Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    85s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/02/2023, 14:49 UTC

General

  • Target

    https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4616

Network

  • flag-us
    DNS
    gsmiweb-dot-yamm-track.appspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    gsmiweb-dot-yamm-track.appspot.com
    IN A
    Response
    gsmiweb-dot-yamm-track.appspot.com
    IN A
    142.251.36.20
  • flag-nl
    GET
    https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE
    IEXPLORE.EXE
    Remote address:
    142.251.36.20:443
    Request
    GET /24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE HTTP/2.0
    host: gsmiweb-dot-yamm-track.appspot.com
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 302
    set-cookie: JSESSIONID=8VyW-YRQ2CJIXB98OkuI-g;Path=/;Secure
    expires: Thu, 01 Jan 1970 00:00:00 GMT
    x-robots-tag: noindex, nofollow
    location: https://hubs.ly/Q01z7JvP0
    x-cloud-trace-context: 92fbda008d42a5f0518c1b82ae917d4b
    date: Wed, 08 Feb 2023 14:51:42 GMT
    content-type: text/html
    server: Google Frontend
    content-length: 0
    alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
  • flag-us
    DNS
    hubs.ly
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    hubs.ly
    IN A
    Response
    hubs.ly
    IN A
    104.17.140.200
    hubs.ly
    IN A
    104.17.142.200
    hubs.ly
    IN A
    104.17.141.200
    hubs.ly
    IN A
    104.17.144.200
    hubs.ly
    IN A
    104.17.143.200
  • flag-us
    GET
    https://hubs.ly/Q01z7JvP0
    IEXPLORE.EXE
    Remote address:
    104.17.142.200:443
    Request
    GET /Q01z7JvP0 HTTP/2.0
    host: hubs.ly
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 301
    date: Wed, 08 Feb 2023 14:51:58 GMT
    location: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
    x-trace: 2B7FBD93DCA66A06A5C885FECA654AFDDAA9422C16000000000000000000
    x-robots-tag: none
    link: <https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16>; rel="canonical"
    referrer-policy: no-referrer
    x-hubspot-correlation-id: 09613892-e8db-450a-860b-d63f3b6ab1c3
    access-control-allow-credentials: false
    vary: origin
    cf-cache-status: DYNAMIC
    server: cloudflare
    cf-ray: 79652fb8e85ab995-AMS
  • flag-us
    DNS
    app.hubspot.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    app.hubspot.com
    IN A
    Response
    app.hubspot.com
    IN A
    104.19.155.83
    app.hubspot.com
    IN A
    104.19.154.83
  • flag-us
    GET
    https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
    IEXPLORE.EXE
    Remote address:
    104.19.155.83:443
    Request
    GET /documents/3219216/view/473581441?accessId=b89f16 HTTP/2.0
    host: app.hubspot.com
    accept: text/html, application/xhtml+xml, image/jxr, */*
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Wed, 08 Feb 2023 14:51:58 GMT
    content-type: text/html; charset=utf-8
    cf-ray: 79652fbaad151cb0-AMS
    age: 74505
    cache-control: max-age=0, no-cache, no-store
    expires: Thu, 09 Feb 2023 14:51:58 GMT
    last-modified: Mon, 06 Feb 2023 16:38:19 GMT
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    vary: Accept-Encoding
    via: 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront)
    cf-cache-status: HIT
    content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net d.impactradius-event.com static.hotjar.com script.hotjar.com snap.licdn.com *.yahoo.co.jp s.yimg.jp www.gstatic.cn www.gstatic.com www.google.com cdn.pdst.fm googleads.g.doubleclick.net www.googleadservices.com; report-uri https://exceptions.hubspot.com/csp/report?resource=documents-ui/static-2.34662/html/view.html&cfRay=79652fbaad151cb0&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fdocuments%2F3219216%2Fview%2F473581441%3FaccessId%3Db89f16&referrer=&cfenv=prod&pdt=2023-02-08&csp=ro
    nel: {"report_to":"nel","max_age":86400}
    report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://exceptions.hubspot.com/csp/reports"}]}
    report-to: {"group":"nel","max_age":86400,"endpoints":[{"url":"https://nel.hsbrowserreports.com/browser/reporting/reports"}]}
    reporting-endpoints: default="https://exceptions.hubspot.com/csp/reports?cfRay=79652fbaad151cb0&resource=documents-ui/static-2.34662/html/view.html"
    x-amz-cf-id: Lr14iCPfrlSbGAbWwQQyk8Eq_hkOXiZ4GAMBVUT2dKPc9EcavbYZVQ==
    x-amz-cf-pop: AMS1-P1
    x-amz-replication-status: COMPLETED
    x-amz-server-side-encryption: AES256
    x-amz-version-id: R.6PGBZ.2A0f1Tl4huY7AudkwE611_d.
    x-cache: Hit from cloudfront
    x-hs-target-asset: documents-ui/static-2.34662/html/view.html
    x-hs-worker-debug-mode: false
