Edit tour

Windows Analysis Report
https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj

Overview

General Information

Sample URL:	https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj
Analysis ID:	1501424
Infos:

Detection

Score:	4
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML body with high number of embedded SVGs detected

HTML body with high number of embedded images detected

HTML page contains hidden javascript code

HTML title does not match URL

Program does not show much activity (idle)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3568 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4504 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6416 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=/

HTTP Parser: Iframe src: https://td.doubleclick.net/td/ga/rul?tid=G-XM75BLLM79&gacid=230458610.1724962310&gtm=45je48r0v9119183171za200&dma=0&gcd=13l3l3l3l2l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=150159372

Source: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=/

HTTP Parser: Number of links: 0

Source: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=/

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj

HTTP Parser: Total embedded SVG size: 129034

Source: https://uizard.io/invision/

HTTP Parser: Total embedded image size: 26988

Source: https://uizard.io/invision/

HTTP Parser: Base64 decoded: <svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg"><g id="Icons-24"><g id="Union"><path fill-rule="evenodd" clip-rule="evenodd" d="M6.76875 4.04408C6.82142 4.13979 6.93581 4.17985 7.02881 4.23717L7.86505 4.75...

Source: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements

HTTP Parser: Title: Freehand online whiteboard technological requirements does not match URL

Source: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=/

HTTP Parser: <input type="password" .../> found

Source: https://uizard.io/invision/	HTTP Parser: No favicon
Source: https://support.invisionapp.com/	HTTP Parser: No favicon
Source: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements	HTTP Parser: No favicon
Source: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements	HTTP Parser: No favicon

Source: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements	HTTP Parser: No <meta name="author".. found
Source: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements	HTTP Parser: No <meta name="author".. found
Source: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=/	HTTP Parser: No <meta name="author".. found

Source: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements	HTTP Parser: No <meta name="copyright".. found
Source: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements	HTTP Parser: No <meta name="copyright".. found
Source: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=/	HTTP Parser: No <meta name="copyright".. found

Source: chromecache_505.2.dr	String found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Vj:function(){e=Bb()},md:function(){d()}}};var hc=ja(["data-gtm-yt-inspected-"]),tC=["www.youtube.com","www.youtube-nocookie.com"],uC,vC=!1; equals www.youtube.com (Youtube)
Source: chromecache_367.2.dr, chromecache_505.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=bA(a,c,e);O(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return O(122),!0;if(d&&f){for(var m=Mb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},eA=function(){var a=[],b=function(c){return rb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_505.2.dr	String found in binary or memory: if(!(e\|\|f\|\|g\|\|k.length\|\|m.length))return;var p={Yg:e,Wg:f,Xg:g,Ih:k,Jh:m,Ee:n,Cb:b},q=E.YT;if(q)return q.ready&&q.ready(d),b;var r=E.onYouTubeIframeAPIReady;E.onYouTubeIframeAPIReady=function(){r&&r();d()};G(function(){for(var t=F.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(EC(w,"iframe_api")\|\|EC(w,"player_api"))return b}for(var x=F.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!vC&&CC(x[A],p.Ee))return xc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_494.2.dr, chromecache_367.2.dr, chromecache_631.2.dr	String found in binary or memory: return b}rC.J="internal.enableAutoEventOnTimer";var hc=ja(["data-gtm-yt-inspected-"]),tC=["www.youtube.com","www.youtube-nocookie.com"],uC,vC=!1; equals www.youtube.com (Youtube)
Source: chromecache_735.2.dr	String found in binary or memory: return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var b=f.getFbeventsModules("signalsFBEventsGetTier"),c=d();function d(){try{if(a.trustedTypes&&a.trustedTypes.createPolicy){var b=a.trustedTypes;return b.createPolicy("facebook.com/signals/iwl",{createScriptURL:function(a){var b=new URL(a);b=b.hostname.endsWith(".facebook.com")&&b.pathname=="/signals/iwl.js";if(!b)throw new Error("Disallowed script URL");return a}})}}catch(a){}return null}e.exports=function(a,d){d=b(d);d=d==null?"www.facebook.com":"www."+d+".facebook.com";d="https://"+d+"/signals/iwl.js?pixel_id="+a;if(c!=null)return c.createScriptURL(d);else return d}})();return e.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_735.2.dr	String found in binary or memory: return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_735.2.dr	String found in binary or memory: return function(f,g,h,i){var j={exports:{}};j.exports;(function(){"use strict";var a={ENDPOINT:"https://www.facebook.com/tr/",INSTAGRAM_TRIGGER_ATTRIBUTION:"https://www.instagram.com/tr/",AEM_ENDPOINT:"https://www.facebook.com/.well-known/aggregated-event-measurement/",GPS_ENDPOINT:"https://www.facebook.com/privacy_sandbox/pixel/register/trigger/",TOPICS_API_ENDPOINT:"https://www.facebook.com/privacy_sandbox/topics/registration/"};j.exports=a})();return j.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_367.2.dr, chromecache_505.2.dr	String found in binary or memory: var GB=function(a,b,c,d,e){var f=zz("fsl",c?"nv.mwt":"mwt",0),g;g=c?zz("fsl","nv.ids",[]):zz("fsl","ids",[]);if(!g.length)return!0;var k=Ez(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);O(121);if(m==="https://www.facebook.com/tr/")return O(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!ny(k,oy(b, equals www.facebook.com (Facebook)

