Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
98s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
09/05/2023, 14:30 UTC
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://capacitacionessat.actualizate.biz/login/change_password.php
Resource
win10v2004-20230221-en
General
-
Target
https://capacitacionessat.actualizate.biz/login/change_password.php
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1528 firefox.exe Token: SeDebugPrivilege 1528 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 1528 firefox.exe 1528 firefox.exe 1528 firefox.exe 1528 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 1528 firefox.exe 1528 firefox.exe 1528 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1528 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 2700 wrote to memory of 1528 2700 firefox.exe 83 PID 1528 wrote to memory of 1592 1528 firefox.exe 84 PID 1528 wrote to memory of 1592 1528 firefox.exe 84 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 3972 1528 firefox.exe 85 PID 1528 wrote to memory of 4872 1528 firefox.exe 86 PID 1528 wrote to memory of 4872 1528 firefox.exe 86 PID 1528 wrote to memory of 4872 1528 firefox.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://capacitacionessat.actualizate.biz/login/change_password.php1⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" https://capacitacionessat.actualizate.biz/login/change_password.php2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.0.210966857\724490073" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ba3c75-3a59-4119-9e67-8050eb8690a5} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 1908 18c9f4f1b58 gpu3⤵PID:1592
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.1.899910946\105016960" -parentBuildID 20221007134813 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4123d43-2558-40b5-b748-e71bb6185822} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 2416 18c92472b58 socket3⤵PID:3972
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.2.671690444\1056442021" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3036 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4cefff6-76b3-4065-8261-67f32b900b4d} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 3108 18ca3206758 tab3⤵PID:4872
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.3.1360885302\1565256855" -childID 2 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e4953f8-3696-4111-b823-d390a507a0c0} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4064 18ca45be758 tab3⤵PID:2536
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.5.1034083525\821767662" -childID 4 -isForBrowser -prefsHandle 5096 -prefMapHandle 5100 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec016e6c-7f3d-464a-8e31-6b46bd205dd8} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5084 18ca6680458 tab3⤵PID:4920
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.6.429551088\77889805" -childID 5 -isForBrowser -prefsHandle 5276 -prefMapHandle 5280 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1973222f-5453-4338-ac86-843cba5bd007} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 5268 18ca667f558 tab3⤵PID:4216
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.4.1189856924\557937899" -childID 3 -isForBrowser -prefsHandle 4948 -prefMapHandle 4944 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aabf16c3-3139-4c31-a4f1-7360318fe4a0} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4956 18ca5eb0858 tab3⤵PID:4904
-
-
Network
-