    set-cookie: __cf_bm=zaE_N2JzONqlsBvjI7ozSBYGQVyEtlHuzvZRhdIb6fg-1675867918-0-AUpGYa91XGFFATILFHLSpqpAhhKbGwRfoUJlB+lF4iDPJBtwGreCFumVEXf9Bt5b/d+p2frMnjHfH2dPHJnHeEs=; path=/; expires=Wed, 08-Feb-23 15:21:58 GMT; domain=.hubspot.com; HttpOnly; Secure; SameSite=None
    server: cloudflare
    content-encoding: gzip
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    DNS
    static.hsappstatic.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static.hsappstatic.net
    IN A
    Response
    static.hsappstatic.net
    IN A
    104.17.7.210
    static.hsappstatic.net
    IN A
    104.17.8.210
    static.hsappstatic.net
    IN A
    104.17.9.210
    static.hsappstatic.net
    IN A
    104.17.5.210
    static.hsappstatic.net
    IN A
    104.17.6.210
  • flag-us
    GET
    https://static.hsappstatic.net/hubspot-dlb/static-1.352/bundle.production.js
    IEXPLORE.EXE
    Remote address:
    104.17.7.210:443
    Request
    GET /hubspot-dlb/static-1.352/bundle.production.js HTTP/2.0
    host: static.hsappstatic.net
    accept: application/javascript, */*;q=0.8
    referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    origin: https://app.hubspot.com
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Wed, 08 Feb 2023 14:51:58 GMT
    content-type: application/javascript
    access-control-allow-origin: https://app.hubspot.com
    access-control-allow-methods: GET
    access-control-max-age: 3000
    access-control-allow-credentials: true
    x-amz-replication-status: COMPLETED
    last-modified: Thu, 26 Jan 2023 17:07:33 GMT
    etag: W/"ad05b7da4f5b501dafa9768c8e784ff8"
    x-amz-server-side-encryption: AES256
    x-amz-version-id: lUmRJ.EMHGuGoOzmCmMes42qja_ehMGL
    content-encoding: gzip
    vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
    x-cache: Hit from cloudfront
    via: 1.1 ee47c4d401aca1a1f5c2ee96ce3267e4.cloudfront.net (CloudFront)
    x-amz-cf-pop: AMS1-P2
    x-amz-cf-id: yQjWjBUei-SjDh1JOUxssUSIa3n3PThrZ61JIgTkmSZGSdznBYBFJQ==
    age: 1111716
    cf-cache-status: HIT
    expires: Thu, 08 Feb 2024 14:51:58 GMT
    cache-control: public, max-age=31536000
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gG0CAS7C8LCbMW6xkcLzvwXcoTAp1VjWDXjXyoJWj6K0lR3OhiHwAueBH%2B6xwwMIQl3Lt6GdfOp1Z8Mi5EBUX0LDUeD44bkyKsyF0a3KDha8MptsWuETsYIJZfV2nJXSDvQD8vJJEk4%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    server: cloudflare
    cf-ray: 79652fbc6d7e1c8d-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://static.hsappstatic.net/head-dlb/static-1.256/bundle.production.js
    IEXPLORE.EXE
    Remote address:
    104.17.7.210:443
    Request
    GET /head-dlb/static-1.256/bundle.production.js HTTP/2.0
    host: static.hsappstatic.net
    accept: application/javascript, */*;q=0.8
    referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    origin: https://app.hubspot.com
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Wed, 08 Feb 2023 14:51:58 GMT
    content-type: application/javascript
    access-control-allow-origin: https://app.hubspot.com
    access-control-allow-methods: GET
    access-control-max-age: 3000
    access-control-allow-credentials: true
    x-amz-replication-status: COMPLETED
    last-modified: Mon, 06 Feb 2023 16:38:19 GMT
    etag: W/"2f0b36a207b60df852c52005babad8bd"
    x-amz-server-side-encryption: AES256
    x-amz-version-id: 2mTKvL06WRdu7XlkxD9MpnmYH_nBzo9m
    content-encoding: gzip
    vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
    x-cache: Hit from cloudfront
    via: 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront)
    x-amz-cf-pop: AMS1-P1
    x-amz-cf-id: NfTYP7XUFgHhSxuGgrhupvUNVnTErqdErIgiHfQ1o8_fv4CNgZtgvQ==
    age: 161129
    cf-cache-status: HIT
    expires: Thu, 08 Feb 2024 14:51:58 GMT
    cache-control: public, max-age=31536000
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wi8fUOn%2FyrqPcFxtyPMDquHpLbNVM5jip6%2B7WBAid15%2FmK%2FplDZ02Av3L1x7%2FDKxaTOAxn1kj8sWZLfBtX8k4DmVWmwvEX5QjKEDr7hxUQZHvi1qym6u6HReiJMps9QkYXRaHQpaLjA%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    server: cloudflare
    cf-ray: 79652fbc6d831c8d-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://static.hsappstatic.net/documents-ui/static-2.34662/sass/project.css
    IEXPLORE.EXE
    Remote address:
    104.17.7.210:443
    Request
    GET /documents-ui/static-2.34662/sass/project.css HTTP/2.0
    host: static.hsappstatic.net
    accept: text/css, */*
    referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Wed, 08 Feb 2023 14:51:58 GMT
    content-type: application/javascript
    access-control-allow-origin: https://app.hubspot.com
    access-control-allow-methods: GET
    access-control-max-age: 3000