Source: chromecache_498.2.dr	String found in binary or memory: http://.css
Source: chromecache_498.2.dr	String found in binary or memory: http://.jpg
Source: chromecache_608.2.dr	String found in binary or memory: http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)
Source: chromecache_603.2.dr	String found in binary or memory: http://get.webgl.org/
Source: chromecache_498.2.dr	String found in binary or memory: http://html4/loose.dtd
Source: chromecache_362.2.dr	String found in binary or memory: http://jaywcjlove.github.io/hotkeys
Source: chromecache_362.2.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_608.2.dr	String found in binary or memory: http://underscorejs.org/LICENSE
Source: chromecache_660.2.dr	String found in binary or memory: http://www.daltonmaag.com/http://www.daltonmaag.com/eula
Source: chromecache_660.2.dr	String found in binary or memory: http://www.daltonmaag.com/http://www.daltonmaag.com/eulaAktiv
Source: chromecache_660.2.dr	String found in binary or memory: http://www.daltonmaag.com/http://www.daltonmaag.com/eulaCopyright
Source: chromecache_608.2.dr	String found in binary or memory: http://www.ecma-international.org/ecma-262/7.0/#sec-ecmascript-language-types)
Source: chromecache_603.2.dr	String found in binary or memory: http://www.google.com/chrome
Source: chromecache_362.2.dr	String found in binary or memory: http://www.jacklmoore.com/autosize
Source: chromecache_603.2.dr	String found in binary or memory: http://www.mozilla.com/en-US/firefox/all.html
Source: chromecache_498.2.dr	String found in binary or memory: http://www.unicode.org/copyright.html
Source: chromecache_505.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_474.2.dr	String found in binary or memory: https://agent.pendo.io/licenses
Source: chromecache_638.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_697.2.dr	String found in binary or memory: https://analytics.google.com/g/s/collect?dma=0&npa=0&gcs=G111&gcd=13r3r3r3r5l1&gtm=45j91e48r1v917125
Source: chromecache_494.2.dr, chromecache_367.2.dr, chromecache_631.2.dr, chromecache_505.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_631.2.dr	String found in binary or memory: https://cdn.mouseflow.com/projects/
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_735.2.dr	String found in binary or memory: https://connect.facebook.net/
Source: chromecache_735.2.dr	String found in binary or memory: https://connect.facebook.net/log/fbevents_telemetry/
Source: chromecache_631.2.dr	String found in binary or memory: https://consent.cookiebot.com/uc.js?cbid=
Source: chromecache_474.2.dr	String found in binary or memory: https://content.in-messages.invisionapp.com/agent/static/05702be8-88e5-4f89-628f-905192874137/pendo-
Source: chromecache_608.2.dr	String found in binary or memory: https://css-tricks.com/debouncing-throttling-explained-examples/)
Source: chromecache_759.2.dr, chromecache_686.2.dr	String found in binary or memory: https://developers.google.com/maps/documentation/javascript/error-messages#
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_524.2.dr	String found in binary or memory: https://docs.bugsnag.com/api/error-reporting
Source: chromecache_375.2.dr	String found in binary or memory: https://docs.swift.org/swift-book/ReferenceManual/LexicalStructure.html
Source: chromecache_375.2.dr	String found in binary or memory: https://en.cppreference.com/w/cpp/keyword
Source: chromecache_752.2.dr, chromecache_495.2.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_752.2.dr, chromecache_495.2.dr	String found in binary or memory: https://fontawesome.com/license
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofIMeaBXso.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofINeaB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofIO-aBXso.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofIOOaBXso.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/nunito/v26/XRXV3I6Li01BKofIOuaBXso.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS2mu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSCmu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSKmu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSOmu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSumu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSymu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2)
Source: chromecache_439.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nRivN04w.woff2)
Source: chromecache_439.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nVivM.woff2)
Source: chromecache_439.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nWivN04w.woff2)
Source: chromecache_439.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nYivN04w.woff2)
Source: chromecache_439.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/pressstart2p/v15/e3t4euO8T-267oIAQAu6jDQyK3nbivN04w.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/redhatdisplay/v19/8vIQ7wUr0m80wwYf0QCXZzYzUoTg8z6hVYs.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/redhatdisplay/v19/8vIQ7wUr0m80wwYf0QCXZzYzUoTg_T6h.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_711.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_608.2.dr	String found in binary or memory: https://github.com/InVisionApp/freehand-web-v7/pull/5532#discussion_r1120332536
Source: chromecache_375.2.dr, chromecache_608.2.dr, chromecache_561.2.dr	String found in binary or memory: https://github.com/InVisionApp/helios-design-system/blob/a28a896195c8657a74b9e0a5f8bb92d277133302/pa
Source: chromecache_635.2.dr	String found in binary or memory: https://github.com/algolia/autocomplete.js
Source: chromecache_679.2.dr	String found in binary or memory: https://github.com/rocicorp/fractional-indexing
Source: chromecache_631.2.dr	String found in binary or memory: https://google.com
Source: chromecache_631.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_705.2.dr	String found in binary or memory: https://help.invisionapp.com/hc/en-us/requests/new
Source: chromecache_608.2.dr	String found in binary or memory: https://jquery.org/
Source: chromecache_362.2.dr	String found in binary or memory: https://lea.verou.me
Source: chromecache_608.2.dr	String found in binary or memory: https://lodash.com/
Source: chromecache_608.2.dr	String found in binary or memory: https://lodash.com/license
Source: chromecache_755.2.dr	String found in binary or memory: https://nicolelynam513779.invisionapp.com/
Source: chromecache_393.2.dr	String found in binary or memory: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv1%2Fre
Source: chromecache_354.2.dr	String found in binary or memory: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv1%2Fsu
Source: chromecache_372.2.dr	String found in binary or memory: https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv2%2Fac
Source: chromecache_355.2.dr	String found in binary or memory: https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj
Source: chromecache_679.2.dr	String found in binary or memory: https://observablehq.com/
Source: chromecache_362.2.dr	String found in binary or memory: https://opensource.org/licenses/MIT
Source: chromecache_505.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_494.2.dr, chromecache_367.2.dr, chromecache_631.2.dr, chromecache_505.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_474.2.dr	String found in binary or memory: https://pendo-static-5650285439221760.storage.googleapis.com
Source: chromecache_696.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_678.2.dr	String found in binary or memory: https://projects.invisionapp.com
Source: chromecache_631.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: chromecache_696.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://s3.amazonaws.com/invision-global-static/production/spa/cloud-ui/global-service-worker-loader
Source: chromecache_631.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_375.2.dr, chromecache_608.2.dr	String found in binary or memory: https://stackoverflow.com/a/986977
Source: chromecache_631.2.dr	String found in binary or memory: https://static.hotjar.com/c/hotjar-
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/favicons/default/apple-touch-icon.png
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/favicons/default/favicon-16x16.png
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/favicons/default/favicon-32x32.png
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/favicons/default/favicon.ico
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/AktivGroteskVF_Italics_W_Wght.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/AktivGroteskVF_W_Wght.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-Eina03-SemiBold.woff
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-Eina03-SemiBold.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Book.woff
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Book.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-BookItalic.woff
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-BookItalic.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Demi.woff
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Demi.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-DemiItalic.woff
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-DemiItalic.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Medium.woff
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Medium.woff2
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-MediumItalic.woff
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-MediumItalic.woff2
Source: chromecache_487.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/illustrations/helios-plus/scene/no-screens-found.svg
Source: chromecache_487.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/illustrations/helios-plus/scene/no-spaces-to-view.svg
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/js/cloud-global-async.js
Source: chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/global/js/cloud-global-pre-app-modules-synchronous.js
Source: chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.37078cb726bfa77d6a36.css
Source: chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.37078cb726bfa77d6a36.js
Source: chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.vendor.37078cb726bfa77d6a36.css
Source: chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.vendor.37078cb726bfa77d6a36.js
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/cloud-ui/app-shell-legacy.99fc193a.js
Source: chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/cloud-ui/app-shell.9729de5c.js
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/cloud-ui/polyfills.0ca8b6ae.js
Source: chromecache_476.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/comment-kit-ui-static/
Source: chromecache_355.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-asset-loading.worker.5
Source: chromecache_355.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-asset-processing.worke
Source: chromecache_355.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-bundle.1a632b09d6f4f31
Source: chromecache_355.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-pdf.worker.3a179d139c5
Source: chromecache_355.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-process-line.worker.a2
Source: chromecache_355.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-vendors.0410ce90753f5f
Source: chromecache_355.2.dr, chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/global-navigation-static/global-navigation.5cc6818c1a7e880293
Source: chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/home-ui-v7-static/home-main.1798f35bdf5fb71357ee.css
Source: chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/home-ui-v7-static/home.7eb7aadbb8461a0333f6.js
Source: chromecache_355.2.dr, chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/invproto-fe-static/invproto-fe.a25731557cffe53d7576.js
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-bugsnag-static/bugsnag.108782ef33631fee5b7a.js
Source: chromecache_362.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-helios-one-web-static/
Source: chromecache_355.2.dr, chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-helios-one-web-static/helios-one.16ef689b76ede057e610.css
Source: chromecache_355.2.dr, chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-helios-one-web-static/helios-one.16ef689b76ede057e610.js
Source: chromecache_355.2.dr, chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-lodash-static/lodash.f0ad10da7d1f80112d7a.js
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-react-dom-static/react-dom.cfce0b15c12860642616.js
Source: chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-react-static/react.f67761e0a08ead174e25.js
Source: chromecache_355.2.dr, chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/rpr-styled-components-static/styled-components.a226967a2b2791
Source: chromecache_355.2.dr, chromecache_755.2.dr	String found in binary or memory: https://static.invisionapp-cdn.com/spa/sidebar/sidebar.c041909dcb5df013780e.js
Source: chromecache_494.2.dr, chromecache_505.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_697.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=0&gcs=G111&gcd=13r3r3r3r5l1&tid=G-8VGN7Z0T63
Source: chromecache_638.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_696.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_705.2.dr	String found in binary or memory: https://support.invisionapp.com
Source: chromecache_437.2.dr	String found in binary or memory: https://support.invisionapp.com/
Source: chromecache_603.2.dr	String found in binary or memory: https://support.invisionapp.com/docs/freehand-online-whiteboard-technological-requirements
Source: chromecache_705.2.dr	String found in binary or memory: https://support.invisionapp.com/hc/en-us/articles/115004118683
Source: chromecache_638.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_494.2.dr, chromecache_367.2.dr, chromecache_631.2.dr, chromecache_505.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_755.2.dr	String found in binary or memory: https://ui-gateway-production.invisionapp-cdn.com/
Source: chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	String found in binary or memory: https://ui-gateway-production.invisionapp-cdn.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2
Source: chromecache_355.2.dr	String found in binary or memory: https://ui-gateway-production.invisionapp-cdn.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj
Source: chromecache_603.2.dr	String found in binary or memory: https://www.document360.com)
Source: chromecache_638.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_638.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_638.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_505.2.dr, chromecache_686.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_638.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_631.2.dr, chromecache_505.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_505.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_367.2.dr, chromecache_631.2.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_638.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_367.2.dr, chromecache_631.2.dr	String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_381.2.dr, chromecache_696.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/recaptcha__.
Source: chromecache_733.2.dr, chromecache_732.2.dr	String found in binary or memory: https://www.invisionapp.com/legal/privacy-policy
Source: chromecache_494.2.dr, chromecache_505.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_505.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: classification engine