Remote address:8.8.8.8:53Request123.108.74.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestcapacitacionessat.actualizate.bizIN AResponsecapacitacionessat.actualizate.bizIN A104.21.41.218capacitacionessat.actualizate.bizIN A172.67.152.10
-
Remote address:104.21.41.218:443RequestGET /login/change_password.php HTTP/2.0
host: capacitacionessat.actualizate.biz
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
ResponseHTTP/2.0 303
content-type: text/html; charset=utf-8
location: https://capacitacionessat.actualizate.biz/login/index.php
set-cookie: MoodleSession=4o9dl7ipka37bm694o2c5e6jc5; path=/; secure
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-redirect-by: Moodle
content-language: es
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lcf7yDwLy8YIq%2BRD1oPHojHr%2BDLhdOyM%2BMPpMUGwzmmBgeWkuYP4mTCUfJX8fSaCEyV%2BLuaDEIm%2B1ia4vaX8%2Fbr8USB6T8LCHUqd9QGfsuZ3%2F7tW53wjKq1Xwl3yW7e0PpV5oLjBQk%2FfodIgk%2B3%2F6swzoO4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c4aa42caaf80eb2-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:104.21.41.218:443RequestGET /login/index.php HTTP/2.0
host: capacitacionessat.actualizate.biz
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
cookie: MoodleSession=4o9dl7ipka37bm694o2c5e6jc5
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers
ResponseHTTP/2.0 200
content-type: text/html; charset=utf-8
content-length: 7774
expires:
cache-control: private, pre-check=0, post-check=0, max-age=0, no-transform
pragma: no-cache
content-language: es
content-script-type: text/javascript
content-style-type: text/css
x-ua-compatible: IE=edge
accept-ranges: none
x-frame-options: sameorigin
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NaPNBIPS1PBA4XPzBHhdFNnoS2VvUx38%2FgeZSIDGFtG8LyjcTD6zvsXLrkleZpZ8zAXDWW2ONAhxA%2BxAjHwIJk8bs7CyETTtwuZ4w701IWdDbDwOuDy%2BzOK174hdCRBhrsKw43E6nkUY0ftwLddozzNTNwE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c4aa43068570eb2-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestcapacitacionessat.actualizate.bizIN AResponsecapacitacionessat.actualizate.bizIN A104.21.41.218capacitacionessat.actualizate.bizIN A172.67.152.10
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AResponsecontile.services.mozilla.comIN A34.117.237.239
-
Remote address:8.8.8.8:53Requestcapacitacionessat.actualizate.bizIN AAAAResponsecapacitacionessat.actualizate.bizIN AAAA2606:4700:3034::6815:29dacapacitacionessat.actualizate.bizIN AAAA2606:4700:3035::ac43:980a
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AResponsecontile.services.mozilla.comIN A34.117.237.239
-
Remote address:8.8.8.8:53Requestcontile.services.mozilla.comIN AAAAResponse
-
Remote address:8.8.8.8:53Requestgetpocket.cdn.mozilla.netIN AResponsegetpocket.cdn.mozilla.netIN CNAMEgetpocket-cdn.prod.mozaws.netgetpocket-cdn.prod.mozaws.netIN CNAMEprod.pocket.prod.cloudops.mozgcp.netprod.pocket.prod.cloudops.mozgcp.netIN A34.120.5.221
-
Remote address:8.8.8.8:53Requestprod.pocket.prod.cloudops.mozgcp.netIN AResponseprod.pocket.prod.cloudops.mozgcp.netIN A34.120.5.221
-
Remote address:34.117.237.239:443RequestGET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
-
GEThttps://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=IE&count=30firefox.exeRemote address:34.120.5.221:443RequestGET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=IE&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
-
Remote address:8.8.8.8:53Requestprod.pocket.prod.cloudops.mozgcp.netIN AAAAResponseprod.pocket.prod.cloudops.mozgcp.netIN AAAA2600:1901:0:524c::
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AResponsefirefox.settings.services.mozilla.comIN A34.149.100.209