    access-control-allow-credentials: true
    x-amz-replication-status: COMPLETED
    last-modified: Mon, 06 Feb 2023 14:43:35 GMT
    etag: W/"98f20ace2c61d6ecee311e3cafc3cacb"
    x-amz-server-side-encryption: AES256
    x-amz-version-id: 8sXzJglaK.95k6X86NALP1Mz.p5R00WR
    content-encoding: gzip
    vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
    x-cache: Hit from cloudfront
    via: 1.1 1c12254585d1d316d9380549d59e3c80.cloudfront.net (CloudFront)
    x-amz-cf-pop: FRA56-C2
    x-amz-cf-id: nw2O2nC-h0XxywtfYi8E92Lx3M7m42_Dztqg4Fs89dmzpqLoJy3M3Q==
    age: 170088
    cf-cache-status: HIT
    expires: Thu, 08 Feb 2024 14:51:58 GMT
    cache-control: public, max-age=31536000
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5r8AZBltblouWOkOIZtQRQIEgB3lL9mO6fnzmCILxKojWuLoVv9IygkRqxWwxb40UxbN398fdmtiW1fL1TFXSmnyOm2UOFuzOJpRfagbhxuCuA0YT%2FRgAMJRg80t293kUC%2Ba3l5aZs8%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    server: cloudflare
    cf-ray: 79652fbc6d801c8d-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://static.hsappstatic.net/documents-ui/static-2.34662/bundles/project-view.js
    IEXPLORE.EXE
    Remote address:
    104.17.7.210:443
    Request
    GET /documents-ui/static-2.34662/bundles/project-view.js HTTP/2.0
    host: static.hsappstatic.net
    accept: application/javascript, */*;q=0.8
    referer: https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
    accept-language: en-US
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    origin: https://app.hubspot.com
    accept-encoding: gzip, deflate
    Response
    HTTP/2.0 200
    date: Wed, 08 Feb 2023 14:51:58 GMT
    content-type: text/css
    x-amz-replication-status: COMPLETED
    last-modified: Mon, 06 Feb 2023 16:38:21 GMT
    etag: W/"d7864f62e4b14f0a4e3e5627a708ef21"
    x-amz-server-side-encryption: AES256
    x-amz-version-id: JY0f3IBvVPDkxfO8pzE2WJuS7.VPcHsT
    content-encoding: gzip
    vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
    x-cache: Hit from cloudfront
    via: 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront)
    x-amz-cf-pop: AMS1-P1
    x-amz-cf-id: Yu9vqRT-7zEkqkGkavmDM33XDFo7EoY-7HJ6g0j2m9RH9AcxeFtQ_A==
    age: 161082
    cf-cache-status: HIT
    expires: Thu, 08 Feb 2024 14:51:58 GMT
    cache-control: public, max-age=31536000
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TKrr859w7i%2B5400K29D84axCD%2Be3ZxN%2BZuFdNixSyCaHT%2Bqls5dUA2gmg4K6NC8%2Bll%2BcWgMsvWPF933ODBfhQsT%2BWtczAlQg%2FSlojq5r9%2FFeaG3P8EaFx3KGpH73AvZXTLlqfKrb6TI%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    server: cloudflare
    cf-ray: 79652fbc6d811c8d-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    GET
    https://static.hsappstatic.net/StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.png
    IEXPLORE.EXE
    Remote address:
    104.17.7.210:443
    Request
    GET /StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.png HTTP/2.0
    host: static.hsappstatic.net
    accept: */*
    accept-encoding: gzip, deflate
    user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Response
    HTTP/2.0 200
    date: Wed, 08 Feb 2023 14:51:59 GMT
    content-type: image/png
    content-length: 1157
    age: 501314
    cf-bgj: imgq:85,h2pri
    cf-polished: origSize=1386
    etag: "b29cd4fae32431fd350ffa1394aa4ee6"
    last-modified: Thu, 02 Feb 2023 18:53:28 GMT
    vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
    via: 1.1 027fb676af23e5e8545e552038c4e1b0.cloudfront.net (CloudFront)
    x-amz-cf-id: LdY0AXsETshjXOi6lVjRzb0MGFZKpFAh3Tf5tRL3Wtj84lBEwhikVw==
    x-amz-cf-pop: LHR50-P6
    x-cache: Hit from cloudfront
    x-amz-replication-status: COMPLETED
    x-amz-server-side-encryption: AES256
    x-amz-version-id: t1UTEQPjYm6TxF1VAC8MMkLFr..QdOyO
    cf-cache-status: HIT
    expires: Thu, 08 Feb 2024 14:51:59 GMT
    cache-control: public, max-age=31536000
    accept-ranges: bytes
    report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJmzokX%2FqGUte6hMy4keAInaxoHMaXfrvQSrrIA3PFV8fi4qbI%2BpQPmyyd2buyGxUFSiaeW1eOSjUYab3qKOjrzvsiQX7X0u76jiPb45%2FpsafC1P92DYBHpjj5Tdcx4rE13cQr3ioYo%3D"}],"group":"cf-nel","max_age":604800}
    nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    server: cloudflare
    cf-ray: 79652fc00ac11c8d-AMS
    alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
  • flag-us
    DNS
    97.97.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.97.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 142.251.36.20:443
    gsmiweb-dot-yamm-track.appspot.com
    IEXPLORE.EXE
    156 B
    3
  • 142.251.36.20:443
    https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE
    tls, http2
    IEXPLORE.EXE
    1.7kB
    6.6kB
    20
    16