Classification label: clean4.win@28/659@0/91

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: chromecache_603.2.dr

Binary or memory string: s common at large organizations for end-users to access their applications via a hosted virtual desktop including:</p><ul><li>Citrix Workspace / Virtual Desktops</li><li>VMWare Horizon</li><li>AWS Workspaces</li></ul><p>These environments can degrade performance of all web applications, but particularly graphic intensive applications like Freehand.</p><p>A number of factors can impact performance over VDI, including settings and policies unique to each organization. We list several recommendations below, but please <a href=//help.invisionapp.com/hc/en-us/requests/new rel="noopener noreferrer" target=_blank>contact our Support team</a> if you're encountering any troubles so that we can understand and accommodate your unique needs.</p><ul><li>Ensure your VDI server allocates enough resources (memory and CPU) to each client. This is a function of server resources and number of concurrent clients. In general, monitoring your server logs to ensure you don

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Data Obfuscation	Exfiltration Over Other Network Medium	Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://stats.g.doubleclick.net/g/collect	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#localhost_support	0%	URL Reputation	safe
https://support.google.com/recaptcha#6262736	0%	URL Reputation	safe
https://ampcid.google.com/v1/publisher:getClientId	0%	URL Reputation	safe
https://support.google.com/recaptcha/?hl=en#6223828	0%	URL Reputation	safe
https://px.ads.linkedin.com/collect?	0%	URL Reputation	safe
https://fontawesome.com	0%	URL Reputation	safe
https://support.google.com/recaptcha/#6175971	0%	URL Reputation	safe
https://stats.g.doubleclick.net/j/collect	0%	URL Reputation	safe
https://agent.pendo.io/licenses	0%	URL Reputation	safe
https://support.google.com/recaptcha	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	0%	URL Reputation	safe
http://underscorejs.org/LICENSE	0%	URL Reputation	safe
https://connect.facebook.net/	0%	URL Reputation	safe
https://static.invisionapp-cdn.com/spa/rpr-react-static/react.f67761e0a08ead174e25.js	0%	Avira URL Cloud	safe
http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)	0%	URL Reputation	safe
http://www.unicode.org/copyright.html	0%	URL Reputation	safe
http://jaywcjlove.github.io/hotkeys	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/rpr-lodash-static/lodash.f0ad10da7d1f80112d7a.js	0%	Avira URL Cloud	safe
https://opensource.org/licenses/MIT	0%	URL Reputation	safe
https://docs.bugsnag.com/api/error-reporting	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/comment-kit-ui-static/	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/rpr-react-dom-static/react-dom.cfce0b15c12860642616.js	0%	Avira URL Cloud	safe
http://www.daltonmaag.com/http://www.daltonmaag.com/eulaAktiv	0%	Avira URL Cloud	safe
https://cloud.google.com/contact	0%	URL Reputation	safe
https://fontawesome.com/license	0%	URL Reputation	safe
https://static.invisionapp-cdn.com/spa/sidebar/sidebar.c041909dcb5df013780e.js	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Book.woff	0%	Avira URL Cloud	safe
http://www.jacklmoore.com/autosize	0%	URL Reputation	safe
https://analytics.google.com/g/s/collect?dma=0&npa=0&gcs=G111&gcd=13r3r3r3r5l1&gtm=45j91e48r1v917125	0%	Avira URL Cloud	safe
https://observablehq.com/	0%	Avira URL Cloud	safe
http://get.webgl.org/	0%	Avira URL Cloud	safe
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=0&gcs=G111&gcd=13r3r3r3r5l1&tid=G-8VGN7Z0T63	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/home-ui-v7-static/home-main.1798f35bdf5fb71357ee.css	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/favicons/default/favicon-32x32.png	0%	Avira URL Cloud	safe
https://www.document360.com)	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Medium.woff2	0%	Avira URL Cloud	safe
https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv1%2Fsu	0%	Avira URL Cloud	safe
https://www.google.com	0%	Avira URL Cloud	safe
https://www.youtube.com/iframe_api	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.vendor.37078cb726bfa77d6a36.css	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/rpr-helios-one-web-static/helios-one.16ef689b76ede057e610.css	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/rpr-helios-one-web-static/helios-one.16ef689b76ede057e610.js	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.vendor.37078cb726bfa77d6a36.js	0%	Avira URL Cloud	safe
https://github.com/InVisionApp/freehand-web-v7/pull/5532#discussion_r1120332536	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/global-navigation-static/global-navigation.5cc6818c1a7e880293	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-Eina03-SemiBold.woff2	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-MediumItalic.woff	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/rpr-styled-components-static/styled-components.a226967a2b2791	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Book.woff2	0%	Avira URL Cloud	safe
https://github.com/algolia/autocomplete.js	0%	Avira URL Cloud	safe
https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv2%2Fac	0%	Avira URL Cloud	safe
https://www.gstatic.c..?/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/recaptcha__.	0%	Avira URL Cloud	safe
http://www.daltonmaag.com/http://www.daltonmaag.com/eulaCopyright	0%	Avira URL Cloud	safe
https://support.invisionapp.com/hc/en-us/articles/115004118683	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-bundle.1a632b09d6f4f31	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-Eina03-SemiBold.woff	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Medium.woff	0%	Avira URL Cloud	safe
https://play.google.com/log?format=json&hasfast=true	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-DemiItalic.woff2	0%	Avira URL Cloud	safe
https://jquery.org/	0%	Avira URL Cloud	safe
https://www.google.%/ads/ga-audiences	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Demi.woff2	0%	Avira URL Cloud	safe
https://www.invisionapp.com/legal/privacy-policy	0%	Avira URL Cloud	safe
https://content.in-messages.invisionapp.com/agent/static/05702be8-88e5-4f89-628f-905192874137/pendo-	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/AktivGroteskVF_Italics_W_Wght.woff2	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/home-ui-v7-static/home.7eb7aadbb8461a0333f6.js	0%	Avira URL Cloud	safe
https://help.invisionapp.com/hc/en-us/requests/new	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/invproto-fe-static/invproto-fe.a25731557cffe53d7576.js	0%	Avira URL Cloud	safe
https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv1%2Fre	0%	Avira URL Cloud	safe
http://www.mozilla.com/en-US/firefox/all.html	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Demi.woff	0%	Avira URL Cloud	safe
https://lea.verou.me	0%	Avira URL Cloud	safe
http://html4/loose.dtd	0%	Avira URL Cloud	safe
https://consent.cookiebot.com/uc.js?cbid=	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-pdf.worker.3a179d139c5	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/illustrations/helios-plus/scene/no-screens-found.svg	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-BookItalic.woff	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.37078cb726bfa77d6a36.css	0%	Avira URL Cloud	safe
https://ui-gateway-production.invisionapp-cdn.com/	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-BookItalic.woff2	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/illustrations/helios-plus/scene/no-spaces-to-view.svg	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/js/cloud-global-async.js	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/favicons/default/favicon-16x16.png	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-DemiItalic.woff	0%	Avira URL Cloud	safe
https://projects.invisionapp.com	0%	Avira URL Cloud	safe
http://.css	0%	Avira URL Cloud	safe
https://docs.swift.org/swift-book/ReferenceManual/LexicalStructure.html	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-asset-processing.worke	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/favicons/default/favicon.ico	0%	Avira URL Cloud	safe
https://support.invisionapp.com	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/global/js/cloud-global-pre-app-modules-synchronous.js	0%	Avira URL Cloud	safe
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-process-line.worker.a2	0%	Avira URL Cloud	safe
http://www.google.com/chrome	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/	0%	Avira URL Cloud	safe