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AResponsefirefox.settings.services.mozilla.comIN A34.149.100.209
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AAAAResponse
-
Remote address:8.8.8.8:53Requestshavar.services.mozilla.comIN AResponseshavar.services.mozilla.comIN CNAMEshavar.prod.mozaws.netshavar.prod.mozaws.netIN A54.148.16.146shavar.prod.mozaws.netIN A44.226.58.216shavar.prod.mozaws.netIN A54.149.70.91shavar.prod.mozaws.netIN A54.212.120.154shavar.prod.mozaws.netIN A52.42.197.123shavar.prod.mozaws.netIN A44.228.121.26
-
Remote address:8.8.8.8:53Requestpush.services.mozilla.comIN AResponsepush.services.mozilla.comIN CNAMEautopush.prod.mozaws.netautopush.prod.mozaws.netIN A34.117.65.55
-
Remote address:8.8.8.8:53Requestshavar.prod.mozaws.netIN AResponseshavar.prod.mozaws.netIN A52.42.197.123shavar.prod.mozaws.netIN A54.149.70.91shavar.prod.mozaws.netIN A44.226.58.216shavar.prod.mozaws.netIN A54.148.16.146shavar.prod.mozaws.netIN A44.228.121.26shavar.prod.mozaws.netIN A54.212.120.154
-
Remote address:8.8.8.8:53Requestautopush.prod.mozaws.netIN AResponseautopush.prod.mozaws.netIN A34.117.65.55
-
Remote address:8.8.8.8:53Requestshavar.prod.mozaws.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestautopush.prod.mozaws.netIN AAAAResponse
-
Remote address:34.117.65.55:443RequestGET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: piqzjMkdh2WCcIaeo8viIg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
ResponseHTTP/1.1 101 Switching Protocols
Upgrade: websocket
Sec-WebSocket-Accept: 8o+W2ZLqq6XlqSR39UpTO4fuEKA=
Date: Tue, 09 May 2023 14:30:36 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
-
Remote address:8.8.8.8:53Requestcontent-signature-2.cdn.mozilla.netIN AResponsecontent-signature-2.cdn.mozilla.netIN CNAMEcontent-signature-chains.prod.autograph.services.mozaws.netcontent-signature-chains.prod.autograph.services.mozaws.netIN CNAMEprod.content-signature-chains.prod.webservices.mozgcp.netprod.content-signature-chains.prod.webservices.mozgcp.netIN A34.160.144.191
-
Remote address:8.8.8.8:53Requestprod.content-signature-chains.prod.webservices.mozgcp.netIN AResponseprod.content-signature-chains.prod.webservices.mozgcp.netIN A34.160.144.191
-
Remote address:8.8.8.8:53Request218.41.21.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request239.237.117.34.in-addr.arpaIN PTRResponse239.237.117.34.in-addr.arpaIN PTR23923711734bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request221.5.120.34.in-addr.arpaIN PTRResponse221.5.120.34.in-addr.arpaIN PTR221512034bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request209.100.149.34.in-addr.arpaIN PTRResponse209.100.149.34.in-addr.arpaIN PTR20910014934bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request55.65.117.34.in-addr.arpaIN PTRResponse55.65.117.34.in-addr.arpaIN PTR556511734bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Requestprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAAResponseprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAA2600:1901:0:92a9::
-
Remote address:8.8.8.8:53Requestprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAAResponseprod.content-signature-chains.prod.webservices.mozgcp.netIN AAAA2600:1901:0:92a9::
-
Remote address:8.8.8.8:53Requestuse.fontawesome.comIN AResponseuse.fontawesome.comIN CNAMEuse.fontawesome.com.cdn.cloudflare.netuse.fontawesome.com.cdn.cloudflare.netIN A172.64.133.15use.fontawesome.com.cdn.cloudflare.netIN A172.64.132.15
-
Remote address:172.64.133.15:443RequestGET /releases/v6.1.1/css/all.css HTTP/2.0
host: use.fontawesome.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: text/css,*/*;q=0.1