    HTTP Request

    GET https://gsmiweb-dot-yamm-track.appspot.com/24WNud3XARhwmdTlyfiQui-7G0kpW0ILcydwypbZwv7e-A2ExhgFH0bfYQghHWdiSV3QNxLGRDASHGAWjGg7TK5-zLYRphUcFy0rBb36bb_JcIueI0fVtyQ_Yg4dKKhIjf2ZToPid0nmNsS7zZ9l6QJBUSg91g6ErmJF5xJsEpSuO_4JsmP42BcE

    HTTP Response

    302
  • 104.17.140.200:443
    hubs.ly
    IEXPLORE.EXE
    156 B
    3
  • 104.17.140.200:443
    hubs.ly
    tls, http2
    IEXPLORE.EXE
    774 B
    2.9kB
    9
    8
  • 104.17.142.200:443
    https://hubs.ly/Q01z7JvP0
    tls, http2
    IEXPLORE.EXE
    1.2kB
    3.7kB
    15
    10

    HTTP Request

    GET https://hubs.ly/Q01z7JvP0

    HTTP Response

    301
  • 104.19.155.83:443
    app.hubspot.com
    IEXPLORE.EXE
    156 B
    3
  • 104.19.155.83:443
    https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16
    tls, http2
    IEXPLORE.EXE
    2.4kB
    25.8kB
    40
    35

    HTTP Request

    GET https://app.hubspot.com/documents/3219216/view/473581441?accessId=b89f16

    HTTP Response

    200
  • 104.17.7.210:443
    static.hsappstatic.net
    IEXPLORE.EXE
    156 B
    3
  • 104.17.7.210:443
    static.hsappstatic.net
    tls, http2
    IEXPLORE.EXE
    1.0kB
    3.3kB
    13
    9
  • 104.17.7.210:443
    https://static.hsappstatic.net/StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.png
    tls, http2
    IEXPLORE.EXE
    11.0kB
    275.2kB
    217
    208

    HTTP Request

    GET https://static.hsappstatic.net/hubspot-dlb/static-1.352/bundle.production.js

    HTTP Request

    GET https://static.hsappstatic.net/head-dlb/static-1.256/bundle.production.js

    HTTP Request

    GET https://static.hsappstatic.net/documents-ui/static-2.34662/sass/project.css

    HTTP Request

    GET https://static.hsappstatic.net/documents-ui/static-2.34662/bundles/project-view.js