Name	Malicious	Reputation
https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=/	false	unknown
https://support.invisionapp.com/	false	unknown
https://uizard.io/invision/	false	unknown
https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://static.invisionapp-cdn.com/spa/sidebar/sidebar.c041909dcb5df013780e.js	chromecache_355.2.dr, chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://analytics.google.com/g/s/collect?dma=0&npa=0&gcs=G111&gcd=13r3r3r3r5l1&gtm=45j91e48r1v917125	chromecache_697.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/rpr-react-dom-static/react-dom.cfce0b15c12860642616.js	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/g/collect	chromecache_494.2.dr, chromecache_505.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/spa/rpr-lodash-static/lodash.f0ad10da7d1f80112d7a.js	chromecache_355.2.dr, chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support	chromecache_381.2.dr, chromecache_696.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/spa/rpr-react-static/react.f67761e0a08ead174e25.js	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
http://jaywcjlove.github.io/hotkeys	chromecache_362.2.dr	false	Avira URL Cloud: safe	unknown
https://docs.bugsnag.com/api/error-reporting	chromecache_524.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/comment-kit-ui-static/	chromecache_476.2.dr	false	Avira URL Cloud: safe	unknown
http://www.daltonmaag.com/http://www.daltonmaag.com/eulaAktiv	chromecache_660.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha#6262736	chromecache_381.2.dr, chromecache_696.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Book.woff	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://ampcid.google.com/v1/publisher:getClientId	chromecache_638.2.dr	false	URL Reputation: safe	unknown
https://observablehq.com/	chromecache_679.2.dr	false	Avira URL Cloud: safe	unknown
http://get.webgl.org/	chromecache_603.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha/?hl=en#6223828	chromecache_381.2.dr, chromecache_696.2.dr	false	URL Reputation: safe	unknown
https://px.ads.linkedin.com/collect?	chromecache_631.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/spa/home-ui-v7-static/home-main.1798f35bdf5fb71357ee.css	chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/favicons/default/favicon-32x32.png	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Medium.woff2	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://www.document360.com)	chromecache_603.2.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/g/collect?v=2&dma=0&npa=0&gcs=G111&gcd=13r3r3r3r5l1&tid=G-8VGN7Z0T63	chromecache_697.2.dr	false	Avira URL Cloud: safe	unknown
https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv1%2Fsu	chromecache_354.2.dr	false	Avira URL Cloud: safe	unknown
https://fontawesome.com	chromecache_752.2.dr, chromecache_495.2.dr	false	URL Reputation: safe	unknown
https://www.google.com	chromecache_505.2.dr, chromecache_686.2.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/iframe_api	chromecache_505.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.vendor.37078cb726bfa77d6a36.css	chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.vendor.37078cb726bfa77d6a36.js	chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha/#6175971	chromecache_381.2.dr, chromecache_696.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/spa/rpr-helios-one-web-static/helios-one.16ef689b76ede057e610.js	chromecache_355.2.dr, chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/InVisionApp/freehand-web-v7/pull/5532#discussion_r1120332536	chromecache_608.2.dr	false	Avira URL Cloud: safe	unknown
https://stats.g.doubleclick.net/j/collect	chromecache_638.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/spa/global-navigation-static/global-navigation.5cc6818c1a7e880293	chromecache_355.2.dr, chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/rpr-helios-one-web-static/helios-one.16ef689b76ede057e610.css	chromecache_355.2.dr, chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://agent.pendo.io/licenses	chromecache_474.2.dr	false	URL Reputation: safe	unknown
https://support.google.com/recaptcha	chromecache_696.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-Eina03-SemiBold.woff2	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Book.woff2	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-MediumItalic.woff	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/rpr-styled-components-static/styled-components.a226967a2b2791	chromecache_355.2.dr, chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://www.gstatic.c..?/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/recaptcha__.	chromecache_381.2.dr, chromecache_696.2.dr	false	Avira URL Cloud: safe	unknown
https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv2%2Fac	chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
http://www.daltonmaag.com/http://www.daltonmaag.com/eulaCopyright	chromecache_660.2.dr	false	Avira URL Cloud: safe	unknown
https://support.invisionapp.com/hc/en-us/articles/115004118683	chromecache_705.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/algolia/autocomplete.js	chromecache_635.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-bundle.1a632b09d6f4f31	chromecache_355.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-Eina03-SemiBold.woff	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://cct.google/taggy/agent.js	chromecache_494.2.dr, chromecache_367.2.dr, chromecache_631.2.dr, chromecache_505.2.dr	false	URL Reputation: safe	unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	chromecache_381.2.dr, chromecache_696.2.dr	false	URL Reputation: safe	unknown
http://underscorejs.org/LICENSE	chromecache_608.2.dr	false	URL Reputation: safe	unknown
https://connect.facebook.net/	chromecache_735.2.dr	false	URL Reputation: safe	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_696.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-DemiItalic.woff2	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Medium.woff	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://jquery.org/	chromecache_608.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Demi.woff2	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://www.invisionapp.com/legal/privacy-policy	chromecache_733.2.dr, chromecache_732.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.%/ads/ga-audiences	chromecache_638.2.dr	false	Avira URL Cloud: safe	unknown
https://content.in-messages.invisionapp.com/agent/static/05702be8-88e5-4f89-628f-905192874137/pendo-	chromecache_474.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/AktivGroteskVF_Italics_W_Wght.woff2	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/home-ui-v7-static/home.7eb7aadbb8461a0333f6.js	chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
http://ecma-international.org/ecma-262/7.0/#sec-object.prototype.tostring)	chromecache_608.2.dr	false	URL Reputation: safe	unknown
https://nicolelynam513779.invisionapp.com/auth/sign-in?redirectTo=%2Fglobal-navigation-web%2Fv1%2Fre	chromecache_393.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/invproto-fe-static/invproto-fe.a25731557cffe53d7576.js	chromecache_355.2.dr, chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
https://help.invisionapp.com/hc/en-us/requests/new	chromecache_705.2.dr	false	Avira URL Cloud: safe	unknown
http://www.mozilla.com/en-US/firefox/all.html	chromecache_603.2.dr	false	Avira URL Cloud: safe	unknown
https://lea.verou.me	chromecache_362.2.dr	false	Avira URL Cloud: safe	unknown
https://consent.cookiebot.com/uc.js?cbid=	chromecache_631.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-Demi.woff	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
http://html4/loose.dtd	chromecache_498.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-pdf.worker.3a179d139c5	chromecache_355.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/illustrations/helios-plus/scene/no-screens-found.svg	chromecache_487.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-BookItalic.woff	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://ui-gateway-production.invisionapp-cdn.com/	chromecache_755.2.dr	false	Avira URL Cloud: safe	unknown
