Edit tour

Windows Analysis Report
https://www.sab.bio

Overview

General Information

Sample URL:	https://www.sab.bio
Analysis ID:	1431292

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1604 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sab.bio/ MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1956,i,1984532232812789500,12582655691002425965,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49750 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.5.88

Source: global traffic	DNS traffic detected: DNS query: www.sab.bio
Source: global traffic	DNS traffic detected: DNS query: use.typekit.net
Source: global traffic	DNS traffic detected: DNS query: p.typekit.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49691
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.151.68:443 -> 192.168.2.17:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.21.200:443 -> 192.168.2.17:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.202.57.177:443 -> 192.168.2.17:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.17:49750 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@14/28@10/129

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.sab.bio/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1956,i,1984532232812789500,12582655691002425965,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 --field-trial-handle=1956,i,1984532232812789500,12582655691002425965,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.sab.bio	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
sab.bio	35.184.103.223	true	false	unknown
www.google.com	142.250.141.104	true	false	high
www.sab.bio	unknown	unknown	false	unknown
use.typekit.net	unknown	unknown	false	high
p.typekit.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.sab.bio/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.184.103.223	sab.bio	United States	15169	GOOGLEUS	false
142.251.2.97	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.251.2.84	unknown	United States	15169	GOOGLEUS	false
142.251.2.94	unknown	United States	15169	GOOGLEUS	false
74.125.137.100	unknown	United States	15169	GOOGLEUS	false
142.251.2.138	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.2.139	unknown	United States	15169	GOOGLEUS	false
142.250.101.94	unknown	United States	15169	GOOGLEUS	false
142.250.141.104	www.google.com	United States	15169	GOOGLEUS	false
23.72.90.137	unknown	United States	16625	AKAMAI-ASUS	false
142.251.2.101	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.4

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1431292
Start date and time:	2024-04-24 19:42:18 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.sab.bio
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@14/28@10/129

Warnings

Exclude process from analysis (whitelisted): SIHClient.exe
Excluded IPs from analysis (whitelisted): 142.251.2.94, 142.251.2.101, 142.251.2.138, 142.251.2.139, 142.251.2.100, 142.251.2.102, 142.251.2.113, 142.251.2.84, 23.72.90.137, 23.72.90.141, 34.104.35.123, 23.72.90.140, 142.251.2.97, 74.125.137.100, 74.125.137.139, 74.125.137.102, 74.125.137.113, 74.125.137.101, 74.125.137.138
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, use-stls.adobe.com.edgesuite.net, edgedl.me.gvt1.com, www.googletagmanager.com, clientservices.googleapis.com, clients.l.google.com, a1988.dscg1.akamai.net, a1874.dscg1.akamai.net, p.typekit.net-stls-v3.edgesuite.net, www.google-analytics.com
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: https://www.sab.bio

