Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
85s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
08/02/2023, 14:49 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE
Resource
win10v2004-20221111-en
General
-
Target
https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c974800000000020000000000106600000001000020000000e6b4542414dcddf43169532934250a224137b4c2ffc151d30f09c449bcce0760000000000e8000000002000020000000cc31059e696387c7b003289b4fdb40947ccaa087af2c15e8d378e8fd33d4b04920000000848bce8ce1be2d4bc8e4e860747c121992d9a8c8300502d2e001e80e026a7738400000002ded40f84db0af9d5b7a55bb59410e8cf429a6e099515463ce45915ad92310ad15487d1a91b2caf128dd792067276a7ae3ef4025c0cedf8904ca3e415939b7b1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{78CF4C2D-A7C8-11ED-919F-621DF61BAEF5} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e6851ef31fd3cf49b332bbb4721c974800000000020000000000106600000001000020000000f9f852083ee677b34b200cf54c46540ff5fec39ab703c927d2593f8e14f2f66d000000000e80000000020000200000008d388ad093e41bbeaad6b66dcfbd34d263fa12780b98ab81c53ae24f12bc07c0200000009a8c0044c974a32517180d06bdd3f93b0ab9b9833cff9c9c51819b67756ea2f8400000007827edeeea394828a9b2888f732b0d587713f2be567e9a34c61bfa29c44f228e9f8b57d9226543611f0339d31e066e31218f1ad3c41c26932bde449e847db6d7 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80da9758d53bd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "382636474" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90ae9058d53bd901 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 432 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 432 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 432 iexplore.exe 432 iexplore.exe 4616 IEXPLORE.EXE 4616 IEXPLORE.EXE 4616 IEXPLORE.EXE 4616 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 432 wrote to memory of 4616 432 iexplore.exe 79 PID 432 wrote to memory of 4616 432 iexplore.exe 79 PID 432 wrote to memory of 4616 432 iexplore.exe 79
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4616
-
Network
-
Remote address:8.8.8.8:53Requestgsmiweb-dot-yamm-track.appspot.comIN AResponsegsmiweb-dot-yamm-track.appspot.comIN A142.251.36.20
-
GEThttps://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcEIEXPLORE.EXERemote address:142.251.36.20:443RequestGET /24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE HTTP/2.0
host: gsmiweb-dot-yamm-track.appspot.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 302
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: noindex, nofollow
location: https://hubs.ly/Q01z7JvP0
x-cloud-trace-context: 92fbda008d42a5f0518c1b82ae917d4b
date: Wed, 08 Feb 2023 14:51:42 GMT
content-type: text/html
server: Google Frontend
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
-
Remote address:8.8.8.8:53Requesthubs.lyIN AResponsehubs.lyIN A104.17.140.200hubs.lyIN A104.17.142.200hubs.lyIN A104.17.141.200hubs.lyIN A104.17.144.200hubs.lyIN A104.17.143.200
-
Remote address:104.17.142.200:443RequestGET /Q01z7JvP0 HTTP/2.0
host: hubs.ly
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 301
location: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
x-trace: 2B7FBD93DCA66A06A5C885FECA654AFDDAA9422C16000000000000000000
x-robots-tag: none
link: <https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16>; rel="canonical"
referrer-policy: no-referrer
x-hubspot-correlation-id: 09613892-e8db-450a-860b-d63f3b6ab1c3
access-control-allow-credentials: false
vary: origin
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 79652fb8e85ab995-AMS
-
Remote address:8.8.8.8:53Requestapp.hubspot.comIN AResponseapp.hubspot.comIN A104.19.155.83app.hubspot.comIN A104.19.154.83
-
Remote address:104.19.155.83:443RequestGET /documents/3219216/view/473581441?accessId=b89f16 HTTP/2.0
host: app.hubspot.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: text/html; charset=utf-8
cf-ray: 79652fbaad151cb0-AMS
age: 74505
cache-control: max-age=0, no-cache, no-store
expires: Thu, 09 Feb 2023 14:51:58 GMT
last-modified: Mon, 06 Feb 2023 16:38:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
via: 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront)
cf-cache-status: HIT
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net d.impactradius-event.com static.hotjar.com script.hotjar.com snap.licdn.com *.yahoo.co.jp s.yimg.jp www.gstatic.cn www.gstatic.com www.google.com cdn.pdst.fm googleads.g.doubleclick.net www.googleadservices.com; report-uri https://exceptions.hubspot.com/csp/report?resource=documents-ui/static-2.34662/html/view.html&cfRay=79652fbaad151cb0&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fdocuments%2F3219216%2Fview%2F473581441%3FaccessId%3Db89f16&referrer=&cfenv=prod&pdt=2023-02-08&csp=ro
nel: {"report_to":"nel","max_age":86400}
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
report-to: {"group":"nel","max_age":86400,"endpoints":[{"url":"https://nel.hsbrowserreports.com/browser/reporting/reports"}]}
reporting-endpoints: default="https://exceptions.hubspot.com/csp/reports?cfRay=79652fbaad151cb0&resource=documents-ui/static-2.34662/html/view.html"
x-amz-cf-id: Lr14iCPfrlSbGAbWwQQyk8Eq_hkOXiZ4GAMBVUT2dKPc9EcavbYZVQ==
x-amz-cf-pop: AMS1-P1
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: R.6PGBZ.2A0f1Tl4huY7AudkwE611_d.