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://capacitacionessat.actualizate.biz
referer: https://capacitacionessat.actualizate.biz/
sec-fetch-dest: style
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
ResponseHTTP/2.0 200
content-type: text/css
x-amz-id-2: uA8KFPc/COmt6X1UpA83LH3PKxhKdovccQJSIHtuMTHhyTucgCe/DAT9uxiSzFnmmseRWZvr024=
x-amz-request-id: 37W7TPQ8QNNF7SQ1
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 22 Mar 2022 15:39:36 GMT
etag: W/"6386fb409d4a2abc96eee7be8f6d4cc4"
cache-control: max-age=31556926
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btGnjtXSxf2%2FONFzttnAkr5G%2Be0eZPlQrRzm7wlUvLm%2BO7u4bER9keRXjmrhf6S8%2FYlkPqVRAExgGwPLnkDsgpaNyxiHHDtd2IiXxMdM6evPkEqzUG1l%2Bj5UKJNBmMTwk2PUNxPX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c4aa43528b3fa14-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
-
Remote address:8.8.8.8:53Requestuse.fontawesome.com.cdn.cloudflare.netIN AResponseuse.fontawesome.com.cdn.cloudflare.netIN A172.64.133.15use.fontawesome.com.cdn.cloudflare.netIN A172.64.132.15
-
Remote address:8.8.8.8:53Requestuse.fontawesome.com.cdn.cloudflare.netIN AResponseuse.fontawesome.com.cdn.cloudflare.netIN A172.64.133.15use.fontawesome.com.cdn.cloudflare.netIN A172.64.132.15
-
Remote address:8.8.8.8:53Requestuse.fontawesome.com.cdn.cloudflare.netIN AAAAResponseuse.fontawesome.com.cdn.cloudflare.netIN AAAA2606:4700:e2::ac40:840fuse.fontawesome.com.cdn.cloudflare.netIN AAAA2606:4700:e2::ac40:850f
-
Remote address:8.8.8.8:53Request146.16.148.54.in-addr.arpaIN PTRResponse146.16.148.54.in-addr.arpaIN PTRec2-54-148-16-146 us-west-2compute amazonawscom
-
Remote address:8.8.8.8:53Request191.144.160.34.in-addr.arpaIN PTRResponse191.144.160.34.in-addr.arpaIN PTR19114416034bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request191.144.160.34.in-addr.arpaIN PTRResponse191.144.160.34.in-addr.arpaIN PTR19114416034bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request15.133.64.172.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request106.208.58.216.in-addr.arpaIN PTRResponse106.208.58.216.in-addr.arpaIN PTRsof01s11-in-f1061e100net106.208.58.216.in-addr.arpaIN PTRams17s08-in-f10�J
-
Remote address:8.8.8.8:53Request200.179.250.142.in-addr.arpaIN PTRResponse200.179.250.142.in-addr.arpaIN PTRams15s42-in-f81e100net
-
Remote address:8.8.8.8:53Request131.179.250.142.in-addr.arpaIN PTRResponse131.179.250.142.in-addr.arpaIN PTRams17s10-in-f31e100net
-
Remote address:8.8.8.8:53Request206.23.217.172.in-addr.arpaIN PTRResponse206.23.217.172.in-addr.arpaIN PTRams16s37-in-f141e100net206.23.217.172.in-addr.arpaIN PTRprg03s05-in-f206�I206.23.217.172.in-addr.arpaIN PTRprg03s05-in-f14�I
-
Remote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestaus5.mozilla.orgIN AResponseaus5.mozilla.orgIN CNAMEbalrog-aus5.r53-2.services.mozilla.combalrog-aus5.r53-2.services.mozilla.comIN CNAMEprod.balrog.prod.cloudops.mozgcp.netprod.balrog.prod.cloudops.mozgcp.netIN A35.244.181.201
-
Remote address:8.8.8.8:53Requestprod.balrog.prod.cloudops.mozgcp.netIN AResponseprod.balrog.prod.cloudops.mozgcp.netIN A35.244.181.201
-
Remote address:8.8.8.8:53Requestprod.balrog.prod.cloudops.mozgcp.netIN AAAAResponse
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AResponsefirefox.settings.services.mozilla.comIN A34.149.100.209
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AAAAResponse
-
Remote address:8.8.8.8:53Requestfirefox.settings.services.mozilla.comIN AAAAResponse
-
