1ec3d25e7a482e6cfd64a7f56704b30b877140bcdb692161e2f55d31ae8b60f3

Analysis

max time kernel
150s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2025, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stoic_AI.exe
Size

661.4MB
MD5

3fc7efe507f0fc1b02d441ff12f4bba9
SHA1

a86d5bf89904be858947853bdc3be646fdd04bca
SHA256

1ec3d25e7a482e6cfd64a7f56704b30b877140bcdb692161e2f55d31ae8b60f3
SHA512

2b0659345c39b6983e5c66fdc12113b4555cde907dba7accfb52420ae163f9ff8d889761cd45e84e853ec7145073dbd2b15d50d9f22df3ac9d45ca41895f12ff
SSDEEP

98304:pn43kVKqiA/f3fP3mT4fScS/YhkA6VKqiA/f3fP3mT4fScS/YhkI6VKqiA/f3fPy:x4OPfSXA4PfSXI4PfSXp

Score

10^/10

defense_evasion discovery motw phishing

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs

description	pid	Process	procid_target
PID 3708 created 2804	3708	Stoic_AI.exe	49
PID 6848 created 2804	6848	Stoic_AI.exe	49

Downloads MZ/PE file 1 IoCs

flow	pid	Process
149	4568	firefox.exe

Executes dropped EXE 2 IoCs

pid	Process
3964	Stoic_AI.exe
6848	Stoic_AI.exe

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
139	https://stolc-ai.digital/	4568	firefox.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\Stoic_AI.exe:Zone.Identifier	firefox.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Stoic_AI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Stoic_AI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Stoic_AI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe

Checks processor information in registry 2 TTPs 28 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Stoic_AI.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
3708	Stoic_AI.exe
3708	Stoic_AI.exe
3708	Stoic_AI.exe
3708	Stoic_AI.exe
3708	Stoic_AI.exe
3708	Stoic_AI.exe
3708	Stoic_AI.exe
3708	Stoic_AI.exe
4256	svchost.exe
4256	svchost.exe
4256	svchost.exe
4256	svchost.exe
3964	Stoic_AI.exe
3964	Stoic_AI.exe
3964	Stoic_AI.exe
3964	Stoic_AI.exe
3964	Stoic_AI.exe
3964	Stoic_AI.exe
3964	Stoic_AI.exe
3964	Stoic_AI.exe
6848	Stoic_AI.exe
6848	Stoic_AI.exe
6848	Stoic_AI.exe
6848	Stoic_AI.exe
6848	Stoic_AI.exe
6848	Stoic_AI.exe
6848	Stoic_AI.exe
6848	Stoic_AI.exe
6992	svchost.exe
6992	svchost.exe
6992	svchost.exe
6992	svchost.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4568	firefox.exe
Token: SeDebugPrivilege	4568	firefox.exe
Token: SeDebugPrivilege	4568	firefox.exe
Token: SeDebugPrivilege	4568	firefox.exe
Token: SeDebugPrivilege	4568	firefox.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe
4568	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 4256	3708	Stoic_AI.exe	81
PID 3708 wrote to memory of 4256	3708	Stoic_AI.exe	81
PID 3708 wrote to memory of 4256	3708	Stoic_AI.exe	81
PID 3708 wrote to memory of 4256	3708	Stoic_AI.exe	81
PID 3708 wrote to memory of 4256	3708	Stoic_AI.exe	81
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 3136 wrote to memory of 4568	3136	firefox.exe	85
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 2008	4568	firefox.exe	86
PID 4568 wrote to memory of 3056	4568	firefox.exe	87
PID 4568 wrote to memory of 3056	4568	firefox.exe	87
PID 4568 wrote to memory of 3056	4568	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2804
- C:\Windows\SysWOW64\svchost.exe
  "C:\Windows\System32\svchost.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Windows\SysWOW64\svchost.exe
  "C:\Windows\System32\svchost.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:6992