x-cache: Hit from cloudfront
x-hs-target-asset: documents-ui/static-2.34662/html/view.html
x-hs-worker-debug-mode: false
set-cookie: __cf_bm=zaE_N2JzONqlsBvjI7ozSBYGQVyEtlHuzvZRhdIb6fg-1675867918-0-AUpGYa91XGFFATILFHLSpqpAhhKbGwRfoUJlB+lF4iDPJBtwGreCFumVEXf9Bt5b/d+p2frMnjHfH2dPHJnHeEs=; path=/; expires=Wed, 08-Feb-23 15:21:58 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:8.8.8.8:53Requeststatic.hsappstatic.netIN AResponsestatic.hsappstatic.netIN A104.17.7.210static.hsappstatic.netIN A104.17.8.210static.hsappstatic.netIN A104.17.9.210static.hsappstatic.netIN A104.17.5.210static.hsappstatic.netIN A104.17.6.210
-
Remote address:104.17.7.210:443RequestGET /hubspot-dlb/static-1.352/bundle.production.js HTTP/2.0
host: static.hsappstatic.net
accept: application/javascript, */*;q=0.8
referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://app.hubspot.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
access-control-allow-methods: GET
access-control-max-age: 3000
access-control-allow-credentials: true
x-amz-replication-status: COMPLETED
last-modified: Thu, 26 Jan 2023 17:07:33 GMT
etag: W/"ad05b7da4f5b501dafa9768c8e784ff8"
x-amz-server-side-encryption: AES256
x-amz-version-id: lUmRJ.EMHGuGoOzmCmMes42qja_ehMGL
content-encoding: gzip
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 ee47c4d401aca1a1f5c2ee96ce3267e4.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P2
x-amz-cf-id: yQjWjBUei-SjDh1JOUxssUSIa3n3PThrZ61JIgTkmSZGSdznBYBFJQ==
age: 1111716
cf-cache-status: HIT
expires: Thu, 08 Feb 2024 14:51:58 GMT
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gG0CAS7C8LCbMW6xkcLzvwXcoTAp1VjWDXjXyoJWj6K0lR3OhiHwAueBH%2B6xwwMIQl3Lt6GdfOp1Z8Mi5EBUX0LDUeD44bkyKsyF0a3KDha8MptsWuETsYIJZfV2nJXSDvQD8vJJEk4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79652fbc6d7e1c8d-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:104.17.7.210:443RequestGET /head-dlb/static-1.256/bundle.production.js HTTP/2.0
host: static.hsappstatic.net
accept: application/javascript, */*;q=0.8
referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://app.hubspot.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
access-control-allow-methods: GET
access-control-max-age: 3000
access-control-allow-credentials: true
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Feb 2023 16:38:19 GMT
etag: W/"2f0b36a207b60df852c52005babad8bd"
x-amz-server-side-encryption: AES256
x-amz-version-id: 2mTKvL06WRdu7XlkxD9MpnmYH_nBzo9m
content-encoding: gzip
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: NfTYP7XUFgHhSxuGgrhupvUNVnTErqdErIgiHfQ1o8_fv4CNgZtgvQ==
age: 161129
cf-cache-status: HIT
expires: Thu, 08 Feb 2024 14:51:58 GMT
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wi8fUOn%2FyrqPcFxtyPMDquHpLbNVM5jip6%2B7WBAid15%2FmK%2FplDZ02Av3L1x7%2FDKxaTOAxn1kj8sWZLfBtX8k4DmVWmwvEX5QjKEDr7hxUQZHvi1qym6u6HReiJMps9QkYXRaHQpaLjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79652fbc6d831c8d-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:104.17.7.210:443RequestGET /documents-ui/static-2.34662/sass/project.css HTTP/2.0
host: static.hsappstatic.net
accept: text/css, */*
referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