http://www.unicode.org/copyright.html	chromecache_498.2.dr	false	URL Reputation: safe	unknown
https://opensource.org/licenses/MIT	chromecache_362.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/spa/auth-ui-static/auth-ui.37078cb726bfa77d6a36.css	chromecache_354.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-BookItalic.woff2	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://projects.invisionapp.com	chromecache_678.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/fonts/Inv-MaisonNeue-DemiItalic.woff	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/illustrations/helios-plus/scene/no-spaces-to-view.svg	chromecache_487.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/favicons/default/favicon-16x16.png	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/js/cloud-global-async.js	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
http://.css	chromecache_498.2.dr	false	Avira URL Cloud: safe	unknown
https://docs.swift.org/swift-book/ReferenceManual/LexicalStructure.html	chromecache_375.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-asset-processing.worke	chromecache_355.2.dr	false	Avira URL Cloud: safe	unknown
https://cloud.google.com/contact	chromecache_381.2.dr, chromecache_696.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/global/favicons/default/favicon.ico	chromecache_355.2.dr, chromecache_354.2.dr, chromecache_755.2.dr, chromecache_393.2.dr, chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://support.invisionapp.com	chromecache_705.2.dr	false	Avira URL Cloud: safe	unknown
https://static.invisionapp-cdn.com/global/js/cloud-global-pre-app-modules-synchronous.js	chromecache_372.2.dr	false	Avira URL Cloud: safe	unknown
https://fontawesome.com/license	chromecache_752.2.dr, chromecache_495.2.dr	false	URL Reputation: safe	unknown
https://static.invisionapp-cdn.com/spa/freehand-web-v7-static/freehand-web-v7-process-line.worker.a2	chromecache_355.2.dr	false	Avira URL Cloud: safe	unknown
http://www.jacklmoore.com/autosize	chromecache_362.2.dr	false	URL Reputation: safe	unknown
http://www.google.com/chrome	chromecache_603.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/	chromecache_381.2.dr, chromecache_696.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.228	unknown	United States	15169	GOOGLEUS	false
2.18.64.26	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
172.217.16.138	unknown	United States	15169	GOOGLEUS	false
104.17.152.91	unknown	United States	13335	CLOUDFLARENETUS	false
104.18.187.31	unknown	United States	13335	CLOUDFLARENETUS	false
35.160.35.184	unknown	United States	16509	AMAZON-02US	false
108.138.7.111	unknown	United States	16509	AMAZON-02US	false
18.239.94.55	unknown	United States	16509	AMAZON-02US	false
35.190.88.7	unknown	United States	15169	GOOGLEUS	false
13.227.222.191	unknown	United States	16509	AMAZON-02US	false
151.101.130.217	unknown	United States	54113	FASTLYUS	false
2.18.64.21	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
142.250.185.104	unknown	United States	15169	GOOGLEUS	false
18.239.36.44	unknown	United States	16509	AMAZON-02US	false
104.18.32.137	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.186.110	unknown	United States	15169	GOOGLEUS	false
142.250.184.227	unknown	United States	15169	GOOGLEUS	false
34.149.250.58	unknown	United States	2686	ATGS-MMD-ASUS	false
104.18.7.159	unknown	United States	13335	CLOUDFLARENETUS	false
88.221.110.136	unknown	European Union	20940	AKAMAI-ASN1EU	false
52.222.236.103	unknown	United States	16509	AMAZON-02US	false
142.250.186.35	unknown	United States	15169	GOOGLEUS	false
142.250.186.34	unknown	United States	15169	GOOGLEUS	false
13.32.110.26	unknown	United States	16509	AMAZON-02US	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
104.18.87.42	unknown	United States	13335	CLOUDFLARENETUS	false
18.239.94.85	unknown	United States	16509	AMAZON-02US	false
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
18.245.175.78	unknown	United States	16509	AMAZON-02US	false
74.125.133.84	unknown	United States	15169	GOOGLEUS	false
104.16.224.185	unknown	United States	13335	CLOUDFLARENETUS	false
216.239.32.181	unknown	United States	15169	GOOGLEUS	false
142.250.185.232	unknown	United States	15169	GOOGLEUS	false
13.224.189.43	unknown	United States	16509	AMAZON-02US	false
13.107.42.14	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.18.6.159	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.224.189.90	unknown	United States	16509	AMAZON-02US	false
172.217.23.100	unknown	United States	15169	GOOGLEUS	false
65.9.66.45	unknown	United States	16509	AMAZON-02US	false
23.55.225.27	unknown	United States	16625	AKAMAI-ASUS	false
34.228.93.186	unknown	United States	14618	AMAZON-AESUS	false
88.221.110.227	unknown	European Union	20940	AKAMAI-ASN1EU	false
157.240.253.35	unknown	United States	32934	FACEBOOKUS	false
142.250.186.40	unknown	United States	15169	GOOGLEUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
18.66.102.51	unknown	United States	3	MIT-GATEWAYSUS	false
104.18.26.50	unknown	United States	13335	CLOUDFLARENETUS	false
64.233.167.157	unknown	United States	15169	GOOGLEUS	false
52.222.236.5	unknown	United States	16509	AMAZON-02US	false
216.58.206.74	unknown	United States	15169	GOOGLEUS	false
35.186.205.6	unknown	United States	15169	GOOGLEUS	false
152.195.15.58	unknown	United States	15133	EDGECASTUS	false
216.58.206.72	unknown	United States	15169	GOOGLEUS	false
151.101.129.229	unknown	United States	54113	FASTLYUS	false
216.58.206.78	unknown	United States	15169	GOOGLEUS	false
172.217.23.106	unknown	United States	15169	GOOGLEUS	false
34.36.213.229	unknown	United States	2686	ATGS-MMD-ASUS	false
64.233.184.155	unknown	United States	15169	GOOGLEUS	false
108.138.7.16	unknown	United States	16509	AMAZON-02US	false
185.199.111.133	unknown	Netherlands	54113	FASTLYUS	false
157.240.0.6	unknown	United States	32934	FACEBOOKUS	false
108.156.60.88	unknown	United States	16509	AMAZON-02US	false
52.21.69.248	unknown	United States	14618	AMAZON-AESUS	false
44.240.52.117	unknown	United States	16509	AMAZON-02US	false
151.101.194.217	unknown	United States	54113	FASTLYUS	false
13.227.219.28	unknown	United States	16509	AMAZON-02US	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
216.58.212.130	unknown	United States	15169	GOOGLEUS	false
157.240.252.35	unknown	United States	32934	FACEBOOKUS	false
216.239.36.178	unknown	United States	15169	GOOGLEUS	false
104.18.27.50	unknown	United States	13335	CLOUDFLARENETUS	false
18.164.52.73	unknown	United States	3	MIT-GATEWAYSUS	false
142.250.184.202	unknown	United States	15169	GOOGLEUS	false
104.17.153.91	unknown	United States	13335	CLOUDFLARENETUS	false
23.45.111.185	unknown	United States	20940	AKAMAI-ASN1EU	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
108.156.64.41	unknown	United States	16509	AMAZON-02US	false
2.18.64.31	unknown	European Union	6057	AdministracionNacionaldeTelecomunicacionesUY	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
3.165.206.73	unknown	United States	16509	AMAZON-02US	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
157.240.251.9	unknown	United States	32934	FACEBOOKUS	false
142.250.181.227	unknown	United States	15169	GOOGLEUS	false
151.101.2.217	unknown	United States	54113	FASTLYUS	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
104.18.86.42	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.186.66	unknown	United States	15169	GOOGLEUS	false
142.250.185.98	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1501424
Start date and time:	2024-08-29 22:10:12 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 48s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean4.win@28/659@0/91
Cookbook Comments:	Browse: https://uizard.io/invision/ Browse: https://support.invisionapp.com/ Browse: https://support.invisionapp.com/hc/en-us/articles/360018325232-Freehand-online-whiteboard-technological-requirements Browse: https://nicolelynam513779.invisionapp.com/