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 16:42:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9847829586039154
Encrypted:	false
SSDEEP:
MD5:	F07F830153401F09CE3EE939B3762ED8
SHA1:	E33F07B2EEC2FA76C13EB9A7A05B715AB3FF321F
SHA-256:	2923668DA28E44304DD59856669070941363162389AD18EF4E26C26C3FC499E4
SHA-512:	C0FEF51146DAB4D5A3CC1DD9DC7B3251D30EB5CA1CDEEE6F73560CB37C937100E7716685C3BF281A9A53A872D71CAD18C64E4F46138A161377DF17D41342F77C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....S...n.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XP.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XX............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............tW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 16:42:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.001130751605214
Encrypted:	false
SSDEEP:
MD5:	C358D9639E211A610436978730E1CACF
SHA1:	FDBC2C2ED55A97C6FECDE906A9025028BA803B15
SHA-256:	E5B333D3511B770AE2A6371A17DC487CADAA05A9D5384FB3824D81E01AC7418A
SHA-512:	AB62FBFD200CD24CBE9458D8224FC34AB803EE46FF9514901AB42EF09B4F43154F935EAC8AD89C4FB0B96DC07F18B492A3DCF064027FB65A9E9FC6C857C082F4
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,........n.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XP.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XX............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............tW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.009969781702245
Encrypted:	false
SSDEEP:
MD5:	F05D8F98AD85E6C4797FC1C1CCED5554
SHA1:	FDD0DD0BCDE8F687BEACC9B03349999E09AF5BFD
SHA-256:	51A923BCEE9233F5EF55E70D40182695046AC3EC510449909E1D55BEAE15908E
SHA-512:	CA8CA86959605B196421AE81C4E511AD8275A5881E8B6D600A582D9A4DC99C123B575DD1B09CD3EDAA338911CEC7EB0152113520B75F72767818A588327DD860
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XP.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............tW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 16:42:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.998794387310352
Encrypted:	false
SSDEEP:
MD5:	153D187E39152CE88D0B46CE06A9F828
SHA1:	0F31312705285FE37C7DEBBF69E87FCC5BBE6DF8
SHA-256:	A8827E3F483EB13DF81225FA600DBA17DF8C5D1297272901924749B66E8FB1FC
SHA-512:	A3F7ABEB2A6C1617BDCFE08F59F8B5E246A3C9534F765D6F4E33C97931FC3518A7FF97FA69B33525902D9AFC039A9A97FF345E0099C926E6F2BC543E130DAE8F
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....f4..n.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XP.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XX............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............tW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 16:42:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9890498426407652
Encrypted:	false
SSDEEP:
MD5:	60C10D158A7D9A5A6B4C9B145BA97A2E
SHA1:	2641F3121DABFBBA30ED5A57E038C0FCD5080E9B
SHA-256:	6C9509E273F727EF62DEC58A34BEB73DEEF9A24FFAA840F13756DBA3B45736F1
SHA-512:	5EFB774C954AF6760CF417AF39D01BC46DA7FFC9C0F99338FB5FFAE5EF898C080CC4BFCE16A4DA422694FA716ACF65B4081AA5EC17F36752F7D27BF4F5102D8A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....:...n.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XP.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XX............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............tW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 16:42:47 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.001984933155819
Encrypted:	false
SSDEEP:
MD5:	6B1AD77C8EA98C0ADD49C40AF2834EFA
SHA1:	A70A341F7F31A0FFABC001403A91040FC97BBA84
SHA-256:	C3AE09319CC3A34F8A4CAA7293FCF3C3B293F75C8D4E0A4D547E7D40FB79AB6E
SHA-512:	0D8F02F3995DC68E18148759D2788228FB950338FC8AADFB694B351A81FD5743AB4A609DEB8374BC4577812797880C26C99329E8729F5FB90E3EE3DF9F2D017A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....b...n.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I.XP.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XW.....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V.XW.....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V.XW............................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V.XX............................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............tW......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 18772, version 1.0
Category:	downloaded
Size (bytes):	18772
Entropy (8bit):	7.986480650609917
Encrypted:	false
SSDEEP:
MD5:	8D41E1438D5F31D000D34CB76AA85D57
SHA1:	DE50EDB1955BB2ACAD132DB180D5E8F21D9671D2
SHA-256:	54ACBC6AE7B97FB62A5A2EED9725437D15640EF829074F9350E906B4E478733E
SHA-512:	A113DC3C0F3CB401A6F060DDD375676986E9831FDD9764A82A8AFF6CEE06D73D86E2BF45D02A1CB9C47CA3098A3A64C6DC04CF5EF6098C8E6EE31A410810C9DB
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/e2f97c/00000000000000003b9ae809/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Preview:	wOF2......IT..........H.........................?DYNAc?GDYNe.......`..H.<..b.....8..E.....6.$..4. ..........=.eD.i{.......\|.T.2!.^5 ~...../..&>.y.}..>..jv......rOJ.BE.....z.IK.I.7..a.T...R.}}..)t.T...J7.1m.za....2C%.G.z<..<.[..\.y..?/y.I.,....,.I.+P,..b..4Eu]...v...[.....g.3.v..@.......9.I.$.,.l."....K.}w..m..h`L..DR..>..;.hA.b..U..:..._.(_..^....?....w'....A...;Q....v.<..]J;`H....-.....:....`..).LR0.2.`0mSd....b....R.Q^J.`...mJ.d...M..s.)M.(.k.t...2..&....d.u.`.0 )......V;.....1..C74....g..3.q.P...E.p$.N..{...`.(iC./.,..Hn....b.Cw...e(....+.m........j.S.......5......P.I......k....~...{....E\|...m..O....-.u..........d.7oeN..z..."....l.%}..=$..A....HK.xgEZf.N1.+!#e29;{x...m.../...?,...l.~HGb.H.O.Xyfq._.`O`Ae`b.DQD.DY~Nv.`ve.x.dRw{vRp`NZAJBn.P.pF...'.?.A%.f.C..0..#..U..4...TW.`/..-...}&........Jn.x.J....N...S.4k...~.8lN-....M..r....y..]...s...E.R...,\!j.=.C.T.M._.I.]vL.D1.......>.9.........-t..^..iXD......d."."....8j\f.n.{...-..7.b..[...6l.B/

Chrome Cache Entry: 102

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4179)
Category:	downloaded
Size (bytes):	243412
Entropy (8bit):	5.5630096921564105
Encrypted:	false
SSDEEP:
MD5:	9FAC55F150E6CA8DEB225E2F19676C0F
SHA1:	132C9B53CBF04DF65823024D54AE95F9711EE692
SHA-256:	D98B0174111038DF9A4B127DB932EAD4BD4318022E75006C1449F9DE44C98B2D
SHA-512:	C55AF8EF89C5DC80C3487111CE0ACE7E68B5D549FCA65294E2AD80406ED94A1E884E289E5E964846E11964473F7BE3BE9EF92F946D8CD2511AFC6FD4A490F5AF
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-Z4TCK2MQ81&l=dataLayer&cx=c
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":0,"function":"__c","vtp_value":0},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":6,"vtp_value":true,"tag_id":16},{"function":"__ogt_referral_exclusion","priority":6,"vtp_includeConditions":["list","sabbiotherapeutics\\.com"],"tag_id":18},{"function":"__ogt_session_timeout","priority":6,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":19},{"function":"__ogt_1p_data_v2","priority":6,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_emailType":

