 38 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e
                                                                                                                                                                                                        Data Ascii: github.githubassets.com/assets/vendors-node_modules_github_remote-form_dist_index_js-node_modules_delegated-events_dist_inde-893f9f-6cf3320416b8.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.
                                                                                                                                                                                                        2025-02-01 00:41:53 UTC1370INData Raw: 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 61 6a 61 78 2d 65 72 72 6f 72 5f 74 73 2d 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f 64 75 6c 65 73 5f 67 69 74 68 75 62 5f 62 65 68 61 76 69 6f 72 73 5f 69 6e 63 6c 75 64 65 2d 38 37 61 34 61 65 2d 30 61 36 62 62 30 63 65 32 35 38 36 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 63 72 6f 73 73 6f 72 69 67 69 6e 3d 22 61 6e 6f 6e 79 6d 6f 75 73 22 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 67 69 74 68 75 62 61 73 73 65 74 73 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 61 70 70 5f 61 73 73 65 74 73 5f 6d 6f
                                                                                                                                                                                                        Data Ascii: sets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-87a4ae-0a6bb0ce2586.js"></script><script crossorigin="anonymous" defer="defer" type="application/javascript" src="https://github.githubassets.com/assets/app_assets_mo


                                                                                                                                                                                                        02468s020406080100

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        02468s0.0051015MB

                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                        • File
                                                                                                                                                                                                        • Network

                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                        Start time:19:41:51
                                                                                                                                                                                                        Start date:31/01/2025
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe" > cmdline.out 2>&1
                                                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                        Start time:19:41:51
                                                                                                                                                                                                        Start date:31/01/2025
                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                        Start time:19:41:51
                                                                                                                                                                                                        Start date:31/01/2025
                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\wget.exe
                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                        Commandline:wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/RACCOONwithlightsaber/RACCOONwithlightsaber.github.io/blob/main/Scooby.exe"
                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                        File size:3'895'184 bytes
                                                                                                                                                                                                        MD5 hash:3DADB6E2ECE9C4B3E1E322E617658B60
                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                        No disassembly