Remote address:8.8.8.8:53Requestciscobinary.openh264.orgIN AResponseciscobinary.openh264.orgIN CNAMEa21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.comIN CNAMEa17.rackcdn.coma17.rackcdn.comIN CNAMEa17.rackcdn.com.mdc.edgesuite.neta17.rackcdn.com.mdc.edgesuite.netIN CNAMEa19.dscg10.akamai.neta19.dscg10.akamai.netIN A88.221.134.209a19.dscg10.akamai.netIN A88.221.134.155
-
Remote address:8.8.8.8:53Requestciscobinary.openh264.orgIN AResponseciscobinary.openh264.orgIN CNAMEa21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.comIN CNAMEa17.rackcdn.coma17.rackcdn.comIN CNAMEa17.rackcdn.com.mdc.edgesuite.neta17.rackcdn.com.mdc.edgesuite.netIN CNAMEa19.dscg10.akamai.neta19.dscg10.akamai.netIN A88.221.134.209a19.dscg10.akamai.netIN A88.221.134.155
-
GEThttp://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zipfirefox.exeRemote address:88.221.134.209:80RequestGET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Last-Modified: Thu, 04 May 2023 01:43:54 GMT
ETag: 85430baed3398695717b0263807cf97c
X-Timestamp: 1683164633.13950
Content-Type: application/zip
X-Trans-Id: tx99a5ede11a40436d821d4-00645648e7dfw1
Cache-Control: public, max-age=211572
Expires: Fri, 12 May 2023 01:17:26 GMT
Date: Tue, 09 May 2023 14:31:14 GMT
Connection: keep-alive
-
Remote address:8.8.8.8:53Requesta19.dscg10.akamai.netIN AResponsea19.dscg10.akamai.netIN A88.221.134.209a19.dscg10.akamai.netIN A88.221.134.155
-
Remote address:8.8.8.8:53Requesta19.dscg10.akamai.netIN AAAAResponsea19.dscg10.akamai.netIN AAAA2a02:26f0:a1::58dd:869ba19.dscg10.akamai.netIN AAAA2a02:26f0:a1::58dd:86d1
-
Remote address:8.8.8.8:53Requesta19.dscg10.akamai.netIN AAAAResponsea19.dscg10.akamai.netIN AAAA2a02:26f0:a1::58dd:869ba19.dscg10.akamai.netIN AAAA2a02:26f0:a1::58dd:86d1
-
Remote address:8.8.8.8:53Requestredirector.gvt1.comIN AResponseredirector.gvt1.comIN A216.58.208.110
-
Remote address:8.8.8.8:53Requestredirector.gvt1.comIN AResponseredirector.gvt1.comIN A216.58.208.110
-
Remote address:8.8.8.8:53Requestredirector.gvt1.comIN AResponseredirector.gvt1.comIN A216.58.208.110
-
Remote address:8.8.8.8:53Requestredirector.gvt1.comIN AAAAResponseredirector.gvt1.comIN AAAA2a00:1450:400e:80e::200e
-
Remote address:8.8.8.8:53Requestredirector.gvt1.comIN AAAAResponseredirector.gvt1.comIN AAAA2a00:1450:400e:80e::200e
-
Remote address:8.8.8.8:53Requestr2---sn-4g5edndr.gvt1.comIN AResponser2---sn-4g5edndr.gvt1.comIN CNAMEr2.sn-4g5edndr.gvt1.comr2.sn-4g5edndr.gvt1.comIN A172.217.133.231
-
Remote address:8.8.8.8:53Request201.181.244.35.in-addr.arpaIN PTRResponse201.181.244.35.in-addr.arpaIN PTR20118124435bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request209.134.221.88.in-addr.arpaIN PTRResponse209.134.221.88.in-addr.arpaIN PTRa88-221-134-209deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request209.134.221.88.in-addr.arpaIN PTRResponse209.134.221.88.in-addr.arpaIN PTRa88-221-134-209deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request110.208.58.216.in-addr.arpaIN PTRResponse110.208.58.216.in-addr.arpaIN PTRams17s08-in-f141e100net110.208.58.216.in-addr.arpaIN PTRsof01s11-in-f110�I
-
Remote address:8.8.8.8:53Requestr2.sn-4g5edndr.gvt1.comIN AResponser2.sn-4g5edndr.gvt1.comIN A172.217.133.231
-
Remote address:8.8.8.8:53Requestr2.sn-4g5edndr.gvt1.comIN AAAAResponser2.sn-4g5edndr.gvt1.comIN AAAA2a00:1450:4001:24::7
-
Remote address:8.8.8.8:53Request231.133.217.172.in-addr.arpaIN PTRResponse231.133.217.172.in-addr.arpaIN PTRfra16s68-in-f71e100net
-
Remote address:8.8.8.8:53Requestfirefox-settings-attachments.cdn.mozilla.netIN AResponsefirefox-settings-attachments.cdn.mozilla.netIN CNAMEfennec-catalog-cdn.prod.mozaws.netfennec-catalog-cdn.prod.mozaws.netIN A34.117.121.53