Chrome Cache Entry: 104

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, baseline, precision 8, 1200x810, components 3
Category:	dropped
Size (bytes):	98097
Entropy (8bit):	7.759876184779279
Encrypted:	false
SSDEEP:
MD5:	58A196CF06A0B99E1F0AC5145E7616EA
SHA1:	F3C576A9AC316E26B8D2E66206F15699537856FF
SHA-256:	32221A0E375D19F4709D919BFCEE116624E3CF74452920F352BD21C5DC406746
SHA-512:	0B665E3A34FC70FB56734DE177D253D53FA32CEF8328C7EFCDE733B02C5591F2A671EDE4ADE83CF1C0543C9F0BAA00F84EB0435BF8D867E3E30698B94E6A2795
Malicious:	false
Reputation:	unknown
Preview:	..................................................................................................................................................Adobe.d...........*............................................................................................!1.A.."Qa2q.#B..R...3b..r..$C...4..%S.5T.........................!1A.."Qa2q.....#BR....b...3C.............?...@ .\|N...tmeE.p{\.3.p..8q.8.V....c.4.<S..=W...).h..e..K....w...o.6....X].U..1..[!..Q@.".....-..aQ..s/{...`.....QT.....P[$.G.l...'[.v..t. ..ZFA. ..B!T.....)......syL...s.S.<q.4....0T.PR..5UP..R....#X....k..?e2T\..Y.$..x...>.wA..(x{..k....=.3R.....p/.Zt..<.2........n....,...GK....H&..es..f..v8..M>.._s[..zz.. .u.S..s.b.po...-q.....99!ut.&\....f..GS8.;.... ..]"...3.f.o..8sc.=...4.....>....~...9=c.l. .....,..PT9.{... ........}.....:....:.5.k..qe.TM.=A.4f.B.!.ys..o..t.]/M....z.n............Z.!....}}E#..;....yMwu.:...>....%.

Chrome Cache Entry: 105

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	404
Entropy (8bit):	4.6101441441696
Encrypted:	false
SSDEEP:
MD5:	49519DCD59BC6A7FDE008AF43977DAFA
SHA1:	F0E90A7A98CC53B4FAABD2F5972CADC48496F0FE
SHA-256:	A461A8558F8109BB33B01C5228592F856F5D1BD4F8882745DC73AB77553F4B3D
SHA-512:	D4DCD771C75305FB6CEBE26EE2F86A0E6B405F7FFA97AF703D874BA255876F502424A29871E1DFEAEC217A1473D73E34C923C02CFC22CBF781C64DCAF07D1084
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-content/plugins/sab-news-api/js/script.js?ver=1.0.2
Preview:	jQuery( document ).ready(function($) {. if ($("#js_news").length) {. var timestamp = Date.now();. var jqxhr = $.ajax( {. url: '/sab-news-feed',. data: {t: timestamp},. type: 'GET',. cache: false,. } ). .done(function() {. $("#js_news").html(jqxhr.responseText);. }). .fail(function() {. console.log('error fetching news feed'). });. }.});.

Chrome Cache Entry: 106

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (516)
Category:	downloaded
Size (bytes):	6925
Entropy (8bit):	5.1918077040513575
Encrypted:	false
SSDEEP:
MD5:	738BD4DFE383BEDE9D8088059C55F407
SHA1:	435AA39A5F546F006BD59B296C3129A66D8C74E9
SHA-256:	353F9FE4641F643B9C83AB593D127B28B63209CF0B14F47C105C0082E4E1E7B8
SHA-512:	B80483F9672FCFD8756ECA943545CCD0FCE0D018B53C8EE1283AAEB544D1A948E185DFB2B1E202F6709B5220D415479AB7E8E8BF1F8FE3EAF07C35D36ABCAF27
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/myi0pua.css
Preview:	/. The Typekit service used to deliver this font or fonts for use on websites. * is provided by Adobe and is subject to these Terms of Use. * http://www.adobe.com/products/eulas/tou_typekit. For font license. * information, see the list below.. . interstate:. * - http://typekit.com/eulas/00000000000000003b9ae7f4. * - http://typekit.com/eulas/00000000000000003b9ae7f5. * - http://typekit.com/eulas/00000000000000003b9ae7f6. * - http://typekit.com/eulas/00000000000000003b9ae7f7. * - http://typekit.com/eulas/00000000000000003b9ae7f8. * - http://typekit.com/eulas/00000000000000003b9ae7f9. * interstate-condensed:. * - http://typekit.com/eulas/00000000000000003b9ae809. * - http://typekit.com/eulas/00000000000000003b9ae80c. * - http://typekit.com/eulas/00000000000000003b9ae80d. . . 2009-2024 Adobe Systems Incorporated. All Rights Reserved.. /./{"last_published":"2020-02-19 06:58:50 UTC"}*/..@import url("https://p.typekit.net/p.css?s=1&k=myi0pua&ht=tk&f=31141.31142.

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (57196)
Category:	downloaded
Size (bytes):	110147
Entropy (8bit):	4.920389651812489
Encrypted:	false
SSDEEP:
MD5:	0234D0A7685AEFA6FD06041FBD602928
SHA1:	CBCBA60AA82286DD1F877CB8BD5B5CC047F82CE0
SHA-256:	0085ADFD2D08A45F62A06D8F3F969DDC4A94EBE8D226511DB90AA038F11ED180
SHA-512:	298B4324851F0D9662A48EF2FA74E65CD78FB4BC69191B05E70C254B6CC196719E7F35FE3E882857026FCFA260F0A5B1208E964EE9F42A9DD2E2FED0ACB070D1
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
Preview:	@charset "UTF-8";.wp-block-archives{box-sizing:border-box}.wp-block-archives-dropdown label{display:block}.wp-block-avatar{line-height:0}.wp-block-avatar,.wp-block-avatar img{box-sizing:border-box}.wp-block-avatar.aligncenter{text-align:center}.wp-block-audio{box-sizing:border-box}.wp-block-audio figcaption{margin-bottom:1em;margin-top:.5em}.wp-block-audio audio{min-width:300px;width:100%}.wp-block-button__link{box-sizing:border-box;cursor:pointer;display:inline-block;text-align:center;word-break:break-word}.wp-block-button__link.aligncenter{text-align:center}.wp-block-button__link.alignright{text-align:right}:where(.wp-block-button__link){border-radius:9999px;box-shadow:none;padding:calc(.667em + 2px) calc(1.333em + 2px);text-decoration:none}.wp-block-button[style*=text-decoration] .wp-block-button__link{text-decoration:inherit}.wp-block-buttons>.wp-block-button.has-custom-width{max-width:none}.wp-block-buttons>.wp-block-button.has-custom-width .wp-block-button__link{width:100%}.wp-bl