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21229)
Category:	downloaded
Size (bytes):	21230
Entropy (8bit):	5.307556199296145
Encrypted:	false
SSDEEP:	384:TRFZ2wWtdbD5ABwXwLrekrff8eTr+x5RxMc9n9LuJ4vV/:T8wAD5ABwXw+krfflyxzxVn9D/
MD5:	692A3714ECE78CEE4017020F5B18A203
SHA1:	56333F0F458776357A95BA474307C271DEC92280
SHA-256:	50377D1D3E7DCB2C8298FEB8D2505099DF1957E3700A358B993B4CF443FD36E8
SHA-512:	3AABA5FD4732DD120188F11C41A0D71C65B6C4C3AE6D0AB09B86D8491DB8F2F1658377F87CF2705D8764F55135F45D903C6CF5B40A95085E026FE69C1546BEA4
Malicious:	false
Reputation:	low
URL:	https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Preview:	var OneTrustStub=function(t){"use strict";var a,o,p=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.vendorsServiceData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(m=g=g\|\|{})[m.Days=1]="Days",m[m.Weeks=7]="Weeks",m[m.Months=30]="Months",m[m.Years=365]="Years",(m=i=i\|\|{}).Name="OTGPPConsent",m[m.ChunkSize=4e3]="ChunkSize