access-control-allow-methods: GET
access-control-max-age: 3000
access-control-allow-credentials: true
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Feb 2023 14:43:35 GMT
etag: W/"98f20ace2c61d6ecee311e3cafc3cacb"
x-amz-server-side-encryption: AES256
x-amz-version-id: 8sXzJglaK.95k6X86NALP1Mz.p5R00WR
content-encoding: gzip
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 1c12254585d1d316d9380549d59e3c80.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: nw2O2nC-h0XxywtfYi8E92Lx3M7m42_Dztqg4Fs89dmzpqLoJy3M3Q==
age: 170088
cf-cache-status: HIT
expires: Thu, 08 Feb 2024 14:51:58 GMT
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5r8AZBltblouWOkOIZtQRQIEgB3lL9mO6fnzmCILxKojWuLoVv9IygkRqxWwxb40UxbN398fdmtiW1fL1TFXSmnyOm2UOFuzOJpRfagbhxuCuA0YT%2FRgAMJRg80t293kUC%2Ba3l5aZs8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79652fbc6d801c8d-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:104.17.7.210:443RequestGET /documents-ui/static-2.34662/bundles/project-view.js HTTP/2.0
host: static.hsappstatic.net
accept: application/javascript, */*;q=0.8
referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
origin: https://app.hubspot.com
accept-encoding: gzip, deflate
ResponseHTTP/2.0 200
content-type: text/css
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Feb 2023 16:38:21 GMT
etag: W/"d7864f62e4b14f0a4e3e5627a708ef21"
x-amz-server-side-encryption: AES256
x-amz-version-id: JY0f3IBvVPDkxfO8pzE2WJuS7.VPcHsT
content-encoding: gzip
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
x-amz-cf-id: Yu9vqRT-7zEkqkGkavmDM33XDFo7EoY-7HJ6g0j2m9RH9AcxeFtQ_A==
age: 161082
cf-cache-status: HIT
expires: Thu, 08 Feb 2024 14:51:58 GMT
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TKrr859w7i%2B5400K29D84axCD%2Be3ZxN%2BZuFdNixSyCaHT%2Bqls5dUA2gmg4K6NC8%2Bll%2BcWgMsvWPF933ODBfhQsT%2BWtczAlQg%2FSlojq5r9%2FFeaG3P8EaFx3KGpH73AvZXTLlqfKrb6TI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79652fbc6d811c8d-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
GEThttps://static.hsappstatic.net/StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.pngIEXPLORE.EXERemote address:104.17.7.210:443RequestGET /StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.png HTTP/2.0
host: static.hsappstatic.net
accept: */*
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
ResponseHTTP/2.0 200
content-type: image/png
content-length: 1157
age: 501314
cf-bgj: imgq:85,h2pri
cf-polished: origSize=1386
etag: "b29cd4fae32431fd350ffa1394aa4ee6"
last-modified: Thu, 02 Feb 2023 18:53:28 GMT
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
via: 1.1 027fb676af23e5e8545e552038c4e1b0.cloudfront.net (CloudFront)
x-amz-cf-id: LdY0AXsETshjXOi6lVjRzb0MGFZKpFAh3Tf5tRL3Wtj84lBEwhikVw==
x-amz-cf-pop: LHR50-P6
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: t1UTEQPjYm6TxF1VAC8MMkLFr..QdOyO
cf-cache-status: HIT
expires: Thu, 08 Feb 2024 14:51:59 GMT
cache-control: public, max-age=31536000
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJmzokX%2FqGUte6hMy4keAInaxoHMaXfrvQSrrIA3PFV8fi4qbI%2BpQPmyyd2buyGxUFSiaeW1eOSjUYab3qKOjrzvsiQX7X0u76jiPb45%2FpsafC1P92DYBHpjj5Tdcx4rE13cQr3ioYo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 79652fc00ac11c8d-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:8.8.8.8:53Request97.97.242.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestf.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