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, Unicode text, UTF-8 text, with very long lines (321)
Category:	dropped
Size (bytes):	3943
Entropy (8bit):	4.8232325555094375
Encrypted:	false
SSDEEP:
MD5:	AB9C71F198814E09627F6433052E474C
SHA1:	4356C6A7EC21E34372F37B3B8B989829ACE49DAC
SHA-256:	070F0702F1AD45CE447200BE2C58D22ECB98AB6088349AF4F54EB72D18F86713
SHA-512:	7F9403CADB772BAC4CA8B085BB52FA308B134E8627B5EB518B920C95B2957B1A08088EAE72BA9DDDFB54972EA943DDBCB19E80A89287724496A77CC80B590651
Malicious:	false
Reputation:	unknown
Preview:	. <div class="row">. <div class="col-12 col-lg-10 mx-auto">. <div class="row">. <div class="col-12">. <h2 class="mb-5">The Latest</h2>. </div>. </div>. <div class="row">.. . <div class="col-12 col-md-4 mb-4">. <a class="card card-odd". href="https://ir.sab.bio/news-releases/news-release-details/sab-biotherapeutics-provides-sab-142-trial-update" target="_blank" rel="noopener">.. <div class="card-body">. <h4 class="mb-3">SAB Biotherapeutics Provides SAB-142 Trial Update</h4>. <p>MIAMI BEACH, Fla., April 16, 2024 (GLOBE NEWSWIRE) -- SAB Biotherapeutics, Inc. (Nasdaq:. SABS ), (.SAB. or the .Company.), a clinical-stage biopharmaceutical company with a novel immunotherapy platform that is developing human anti-thymocyte immunoglobulin (hIgG) for delaying the onset or</p>. <em class="card-date">April 16, 2024</em>.

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4179)
Category:	downloaded
Size (bytes):	203324
Entropy (8bit):	5.539595899241151
Encrypted:	false
SSDEEP:
MD5:	7F58A241A1EEF6281CFC52AFE4C8486C
SHA1:	D9DE8E0CEDB57CE7DFE441B03BE43A79019ED4DF
SHA-256:	998A8B1EE020146451060504C59C5863CBD72A513690A6B1B7D84EF403502698
SHA-512:	FCC1864F25F4E05CC875B44D9219D26A0565CFB46E8EBC67571A07B54215143D98EE43FBF43629C68A130375DFA16F518E547400CF2DF5BD200CD78896F2D6C3
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=UA-163362834-1
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":"undefined"}],. "tags":[{"function":"__ogt_1p_data_v2","priority":2,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":true,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_isEnabled":true,"vtp_autoAddressEnabled":true,"vtp_regionValue":"","vtp_countryValue":"","vtp_isAutoCollectPiiEnable

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2343)
Category:	downloaded
Size (bytes):	52916
Entropy (8bit):	5.51283890397623
Encrypted:	false
SSDEEP:
MD5:	575B5480531DA4D14E7453E2016FE0BC
SHA1:	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1
SHA-256:	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
SHA-512:	174E48F4FB2A7E7A0BE1E16564F9ED2D0BBCC8B4AF18CB89AD49CF42B1C3894C8F8E29CE673BC5D9BC8552F88D1D47294EE0E216402566A3F446F04ACA24857A
Malicious:	false
Reputation:	unknown
URL:	https://www.google-analytics.com/analytics.js
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var n=this\|\|self,p=function(a,b){a=a.split(".");var c=n;a[0]in c\|\|"undefined"==typeof c.execScript\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|void 0===b?c=c[d]&&c[d]!==Object.prototype[d]?c[d]:c[d]={}:c[d]=b};function q(){for(var a=r,b={},c=0;c<a.length;++c)b[a[c]]=c;return b}function u(){var a="ABCDEFGHIJKLMNOPQRSTUVWXYZ";a+=a.toLowerCase()+"0123456789-_";return a+"."}var r,v;.function aa(a){function b(k){for(;d<a.length;){var m=a.charAt(d++),l=v[m];if(null!=l)return l;if(!/^[\s\xa0]*$/.test(m))throw Error("Unknown base64 encoding at char: "+m);}return k}r=r\|\|u();v=v\|\|q();for(var c="",d=0;;){var e=b(-1),f=b(0),h=b(64),g=b(64);if(64===g&&-1===e)return c;c+=String.fromCharCode(e<<2\|f>>4);64!=h&&(c+=String.fromCharCode(f<<4&240\|h>>2),64!=g&&(c+=String.fromCharCode(h<<6&192\|g)))}};var w={},y=function(a){w.TAGGING=w.TAGGING\|\|[];w.TAGGING[a]=!0};var ba=Array.isArray,c