Target ID:	0
Start time:	16:11:00
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	16:11:04
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	16:11:07
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Target ID:	5
Start time:	16:11:17
Start date:	29/08/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 --field-trial-handle=2284,i,1964589873820378783,11462143405725404331,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Description:	Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring Application Access Token .
Tactics:	Initial Access
Data Sources:	Application Log: Application Log Content, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Process: Process Creation
Platforms:	Linux, macOS, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Category:	downloaded
Size (bytes):	663994
Entropy (8bit):	5.484916201296558
Encrypted:	false
SSDEEP:	6144:qKQZVRM0XcxhT7HxI39l8RVXoD6rAj2CgDAdaatY5vxhVf:bQZn3XcxhT1M9l8RpoiAj2o9tY5vxhl
MD5:	F74CA06C68A5DB3BEB32012A83334649
SHA1:	CA28ACEC139A57516DBF40F81F456E672140097D
SHA-256:	332723FAB8E5871B5222F3AE36E2FF551E056562B829B599A3CED9E089F42DC8
SHA-512:	983B1B58D359591522506C7D99A6FF1F04DE14F07F4EA13EFCF546E9841B9861FBEF8116928F60185A11A66F0728DD7A37E1D1141F02F9DCEFD80CF99F4EE872
Malicious:	false
Reputation:	low
URL:	https://static.invisionapp-cdn.com/spa/global-navigation-static/global-navigation.5cc6818c1a7e880293c7.js
Preview:	!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{configurable:!1,enumerable:!0,get:r})},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=168)}([function(e,t,n){(t=e.exports=n(3)(void 0)).push([e.i,"\n",""]),t.locals={"bezier-in":"cubic-bezier(0.94, 0.01, 0.83, 0.86)",bezierIn:"cubic-bezier(0.94, 0.01, 0.83, 0.86)","bezier-out":"cubic-bezier(0.2, 0.91, 0.85, 0.96)",bezierOut:"cubic-bezier(0.2, 0.91, 0.85, 0.96)","bezier-in-out":"cubic-bezier(0.82, 0.09, 0.4, 0.92)",bezierInOut:"cubic-bezier(0.82, 0.09, 0.4, 0.92)","bezier-bounce":"cubic-bezier(0.68, -0.28, 0.18, 1.26)",bezierBounce:"cubic-bezier(0.68, -0.28, 0.18, 1.26)","color-brand":"#e9005d",colorBrand:"#e9005d","color-b