-
Remote address:8.8.8.8:53Requestfennec-catalog-cdn.prod.mozaws.netIN AResponsefennec-catalog-cdn.prod.mozaws.netIN A34.117.121.53
-
Remote address:8.8.8.8:53Requestfennec-catalog-cdn.prod.mozaws.netIN AAAAResponse
-
Remote address:8.8.8.8:53Request53.121.117.34.in-addr.arpaIN PTRResponse53.121.117.34.in-addr.arpaIN PTR5312111734bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request53.121.117.34.in-addr.arpaIN PTRResponse53.121.117.34.in-addr.arpaIN PTR5312111734bcgoogleusercontentcom
-
Remote address:8.8.8.8:53Request73.254.224.20.in-addr.arpaIN PTRResponse
-
-
2.1kB 17.2kB 18 27
HTTP Request
GET https://capacitacionessat.actualizate.biz/login/change_password.phpHTTP Response
303HTTP Request
GET https://capacitacionessat.actualizate.biz/login/index.phpHTTP Response
200 -
1.7kB 7.2kB 14 16
HTTP Request
GET https://contile.services.mozilla.com/v1/tiles -
34.120.5.221:443https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=IE&count=30tls, http2firefox.exe2.2kB 54.6kB 22 48
HTTP Request
GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US®ion=IE&count=30 -
2.0kB 7.6kB 19 25
-
2.2kB 4.1kB 10 9
-
1.9kB 6.1kB 10 12
HTTP Request
GET https://push.services.mozilla.com/HTTP Response
101 -
7.5kB 33.8kB 64 102
-
1.9kB 29.0kB 17 31
HTTP Request
GET https://use.fontawesome.com/releases/v6.1.1/css/all.cssHTTP Response
200 -
-
260 B 5
-
18.0kB 1.2MB 258 949
-
322 B 7
-
322 B 7
-
1.4kB 5.5kB 11 13
-
88.221.134.209:80http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.ziphttpfirefox.exe4.1kB 467.2kB 82 342
HTTP Request
GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zipHTTP Response
200 -
322 B 7
-
322 B 7
-
1.5kB 8.9kB 15 19
-
73.9kB 8.7MB 1460 6253
-
1.0kB 5.3kB 11 10
-
1.0kB 5.3kB 11 10
-
322.7kB 3.6MB 2924 5189
-
1.0kB 5.3kB 11 10
-
1.0kB 5.3kB 11 10
-
1.1kB 5.3kB 12 10
-
260 B 5
-
322 B 7
-
260 B 5
-
156 B 3
-
72 B 146 B 1 1
DNS Request
123.108.74.40.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
79 B 111 B 1 1
DNS Request
capacitacionessat.actualizate.biz
DNS Response
104.21.41.218172.67.152.10
-
79 B 111 B 1 1
DNS Request
capacitacionessat.actualizate.biz
DNS Response
104.21.41.218172.67.152.10
-
74 B 90 B 1 1
DNS Request
contile.services.mozilla.com
DNS Response
34.117.237.239
-
79 B 135 B 1 1
DNS Request
capacitacionessat.actualizate.biz
DNS Response
2606:4700:3034::6815:29da2606:4700:3035::ac43:980a
-
74 B 90 B 1 1
DNS Request
contile.services.mozilla.com
DNS Response
34.117.237.239
-
74 B 155 B 1 1
DNS Request
contile.services.mozilla.com
-
71 B 174 B 1 1
DNS Request
getpocket.cdn.mozilla.net
DNS Response
34.120.5.221
-
82 B 98 B 1 1
DNS Request
prod.pocket.prod.cloudops.mozgcp.net
DNS Response
34.120.5.221
-
82 B 110 B 1 1
DNS Request
prod.pocket.prod.cloudops.mozgcp.net
DNS Response
2600:1901:0:524c::
-
83 B 99 B 1 1
DNS Request
firefox.settings.services.mozilla.com
DNS Response
34.149.100.209
-
83 B 99 B 1 1
DNS Request
firefox.settings.services.mozilla.com
DNS Response
34.149.100.209
-
83 B 167 B 1 1
DNS Request
firefox.settings.services.mozilla.com
-
73 B 205 B 1 1
DNS Request
shavar.services.mozilla.com
DNS Response
54.148.16.14644.226.58.21654.149.70.9154.212.120.15452.42.197.12344.228.121.26
-
71 B 125 B 1 1
DNS Request
push.services.mozilla.com
DNS Response
34.117.65.55
-
68 B 164 B 1 1
DNS Request
shavar.prod.mozaws.net
DNS Response
52.42.197.12354.149.70.9144.226.58.21654.148.16.14644.228.121.2654.212.120.154
-
70 B 86 B 1 1
DNS Request
autopush.prod.mozaws.net
DNS Response
34.117.65.55
-
68 B 153 B 1 1
DNS Request
shavar.prod.mozaws.net