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65324)
Category:	downloaded
Size (bytes):	185941
Entropy (8bit):	5.096488532832386
Encrypted:	false
SSDEEP:
MD5:	C9CAF6DADF92AD409EFF04F9F8D5B7DB
SHA1:	F9D4EA044B03F033EA8188A8D39FCC778DD3FD17
SHA-256:	E01A5448F15E7847746C0747084C7151A2300B79A091F421C1A3A9EB2426CB86
SHA-512:	B4EA7264658048A5EC3632F62128923D988D5222041EEFCD7B689ECCD57E558E120B0B47FF9961ED338B356E4008D0EAC5674ABE3F1E026F90526EF364BD59CE
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-content/themes/sabbiotherapeutics/assets/css/app.css?ver=2.0.1
Preview:	/!. Bootstrap v4.4.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). /:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace},:after,:before{box-sizing:bo

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44062)
Category:	downloaded
Size (bytes):	82205
Entropy (8bit):	5.291948543456662
Encrypted:	false
SSDEEP:
MD5:	C3A14527E5A2893D28D441AAE35662BC
SHA1:	0906074B3718F4FC3545A1343AA3AD6A26B8D72F
SHA-256:	1ECB92CBE1C86E782CAA36CD4447ED68859108E5DA591027D1DBD14FEAA2CD31
SHA-512:	3431E8755B9B5A3004CECA9CB306759C1C20457B4D50B016BB449C5F07C4053FDC23B8E33FCFC8270A13BBADCBAB68F1BAA49F232586E634698FE9E9DC404FBB
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-content/themes/sabbiotherapeutics/assets/js/vendor.js?ver=2.0.1
Preview:	/. Copyright (C) Federico Zivolo 2020. Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT).. /(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&define.amd?define(t):e.Popper=t()})(this,function(){'use strict';function e(e){return e&&'[object Function]'==={}.toString.call(e)}function t(e,t){if(1!==e.nodeType)return[];var o=e.ownerDocument.defaultView,n=o.getComputedStyle(e,null);return t?n[t]:n}function o(e){return'HTML'===e.nodeName?e:e.parentNode\|\|e.host}function n(e){if(!e)return document.body;switch(e.nodeName){case'HTML':case'BODY':return e.ownerDocument.body;case'#document':return e.body;}var i=t(e),r=i.overflow,p=i.overflowX,s=i.overflowY;return /(auto\|scroll\|overlay)/.test(r+s+p)?e:n(o(e))}function i(e){return e&&e.referenceNode?e.referenceNode:e}function r(e){return 11===e?re:10===e?pe:re\|\|pe}function p(e){if(!e)return document.documentElement;for(var o=r(10)?document.body:

Chrome Cache Entry: 87

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2859), with no line terminators
Category:	downloaded
Size (bytes):	2859
Entropy (8bit):	5.171968718518669
Encrypted:	false
SSDEEP:
MD5:	529A2DC9EBBA5CE8ACF1A30997795BFB
SHA1:	D37A66033F1845432D27F0B603EC76C72576BE18
SHA-256:	F2BED43C351CCFD40346B134512D76D6A2A5753D9C56EA3BF9FEC77E75819DC7
SHA-512:	D7627A9132B0A9D97952E628148FD0A2EAA4CC3B796FF05E0BDC4C37BB4B823C94B985631140E6A2C4A327BF46BDA97F73CC98557A7E4BC8524DCDD41A6602F3
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-content/themes/sabbiotherapeutics/assets/js/app.js?ver=2.0.1
Preview:	!function(e){var n={};function t(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,t),o.l=!0,o.exports}t.m=e,t.c=n,t.d=function(e,n,r){t.o(e,n)\|\|Object.defineProperty(e,n,{enumerable:!0,get:r})},t.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},t.t=function(e,n){if(1&n&&(e=t(e)),8&n)return e;if(4&n&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(t.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&n&&"string"!=typeof e)for(var o in e)t.d(r,o,function(n){return e[n]}.bind(null,o));return r},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},t.p="/",t(t.s=0)}({0:function(e,n,t){t("aJ1F"),e.exports=t("gm56")},aJ1F:function(e,n,t){"use strict";t.r(

Chrome Cache Entry: 88

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19500, version 1.0
Category:	downloaded
Size (bytes):	19500
Entropy (8bit):	7.98855700034412
Encrypted:	false
SSDEEP:
MD5:	F1331FE4ABD558FBDDB492E1A8E5A25E
SHA1:	5C0433F5AFA9B96E8232DB9D8485A8DD5E0F8B42
SHA-256:	893DB1358BE72AF427AFBC1E5E28F33D32E2C455EA642F2D27144FEC27F9F488
SHA-512:	081CCAC5364252541CF704B05177D600DD70603DFC83E084946AEF950B8CE4C28B164661ACBFB6BF7677965BAD2C49010D48B550FED62B38D7E392F77B5E225E
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/b7ea2b/00000000000000003b9ae7f5/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Preview:	wOF2......L,..........K.........................?DYNAc?GDYNe.......`..H.<..b.....l..f.....6.$..4. ..6.......;.uD.j/."Z=,"1..U.:1....~..?.......X.........PzPaa:O..#.@!.fegmH...\|.......6.t!.B.v....D...=..tt.t @......zV....f=7;+.h..w..I.7...Ux....A(X..&,.....\`...6D%....&..[..........q..~^.-.L.HK....:T.^7.v.Kr...d.p. Q...).N.....:.C%t..B...\|U.E.uZ.M..].{\|..[..6{p.! ..L.%%.L..x.....T.9u.J......-...o..xKw.y.........9..T.T%....ds..t..9OR.GKM..A`..k....@..FA<..5.AMN..YQJ.r..... ... T.D8..@}......e................2....D..y.2.^..:.4....!YK.......8...j.3.h..Y{!....TW^I.......AR...t&%..t.d.L:....R......@.r.6Ey/...myo.....Uw..e..i84....W..[..WR.,......mo:...dK.\|..%YB`(.Z...*@D.s.....8.B......../.E.J.I.n\..W....Z.....M'2....:.....E.9.&.98'.$.S...m]]s.5.''..kh.h...1..._..d..{>. ...F#-;M.+X.:....(....0.5...&5..FW......]+.#..L....[.l.]}!.....Y0.+...&.^..-%.;..?.I...`.$s...7.....%aOD..4..L{H.L.?g.2....p.!..dM....e...9.#.?G.s.[..Wy...+.{./..Q`_P^p^._.X.S.Z..