156 B 3
-
142.251.36.20:443https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcEtls, http2IEXPLORE.EXE1.7kB 6.6kB 20 16
HTTP Request
GET https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcEHTTP Response
302 -
156 B 3
-
774 B 2.9kB 9 8
-
1.2kB 3.7kB 15 10
HTTP Request
GET https://hubs.ly/Q01z7JvP0HTTP Response
301 -
156 B 3
-
104.19.155.83:443https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16tls, http2IEXPLORE.EXE2.4kB 25.8kB 40 35
HTTP Request
GET https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16HTTP Response
200 -
156 B 3
-
1.0kB 3.3kB 13 9
-
104.17.7.210:443https://static.hsappstatic.net/StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.pngtls, http2IEXPLORE.EXE11.0kB 275.2kB 217 208
HTTP Request
GET https://static.hsappstatic.net/hubspot-dlb/static-1.352/bundle.production.jsHTTP Request
GET https://static.hsappstatic.net/head-dlb/static-1.256/bundle.production.jsHTTP Request
GET https://static.hsappstatic.net/documents-ui/static-2.34662/sass/project.cssHTTP Request
GET https://static.hsappstatic.net/documents-ui/static-2.34662/bundles/project-view.jsHTTP Response
200HTTP Response
200HTTP Response
200HTTP Response
200HTTP Request
GET https://static.hsappstatic.net/StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.pngHTTP Response
200 -
1.0kB 3.3kB 13 9
-
1.1kB 523 B 11 7
-
156 B 3
-
260 B 5
-
322 B 7
-
322 B 7
-
156 B 3
-
322 B 7
-
322 B 7
-
1.1kB 523 B 11 7
-
322 B 7
-
322 B 7
-
322 B 7
-
1.2kB 8.1kB 15 14
-
80 B 96 B 1 1
DNS Request
gsmiweb-dot-yamm-track.appspot.com
DNS Response
142.251.36.20
-
53 B 133 B 1 1
DNS Request
hubs.ly
DNS Response
104.17.140.200104.17.142.200104.17.141.200104.17.144.200104.17.143.200
-
61 B 93 B 1 1
DNS Request
app.hubspot.com
DNS Response
104.19.155.83104.19.154.83
-
68 B 148 B 1 1
DNS Request
static.hsappstatic.net
DNS Response
104.17.7.210104.17.8.210104.17.9.210104.17.5.210104.17.6.210
-
71 B 145 B 1 1
DNS Request
97.97.242.52.in-addr.arpa
-
118 B 204 B 1 1
DNS Request
f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD52968bcd90aad32d12807327e658ee03e
SHA13c8f0451b90f22796b9d751cb12ab79b841d07d2
SHA256c80150fe8977ac2587cbbdb4156835a2d3b57e87f6d40966659f785f16abd64f
SHA51258d00c85e796bace1c47c86df71e589972583a14a4749a8195341aca7cc560a74abafd7246fb754c4c885a5a7c8509dd53c36a5a3f23f346621bbc11f08cd66e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
Filesize232B
MD58d1b481c24a885c4b6278e375bba646b
SHA15fc2618a7f610ca961935aa7173e3be5979efd94
SHA25638965ffa39dff9769b140147ceec75cd67049af024abfd8a6d4f0a72113bea80
SHA51286f92278161bd031774a050d366e04af4492c5e37902968cfd1ead095a9f203f13bd0c5334a45af778aa031de3e3d017a15de4d4e66f9d3d5fb0759e559d008b
-
Filesize
1KB
MD5dd47e52c07db61554329bcab3790fa9d
SHA13f26c966f7b0e3439ea944025fd7cfd3e656f072
SHA25679b888f76d7fe18f6a32daf0ea63b2892c8f74a4e2d1b9a0aaceb6a694a3a3c3
SHA5129a58a6383b462a469c66d091e999c5e03e2df15dccc55fadc0d7767821485166f4760e7b6688b790d70b0445661224472c36f549d6adb0f9695c54b6fb72015e