-
70 B 155 B 1 1
DNS Request
autopush.prod.mozaws.net
-
2.3kB 6.0kB 8 10
-
81 B 235 B 1 1
DNS Request
content-signature-2.cdn.mozilla.net
DNS Response
34.160.144.191
-
103 B 119 B 1 1
DNS Request
prod.content-signature-chains.prod.webservices.mozgcp.net
DNS Response
34.160.144.191
-
72 B 134 B 1 1
DNS Request
218.41.21.104.in-addr.arpa
-
73 B 126 B 1 1
DNS Request
239.237.117.34.in-addr.arpa
-
71 B 122 B 1 1
DNS Request
221.5.120.34.in-addr.arpa
-
73 B 126 B 1 1
DNS Request
209.100.149.34.in-addr.arpa
-
71 B 122 B 1 1
DNS Request
55.65.117.34.in-addr.arpa
-
206 B 262 B 2 2
DNS Request
prod.content-signature-chains.prod.webservices.mozgcp.net
DNS Response
2600:1901:0:92a9::
DNS Request
prod.content-signature-chains.prod.webservices.mozgcp.net
DNS Response
2600:1901:0:92a9::
-
22.6kB 2.0MB 148 1674
-
65 B 149 B 1 1
DNS Request
use.fontawesome.com
DNS Response
172.64.133.15172.64.132.15
-
168 B 232 B 2 2
DNS Request
use.fontawesome.com.cdn.cloudflare.net
DNS Response
172.64.133.15172.64.132.15
DNS Request
use.fontawesome.com.cdn.cloudflare.net
DNS Response
172.64.133.15172.64.132.15
-
84 B 140 B 1 1
DNS Request
use.fontawesome.com.cdn.cloudflare.net
DNS Response
2606:4700:e2::ac40:840f2606:4700:e2::ac40:850f
-
72 B 135 B 1 1
DNS Request
146.16.148.54.in-addr.arpa
-
146 B 252 B 2 2
DNS Request
191.144.160.34.in-addr.arpa
DNS Request
191.144.160.34.in-addr.arpa
-
72 B 134 B 1 1
DNS Request
15.133.64.172.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
106.208.58.216.in-addr.arpa
-
74 B 112 B 1 1
DNS Request
200.179.250.142.in-addr.arpa
-
1.9kB 8.8kB 6 13
-
74 B 112 B 1 1
DNS Request
131.179.250.142.in-addr.arpa
-
73 B 173 B 1 1
DNS Request
206.23.217.172.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
209.205.72.20.in-addr.arpa
-
62 B 180 B 1 1
DNS Request
aus5.mozilla.org
DNS Response
35.244.181.201
-
82 B 98 B 1 1
DNS Request
prod.balrog.prod.cloudops.mozgcp.net
DNS Response
35.244.181.201
-
82 B 175 B 1 1
DNS Request
prod.balrog.prod.cloudops.mozgcp.net
-
83 B 99 B 1 1
DNS Request
firefox.settings.services.mozilla.com
DNS Response
34.149.100.209
-
166 B 334 B 2 2
DNS Request
firefox.settings.services.mozilla.com
DNS Request
firefox.settings.services.mozilla.com
-
140 B 572 B 2 2
DNS Request
ciscobinary.openh264.org
DNS Request
ciscobinary.openh264.org
DNS Response
88.221.134.20988.221.134.155
DNS Response
88.221.134.20988.221.134.155
-
67 B 99 B 1 1
DNS Request
a19.dscg10.akamai.net
DNS Response
88.221.134.20988.221.134.155
-
134 B 246 B 2 2
DNS Request
a19.dscg10.akamai.net
DNS Request
a19.dscg10.akamai.net
DNS Response
2a02:26f0:a1::58dd:869b2a02:26f0:a1::58dd:86d1
DNS Response
2a02:26f0:a1::58dd:869b2a02:26f0:a1::58dd:86d1
-
130 B 162 B 2 2
DNS Request
redirector.gvt1.com
DNS Request
redirector.gvt1.com
DNS Response
216.58.208.110
DNS Response
216.58.208.110
-
65 B 81 B 1 1
DNS Request
redirector.gvt1.com
DNS Response
216.58.208.110
-
130 B 186 B 2 2
DNS Request
redirector.gvt1.com
DNS Request
redirector.gvt1.com
DNS Response
2a00:1450:400e:80e::200e
DNS Response
2a00:1450:400e:80e::200e
-
3.2kB 9.5kB 7 10
-
71 B 116 B 1 1
DNS Request
r2---sn-4g5edndr.gvt1.com
DNS Response
172.217.133.231
-
73 B 126 B 1 1
DNS Request
201.181.244.35.in-addr.arpa
-
146 B 278 B 2 2
DNS Request
209.134.221.88.in-addr.arpa
DNS Request
209.134.221.88.in-addr.arpa
-
73 B 143 B 1 1
DNS Request
110.208.58.216.in-addr.arpa
-
69 B 85 B 1 1
DNS Request
r2.sn-4g5edndr.gvt1.com
DNS Response
172.217.133.231
-
69 B 97 B 1 1
DNS Request
r2.sn-4g5edndr.gvt1.com
DNS Response
2a00:1450:4001:24::7
-
1.9kB 6.5kB 6 8
-
74 B 112 B 1 1