Chrome Cache Entry: 89

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19172, version 1.0
Category:	downloaded
Size (bytes):	19172
Entropy (8bit):	7.986708687480692
Encrypted:	false
SSDEEP:
MD5:	E5E6071E68EA79AD5F34D2F0CC0C215C
SHA1:	978BFD0608DCC2FF8F2D39530EC019BDA6EBB718
SHA-256:	32B1A7711060B382A5513B90267EFE0619D024A82DEFC8B913D6B8BEABF12ECB
SHA-512:	712D67104F2D89BAF0A69ED024C94B70BFF8CE3FD7CE356AFD8DD618C8EB9EF0FF89CBC9FABEB090CB28DAAD16BC0C2D03A4579AA974E1B55FC6621F56604CA6
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/122a14/00000000000000003b9ae80d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Preview:	wOF2......J........4..Jv........................?DYNAc?GDYNe..t....`..H.<..b.....(..C.....6.$..4. ..N.......v.......QQ.a......zH.7U...O...._.......7...m.^5.B......./..B...S..UQ.[."h.!J......V..\|.to+.V.B..!..\(.....CC....&.B#.h'\<.PO`.D\..g._.}..}..\..\.........L..`....u...............%..eh.H.HKt..U...n6.V....{...WE.&!2..$.q....\.kD..u.+W..2.o..}...0`......(..!...a.`a....2m.s.....\..]U^.....4. i......4...@.h(b...T,)T..pb9.93.I............. ..E....:....=U.0MV.t.g.....]O.....>W..:...X!,8T.4..'...!.G<...V.....9...y.aB..7.,Ms.m/..!5.....C.f..P.'......X<...k=. ...M5.....2...N....bS]Q...]x..%....w....u#@q...e.".. Y(..RH."%'@...2....r.R..]Tn....6.xw.&.oM.w....-.V......(..q:&7i.<...q9.\|.X..2[.......a.....9...,.`~?.....\|8.0.?Y..[..j$_.<9g...M=D.@O7.\. .........V.cBg\|z.DRV...gG.H..o....bh./........".....D...................................h;.L.?$.LJ.*...~..F.....Z._....<.......N...[?.l3q..!.....i%....."k.[.~....Tq.q.M..q...x%.1.:...!.... O..N....

Chrome Cache Entry: 90

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1600x372, components 3
Category:	downloaded
Size (bytes):	116871
Entropy (8bit):	7.9533422567844445
Encrypted:	false
SSDEEP:
MD5:	3DC1C24A4FA22CEB3015847C91403EE4
SHA1:	FCD13669E144A355CF19A32B4D3C428D27436EDE
SHA-256:	6B1A60B9477578F1292E6BB57A2563001328521550A021165BF3701C2E7841FE
SHA-512:	F3AB1C3C3B1041159E9E6192BBA4A7F264604895736F8994306D9F9E20DB212D47075189B6C97DE5E1595CC0D7302A0EDEC64CFCFC4BA77AC1CB32EE3BB8BE30
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-content/uploads/2023/09/SAb_hero_image-01-green.jpg
Preview:	......Exif..II*.................Ducky.......Q.....0http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.b0f8be90, 2021/12/15-21:25:15 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.2 (Macintosh)" xmpMM:InstanceID="xmp.iid:745580DA45B811EE9A74D55EA0EB7621" xmpMM:DocumentID="xmp.did:745580DB45B811EE9A74D55EA0EB7621"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:745580D845B811EE9A74D55EA0EB7621" stRef:documentID="xmp.did:745580D945B811EE9A74D55EA0EB7621"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d............................................................................................................................