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (821)
Category:	downloaded
Size (bytes):	69820
Entropy (8bit):	5.263217427628204
Encrypted:	false
SSDEEP:	1536:tQetyqF8hMwnllbIMV6fPQ3no7k0Dnq6Qke7:M6fPYo7Zq6Qke7
MD5:	7999D47728860B2E9D239FE00C95DE4D
SHA1:	55CF51133A7A639240275A31B9B30F65C744BB67
SHA-256:	05A94C819CC60A511F5973D31B1D5BB9B2891C57CFECA9A2C9348E964D87BA43
SHA-512:	F3986EFECDB3FBF88974A88A403EBCAF49BF5F239159B7A01A0CA72AB346CC69850CD9A2AFD16A82AB02CC887B458F6B60688962C6E5E1F6C71AEAD6EC023812
Malicious:	false
Reputation:	low
URL:	https://nicolelynam513779.invisionapp.com/gsp/spa/freehand-web-v7-static/assets/widgets/buzzer.d3275255d201a61b25b0.widget
Preview:	/{. "apiLevel": 1,. "env": "prelude".}/."use strict";.const BLACK$1 = freehand.canvas.Color(0, 0, 0, 1);.const WHITE$1 = freehand.canvas.Color(1, 1, 1, 1);.freehand.canvas.Color.fromHex('#FAFAFA');.const MAGENTA = freehand.canvas.Color(1, 0, 1, 1);.freehand.canvas.Color.fromHex('#F0F0F0');.freehand.canvas.Color.fromHex('#101010');.freehand.canvas.Color.fromHex('#E20000');.freehand.canvas.Color.fromHex('#4EAE53');.freehand.canvas.Color.fromHex('#006EC5');.freehand.canvas.Color.fromHex('#353CEE');.freehand.canvas.Color.fromHex('#FFA726');.freehand.canvas.Color.fromHex('#FF7043');.freehand.canvas.Color.fromHex('#F7F7F8');.freehand.canvas.Color.fromHex('#D5D5D8');.freehand.canvas.Color.fromHex('#ececed');.freehand.canvas.Color.fromHex('#EAEAEB');.const WIDGET_ACCENT_COLORS = {. Yellow: { hex: '#FFDB1F', borderHex: '#E6C51C' },. Orange: { hex: '#FF9900', borderHex: '#E68A00' },. Green: { hex: '#68CF3B', borderHex: '#5dbb35' },. Pink: { hex: '#FF1E78', borderHex: '#e61b6c' },

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (46201)
Category:	dropped
Size (bytes):	46266
Entropy (8bit):	5.225428052953666
Encrypted:	false
SSDEEP:	768:6EBYC51Y2L1C93IY9cBGRdRNDJWmyr1ts+Ux5B7GYyCbkwTXkJw3X:6Y5bCdIYRHJWmYs+Ux5oFCRGwH
MD5:	1B592B26CD6AD8ECD1BDC2AD2C4225F1
SHA1:	944111E6B2AE109B637C3B93880600C9069F2099
SHA-256:	F09E34833CB121302C4499155662818EC419DE85B081718079659174309C8EEE
SHA-512:	9C2DBFF6CB0F9A9B15FCA126891D32DF35A71EE06046F3690BE1B4898A078A2D5BA7334753AD5FA179146259BE5BAC9B7AEAEC4D22B1D00C8465C1BF2991744B
Malicious:	false
Reputation:	low
Preview:	!function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=0)}([function(e,t,n){const r=n(1);n(4)({name:"bugsnag",getResourceInterface:function(){return

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Malware Analysis System Evasion

Anti Debugging

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 349

Chrome Cache Entry: 350

Chrome Cache Entry: 351

Chrome Cache Entry: 352

Chrome Cache Entry: 353

Chrome Cache Entry: 354

Chrome Cache Entry: 355

Chrome Cache Entry: 356

Chrome Cache Entry: 357

Chrome Cache Entry: 358

Chrome Cache Entry: 359

Chrome Cache Entry: 360

Chrome Cache Entry: 361

Chrome Cache Entry: 362

Chrome Cache Entry: 363

Chrome Cache Entry: 364

Chrome Cache Entry: 365

Chrome Cache Entry: 366

Chrome Cache Entry: 367

Chrome Cache Entry: 368

Chrome Cache Entry: 369

Chrome Cache Entry: 370

Chrome Cache Entry: 371

Chrome Cache Entry: 372

Chrome Cache Entry: 373

Chrome Cache Entry: 374

Chrome Cache Entry: 375

Chrome Cache Entry: 376

Windows Analysis Report
https://nicolelynam513779.invisionapp.com/freehand/KE-Design-LLC-24-22144---3LtuK81gj