DNS Request
231.133.217.172.in-addr.arpa
-
90 B 151 B 1 1
DNS Request
firefox-settings-attachments.cdn.mozilla.net
DNS Response
34.117.121.53
-
80 B 96 B 1 1
DNS Request
fennec-catalog-cdn.prod.mozaws.net
DNS Response
34.117.121.53
-
80 B 165 B 1 1
DNS Request
fennec-catalog-cdn.prod.mozaws.net
-
144 B 248 B 2 2
DNS Request
53.121.117.34.in-addr.arpa
DNS Request
53.121.117.34.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
73.254.224.20.in-addr.arpa
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
Filesize151KB
MD556710c08d563d7883d5fea807dc1169c
SHA179b74b4a54da3cd599a09a13fc2f45ea4f678267
SHA25680115f9b87824e9069b1c13bfe4547287c5064f19c774c06eaa0f10043d3939f
SHA5126f1d388418c8dde93014513d74689f05a928505c69186700d6d77f2c233672f425a407c58c47c4be6bde91610f444057543cfab45d7240b426a0b4af4b43bd98
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
Filesize14KB
MD59ce76d7e288303604ebc3d47554156e7
SHA1c35cc33e5cc6a1e725a5f6e4a2c17f1b9cd99d85
SHA256f17388925b0ec71d261d998959ce489c8bb032f058d2148cf944ae225be45667
SHA5127e46d33ae0ef83f81867c3ec160b3aa56fb8a5a5c4da4f6010cc0884743879b1def7baff0598a24f082965e520f38961777d0a7d333f7b11011c6296b042e873
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD50691b0cedaf444447791755683d017ee
SHA11633cbca18b8ce8c4805412064953c09f103ce58
SHA256cdbdaa1e019190dace67ac326783d8bcfe79a27502fbb68dfbe19386940a8a97
SHA512e59b5be648bd062d312b99043d86a97f377cd100d6643a106c1640167081b0a3062790e9a79a661e04634d9ad0c28ce8de6e674bc66a1bf30382c2dd82f5b664
-
Filesize
6KB
MD5083db7934f105f941755cb3bce72bba5
SHA17fd8e2f9edaf7a6c7cfe7741661873e46952557f
SHA256ed1a266250027564509b6493a5d1ddb62672b765b9cd9a18f6cfdcd4304afc55
SHA512027c74067bde46f76018e5bdedda67c1f388815a0ba32280fe830c335d3aadf749b3efc8052e55a9ecb6e1d0b047126b21c7c624c5aad4402e01a173d66e3e39
-
Filesize
7KB
MD5558e544b84604c6af765f4a810ce2781
SHA19ff1e8cf4b8e26e941a7c0194e3c14095fc7d72d
SHA256e400da96dcae84a85d25f9041fa10774c317f4f712db0ef087e51067356fe0ba
SHA512e0aa9b7bdd1142fc8fc66540b45698ee2ff76ce79f02f211e671762e836aeda4f2b88a9f70fef541fd0992524a319c3b302b65831aa914729a144a687656910a
-
Filesize
8KB
MD5dd45be9752372e6bf4220833a22be3a5
SHA1c53ab03ec7ddf9497973cd4e86cabb912f74e7c3
SHA2567c47d7c945b1f0141b0ef83999a5653d36dbb615621ecf0ae67730cf85153e41
SHA5129b5b81629fbcbfb27d23c1b7ab8fa6dadc36e27b348d7177a43f8b935373d60569abd057bbdeebdcb0b9831976ffb864ddec75bd3f3f860ee71e8b59d09b13ac
-
Filesize
10KB
MD5ee2805bfec712f76d7dc5c46b297eff1
SHA14436b5c8bae718a5435c99db7e8010e392fd9096
SHA256f26d7ff5898612e50f892464d47f611f567476d3912a0f1ac8046b408d6695fe
SHA5123b71a1c8c47b7b6d9b03b2f8867b939fbe389789e6dd1a78d012d4a4700b4bd400b0034c0b22bb244d7d8af3a9634eb0e7d6de3e6c9b0d3ce0cd68d46658c0ec
-
Filesize
6KB
MD5fcd5f37e5e4066f7cffe8eb106b6ce19
SHA1b0a1c4d3d5c96271429fb09cb71055d177c13402
SHA25638dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67
SHA512afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize24KB
MD59f0a8d74f4cc1e1a0e1d54ac1af520a9
SHA1e42f43b1315bf5b6199d42bf1d6d78eec23e1325
SHA256e88c418a33de02b8f157c2e1696c90a6f34457e8dccead8f3884341d8cee2694
SHA512e6867a4e5572e9eea2fd2e0e89466511f5710fad877ff7f13d5decb92cb227b3a754ee0629cb40a39afae97ff8e372a513e7c6e14bdecbe7106dadc679a4763b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize24KB
MD523ebd0b8d9db69518bcf58ab861d17a8
SHA1d7abd62b109230e8c035faf0e4d474914a062dc3
SHA25609c3282bef0fadc64fd3c9bcd5011555efff5b1f22f189da1711014c91980fd6
SHA5123bc7bb5120cb3efcb1954bd983e8d1912b49a0dbf1b2096d8fa26359ec462e263b6e7040fc3247041896ec356b6461c4c4984058ccc0794b2146b08275c6050a