Chrome Cache Entry: 91

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19304, version 1.0
Category:	downloaded
Size (bytes):	19304
Entropy (8bit):	7.98507443087666
Encrypted:	false
SSDEEP:
MD5:	1499FBA5A623638B2CCDDAC2574D2688
SHA1:	EB3960E42AD5AFACBB516354693DE6E01A2BD4DC
SHA-256:	C63F33128F75D309EF8CE5606645ACEE024D8D53FCD4E6DEB8EB5DB2D9CD6466
SHA-512:	39EEB068592BC313D84D693672F8ECD6E1E24DB78470B9A5B26B57E846AD5DC3A05821E383831676E3AC330C140CC15E45B94F8C396B19E258767B2FA0D428B6
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/9098db/00000000000000003b9ae80c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Preview:	wOF2......Kh..........J.........................?DYNAc?GDYNe..l....`..H.<..b.....x........6.$..4. ..i.......d.uD.i{.......\|.TU...j@........"0n.c............u(W{R.L........v.Xk..rm+(...(...._.)n..E)M.EX....X.".C..(...tfw..2.,.q.\|K?....S.y...........-.@n..'m..e.(.......9..}.;._m~..$.}...FtM.....RS9.U9..\.k......~...~..t.. ..DI...8.......0.V.f..?..p.U....n.....45R..a..xh....m.L.i..3}3....Z...2....A..I...S.D. =.....4..\|.M..=...m.#<......TDS...XW.L.9...`O..u{...?...vO.M.[...qC..........2.4.XB...q..'.,....T.I.D.$.2:.....i;. ..B..bQ^H...rQ..f....q....x.B...{....%....%......(....R..s.....t..w..m..&.k.[....D..p.....PAZ.....l...&.....z.".C.....'J.'.t'....p.../..'\|..\|.>\..<.....a^.......zY2>...z.2=..E....7....]f.d..-.--.Y..2<0.?""&".sVB~.~..........9.cSc.U.....k.J.6T..&N.6.,.X.3:X...]VP..U.5]1S....."..`r.Kk...aa....9....%`F..X(..r.S...d...~...>r...\.N.0N...y.....7.. `...KB.0_.D.Y.j.-.....].../..J..52..^.A..+..e.P.T.W..K...B....U..6..J.....[.XYz

Chrome Cache Entry: 93

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	3082
Entropy (8bit):	4.331966548057962
Encrypted:	false
SSDEEP:
MD5:	19115F93B209AB5AFD01D5DBA120DDA6
SHA1:	92B0A2BC547CCFA4F509AF8E833ABFF8E1E2B05E
SHA-256:	E80AB692D0D7FCCEA631D155863A8A4BADB4281C704FDF0F7F7B3A59D3630869
SHA-512:	8CE1FF8707F29208757C2EBE2C1C3FBB5BEC4739BED07F42A183907E66F0EB582DA7033681A55223D148114B49D58FBDE2D53B841BB991B68044839390EA83A5
Malicious:	false
Reputation:	unknown
Preview:	<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 151.17 52.37"><defs><style>.cls-1{fill:#83332e}.cls-3{fill:#373a36}</style></defs><g id="text-icons"><path class="cls-1" d="M20.63 23.87l-3.26-1.88-8.75 5.06v8.67l12.01-6.93 12 6.93v-8.67l-8.75-5.06-3.25 1.88z"/><path fill="#c5b000" d="M24.98 16.32v3.76l8.76 5.06 7.51-4.34-12.01-6.93V0l-7.51 4.34v10.11l3.25 1.87z"/><path class="cls-3" d="M16.27 16.32l3.25-1.87V4.34L12.01 0v13.87L0 20.8l7.51 4.34 8.76-5.06v-3.76z"/><path class="cls-1" d="M53.67 33.84h-2.15l.24-.85c.46-1.65.67-2.37.83-3.24.17.87.37 1.57.84 3.24zM59.13 39l-4.7-13h-3.64l-4.7 13h3.85l.71-2.28h3.89l.7 2.28zM65.1 34.19c0 1.82-.35 2.24-1 2.24a1.79 1.79 0 01-1.2-.46v-3.72a1.81 1.81 0 011.19-.47c.7 0 1 .47 1 2.41m3.3-.11c0-3.61-1.41-5-3.24-5a3.43 3.43 0 00-2.3.89v-4h-3.32V39h3.33v-.65a3.44 3.44 0 002.17.85c2.13 0 3.37-1.61 3.37-5.09"/><path class="cls-3" d="M46.39 35c0-2.43-1.45-3.43-4.71-4.21-1.67-.39-2.13-.61-2.13-1.09s.26-.8 1.33-.8a6.29 6.29 0 013.62 1.23l1.74-2.82a8.55 8.

Chrome Cache Entry: 94

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 19268, version 1.0
Category:	downloaded
Size (bytes):	19268
Entropy (8bit):	7.986180960170652
Encrypted:	false
SSDEEP:
MD5:	14001ABD4F047661A0229C609C4FBDB1
SHA1:	ED74CFB99672BED4D6C41749962739FD6F6E1E62
SHA-256:	F662E6D6BE58B511B91FC617D1AFA2BC1DCD6EF3D29867B9DAA84225F3D026D2
SHA-512:	0C7C2FD6C9536B1DC4129C068F952F9E68F458B9B33B49B9ED764D76CAE2A8C37B22A60F226FEA84B40EA91C87A832A22250DC97E67AFDE649DCE65736F6FE29
Malicious:	false
Reputation:	unknown
URL:	https://use.typekit.net/af/e5199f/00000000000000003b9ae7f4/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Preview:	wOF2......KD..........J.........................?DYNAc?GDYNe..(....`..H.<..b.....X..x.....6.$..4. ............uD.j/."Z=.......Z'.7U..O...._.....q=.y.@...G!.....;...R.v..d.$/......!.x...E...`..(..a.X=..-.K.z......-yUvW...+.GJ..q....AP.K....q.....#..9%H.X.@..z...........T=.~_.=03.#)1...T!.n7Kv.......I&..h.jJ ..l..;.\|.w.d......=.4..I..M.....qbH..r.....D..`54T4.j.`-..J7..+mW&..VJejl.[.>k...9.z.A..K.%Y..2.A.j...L2......p..7.,....7.{/L.3....lb5.. ..B`..u...e..?...y..F.D.!di.......K.Ro...25.!.a....U..'..y.Q.,..'.Bre...,..... ..&. . ${f...B.%...A.....d....,.T....{/k.2w...<g.{.Cc\x.9.D_....I?....M...8.....-^C..5.j.....S.!.$.._[C...!.......g...?.UH.....\|...k..l...a...~2..W..+..rd.\.`.eF..i..)Dr...R. b.......p..I..6.....j...rc.....n.U...`..}8 ....J-%3E.#P.2.........Y?.9.+..9..J[......U#.-..D...:....u..@rDvd.R.._N..?..#)&3..?]a.1..M2.W?.?...8aJX...q..g.g\|d.2..2...@v0{.....1.q....s..<.K........r..D+...]....W.)`pR..].M.i.."wE/...?-.-. ..S*.I..R.R...p..R..X.