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://static.hsappstatic.net/StyleGuideUI/static-3.281/img/sprocket/favicon-32x32.png

    HTTP Response

    200
  • 104.17.7.210:443
    static.hsappstatic.net
    tls, http2
    IEXPLORE.EXE
    1.0kB
    3.3kB
    13
    9
  • 104.19.154.83:443
    app.hubspot.com
    tls, http2
    IEXPLORE.EXE
    1.1kB
    523 B
    11
    7
  • 104.17.8.210:443
    static.hsappstatic.net
    IEXPLORE.EXE
    156 B
    3
  • 40.125.122.151:443
    260 B
    5
  • 8.253.208.121:80
    322 B
    7
  • 8.253.208.121:80
    322 B
    7
  • 104.17.9.210:443
    static.hsappstatic.net
    IEXPLORE.EXE
    156 B
    3
  • 104.80.225.205:443
    322 B
    7
  • 20.189.173.12:443
    322 B
    7
  • 104.17.5.210:443
    static.hsappstatic.net
    tls, http2
    IEXPLORE.EXE
    1.1kB
    523 B
    11
    7
  • 8.253.208.121:80
    322 B
    7
  • 8.253.208.121:80
    322 B
    7
  • 8.253.208.121:80
    322 B
    7
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls, http2
    iexplore.exe
    1.2kB
    8.1kB
    15
    14
  • 8.8.8.8:53
    gsmiweb-dot-yamm-track.appspot.com
    dns
    IEXPLORE.EXE
    80 B
    96 B
    1
    1

    DNS Request

    gsmiweb-dot-yamm-track.appspot.com

    DNS Response

    142.251.36.20

  • 8.8.8.8:53
    hubs.ly
    dns
    IEXPLORE.EXE
    53 B
    133 B
    1
    1

    DNS Request

    hubs.ly

    DNS Response

    104.17.140.200
    104.17.142.200
    104.17.141.200
    104.17.144.200
    104.17.143.200

  • 8.8.8.8:53
    app.hubspot.com
    dns
    IEXPLORE.EXE
    61 B
    93 B
    1
    1

    DNS Request

    app.hubspot.com

    DNS Response

    104.19.155.83
    104.19.154.83

  • 8.8.8.8:53
    static.hsappstatic.net
    dns
    IEXPLORE.EXE
    68 B
    148 B
    1
    1

    DNS Request

    static.hsappstatic.net

    DNS Response

    104.17.7.210
    104.17.8.210
    104.17.9.210
    104.17.5.210
    104.17.6.210

  • 8.8.8.8:53
    97.97.242.52.in-addr.arpa
    dns
    71 B
    145 B
    1
    1

    DNS Request

    97.97.242.52.in-addr.arpa

  • 8.8.8.8:53
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
    204 B
    1
    1

    DNS Request

    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    7KB

    MD5

    2968bcd90aad32d12807327e658ee03e

    SHA1

    3c8f0451b90f22796b9d751cb12ab79b841d07d2

    SHA256

    c80150fe8977ac2587cbbdb4156835a2d3b57e87f6d40966659f785f16abd64f

    SHA512

    58d00c85e796bace1c47c86df71e589972583a14a4749a8195341aca7cc560a74abafd7246fb754c4c885a5a7c8509dd53c36a5a3f23f346621bbc11f08cd66e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F

    Filesize

    232B

    MD5

    8d1b481c24a885c4b6278e375bba646b

    SHA1

    5fc2618a7f610ca961935aa7173e3be5979efd94

    SHA256

    38965ffa39dff9769b140147ceec75cd67049af024abfd8a6d4f0a72113bea80

    SHA512

    86f92278161bd031774a050d366e04af4492c5e37902968cfd1ead095a9f203f13bd0c5334a45af778aa031de3e3d017a15de4d4e66f9d3d5fb0759e559d008b

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\xyoggsx\imagestore.dat

    Filesize

    1KB

    MD5

    dd47e52c07db61554329bcab3790fa9d

    SHA1

    3f26c966f7b0e3439ea944025fd7cfd3e656f072

    SHA256

    79b888f76d7fe18f6a32daf0ea63b2892c8f74a4e2d1b9a0aaceb6a694a3a3c3

    SHA512

    9a58a6383b462a469c66d091e999c5e03e2df15dccc55fadc0d7767821485166f4760e7b6688b790d70b0445661224472c36f549d6adb0f9695c54b6fb72015e

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.