Chrome Cache Entry: 95

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13479)
Category:	downloaded
Size (bytes):	13577
Entropy (8bit):	5.272065782731947
Encrypted:	false
SSDEEP:
MD5:	9FFEB32E2D9EFBF8F70CAABDED242267
SHA1:	3AD0C10E501AC2A9BFA18F9CD7E700219B378738
SHA-256:	5274F11E6FB32AE0CF2DFB9F8043272865C397A7C4223B4CFA7D50EA52FBDE89
SHA-512:	8D6BE545508A1C38278B8AD780C3758AE48A25E4E12EEE443375AA56031D9B356F8C90F22D4F251140FA3F65603AF40523165E33CAE2E2D62FC78EC106E3D731
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Preview:	/! jQuery Migrate v3.4.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)\|\|[],o=r.exec(t)\|\|[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.1";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")\|\|n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarnings

Chrome Cache Entry: 96

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5
Entropy (8bit):	1.5219280948873621
Encrypted:	false
SSDEEP:
MD5:	83D24D4B43CC7EEF2B61E66C95F3D158
SHA1:	F0CAFC285EE23BB6C28C5166F305493C4331C84D
SHA-256:	1C0FF118A4290C99F39C90ABB38703A866E47251B23CCA20266C69C812CCAFEB
SHA-512:	E6E84563D3A55767F8E5F36C4E217A0768120D6E15CE4D01AA63D36AF7EC8D20B600CE96DCC56DE91EC7E55E83A8267BADDD68B61447069B82ABDB2E92C6ACB6
Malicious:	false
Reputation:	unknown
URL:	https://p.typekit.net/p.css?s=1&k=myi0pua&ht=tk&f=31141.31142.31143.31144.31145.31146.31162.31165.31166&a=618497&app=typekit&e=css
Preview:	/**/.

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87553
Entropy (8bit):	5.262620498676155
Encrypted:	false
SSDEEP:
MD5:	826EB77E86B02AB7724FE3D0141FF87C
SHA1:	79CD3587D565AFE290076A8D36C31C305A573D18
SHA-256:	CB6F2D32C49D1C2B25E9FFC9AAAFA3F83075346C01BCD4AE6EB187392A4292CF
SHA-512:	FC79FDB76763025DC39FAC045A215FF155EF2F492A0E9640079D6F089FA6218AF2B3AB7C6EAF636827DEE9294E6939A95AB24554E870C976679C25567AD6374C
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (9462)
Category:	downloaded
Size (bytes):	34872
Entropy (8bit):	5.211341155399806
Encrypted:	false
SSDEEP:
MD5:	016A397CD86D4EE44EC1E7729B3F9B24
SHA1:	4CCB5FFEC90763022396460CC43CDA3D0E9E03B3
SHA-256:	4A5EF7AF1B5A8ED1117989EAA4592274DE005B12DF6668440D7FD0C66F0BCD2D
SHA-512:	F644AD9FFFBAA62EBD6B19C49ADFFEAA4C3A3C872E9D5A76BFE78C4B758035499010DB357C6FB73285F0EDD8EF3C8B12FFD3AF1113A06BC9445FE0109A7D76B9
Malicious:	false
Reputation:	unknown
URL:	https://www.sab.bio/
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="utf-8">. <title>Home - SAb Biotherapeutics</title>. <meta http-equiv="x-ua-compatible" content="ie=edge">. <meta name="viewport" content="width=device-width, initial-scale=1">. <meta name="theme-color" content="#ffffff">. <link rel="apple-touch-icon" href="/apple-touch-icon.png">. <link rel="shortcut icon" href="/favicon.ico">. <link rel="stylesheet" href="https://use.typekit.net/myi0pua.css">.. wp_head -->.<meta name='robots' content='max-image-preview:large' />... This site is optimized with the Yoast SEO plugin v14.2 - https://yoast.com/wordpress/plugins/seo/ -->..<meta name="robots" content="index, follow" />..<meta name="googlebot" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1" />..<meta name="bingbot" content="index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1" />..<link rel="canonical" href="https://www.sab.bio/" />..<meta pr

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://www.sab.bio

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 100

Chrome Cache Entry: 102

Chrome Cache Entry: 104

Chrome Cache Entry: 105

Chrome Cache Entry: 106

Chrome Cache Entry: 107

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Chrome Cache Entry: 91

Chrome Cache Entry: 93

Chrome Cache Entry: 94

Chrome Cache Entry: 95

Chrome Cache Entry: 96

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

Windows Analysis Report
https://www.sab.bio