C:\Users\Admin\AppData\Local\Temp\Stoic_AI.exe
"C:\Users\Admin\AppData\Local\Temp\Stoic_AI.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3136
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Drops desktop.ini file(s)
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1984 -prefsLen 27097 -prefMapHandle 1988 -prefMapSize 270279 -ipcHandle 2060 -initialChannelId {f83467c6-09dc-406f-9379-ae9df425b0cb} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2432 -prefsLen 27133 -prefMapHandle 2436 -prefMapSize 270279 -ipcHandle 2440 -initialChannelId {5b008457-f981-4d17-927d-2072409a9003} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:3056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3928 -prefsLen 27274 -prefMapHandle 3932 -prefMapSize 270279 -jsInitHandle 3936 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3944 -initialChannelId {4003e7cc-63c4-4a1f-bcfb-f05bc541b008} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:3768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 4080 -prefsLen 27274 -prefMapHandle 4084 -prefMapSize 270279 -ipcHandle 4104 -initialChannelId {12cc4d44-fa43-4a90-aab7-9093b75598d7} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:3340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 1680 -prefsLen 34773 -prefMapHandle 2984 -prefMapSize 270279 -jsInitHandle 2988 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4524 -initialChannelId {2b80072d-be21-4771-9cad-292edb4691ef} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5000 -prefsLen 34822 -prefMapHandle 5008 -prefMapSize 270279 -ipcHandle 5044 -initialChannelId {78281d48-2882-49e1-a875-7ddf7fc589c2} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5484 -prefsLen 32952 -prefMapHandle 5452 -prefMapSize 270279 -jsInitHandle 2584 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1656 -initialChannelId {22610632-0a5f-47c3-94d2-f9319e54f0b7} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:5400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5648 -prefsLen 32952 -prefMapHandle 5652 -prefMapSize 270279 -jsInitHandle 5656 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5664 -initialChannelId {e26e794b-82c9-4764-a04b-c0e0b85fe3e3} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:5412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5684 -prefsLen 32952 -prefMapHandle 5780 -prefMapSize 270279 -jsInitHandle 5784 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5852 -initialChannelId {a4aeed60-7d89-4e68-a5c9-bb5d9413e220} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6420 -prefsLen 33071 -prefMapHandle 6424 -prefMapSize 270279 -jsInitHandle 6428 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6328 -initialChannelId {4ad9de3d-dd7a-4ee8-a048-1445b1fada66} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    - Checks processor information in registry
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3076 -prefsLen 33071 -prefMapHandle 6744 -prefMapSize 270279 -jsInitHandle 6564 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 4660 -initialChannelId {0d34bd01-77e0-4d1f-874b-b4f85badfc04} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4808 -prefsLen 36543 -prefMapHandle 6804 -prefMapSize 270279 -jsInitHandle 6800 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6460 -initialChannelId {9f1f3f72-f48b-43c2-bb59-777673e930e2} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab
    3⤵
    - Checks processor information in registry
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7028 -prefsLen 36543 -prefMapHandle 4360 -prefMapSize 270279 -jsInitHandle 7032 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7040 -initialChannelId {509463b0-b41d-4961-bc86-148de7ebe8f5} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab
    3⤵
    - Checks processor information in registry
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7228 -prefsLen 36543 -prefMapHandle 7224 -prefMapSize 270279 -jsInitHandle 7220 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7212 -initialChannelId {67d06db5-dd29-420c-b6bd-61e0d55764d6} -parentPid 4568 -crashReporter "\\.\pipe\gecko-crash-server-pipe.4568" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tab
    3⤵
    - Checks processor information in registry
    PID:1636
- - C:\Users\Admin\Downloads\Stoic_AI.exe
    "C:\Users\Admin\Downloads\Stoic_AI.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3964
  - - C:\Users\Admin\Downloads\Stoic_AI.exe
      "C:\Users\Admin\Downloads\Stoic_AI.exe"
      4⤵
      PID:6932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6704

C:\Users\Admin\Downloads\Stoic_AI.exe
"C:\Users\Admin\Downloads\Stoic_AI.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\cache2\entries\445BCB32880CE28AB50B047E667726A4E1627183

Filesize
17KB

MD5
9894732b0b3bd652f6f5ae718f69c899

SHA1
c7eb04846e06f45852f5f1b402a3665781f3d7e6

SHA256
0ac6018542514f7f9e5fc87cb1bd6a8b54bae940e74aea9883239bf0ac71922e

SHA512
b521058f5500f8c3f0c6314290f103cb9f829c0b7201732003c8b16e54bc55137b0263894d8532ce55b0f61799f396986df3c7847ddb1ac6bb90d01486f75f9e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\cache2\entries\A585344A45AF937E3AB7D706291A9A3ED8D581D9

Filesize
13KB

MD5
5003eeb23e09aa568a8ba7c8c54629db

SHA1
b503ad39edaeb4ebb01d67a1f858b7f5fba45959

SHA256
b398f77a3af515da70ece2659580179d8576021577f46bac7ce6d29e5f1e8015

SHA512
bff017c098a67d45d99d5a402ab571c697a9133fccd9c9740ebd62b9ddd46adb514cd70d3b85230e0d313416eab3c66c78ed6e6d63cf0de7b9e7d43e72419143

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

Filesize
13KB

MD5
9bd75e904b79e29776432b9cfcbb4ac2

SHA1
5ec07700b2db06e50f3c3d30ecfea02c82bae692

SHA256
a0ee64c2175656aaf0d5cfdacf988faba000047c77918e380e6eda483002ebbc

SHA512
5fa7d718a9253114c5e9d8bf34c8d47244d6f21ca657d24b0ad15b8458bdfc5111540723730fd29c42bfc8e07447215d02b23fa63306fb746fc89d7d6f3cab86

Download Submit
C:\Users\Admin\AppData\Local\Temp\85dd4e6f-84cb-48c3-8b3f-0e653df01f79.zip

Filesize
3.6MB

MD5
eee2a159d9f96c4dd33473b38ae62050

SHA1
cd8b28c9f4132723de49be74dd84ea12a42eef54

SHA256
52c720ca9b1d7649214694bc46a9ea0cf2ee3091e1ac717633ee06b6e2864384

SHA512
553c8b347e1654ca256dd4b760deb669cf394763419c972bb60a555006525afed2cff53b2516e8b239bc4bb35afd5429bd89611303143e7e65b901c0f5c2cc07

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
11KB

MD5
25e8156b7f7ca8dad999ee2b93a32b71

SHA1
db587e9e9559b433cee57435cb97a83963659430

SHA256
ddf3ba4e25a622276755133e0cce5605b83719c7cab3546e09acbfed00d6a986

SHA512
1211b2fa997ba13ff926aec58b6b35a81d7fe108b0caa8f4d6369d0a37f8481373b78a4b201651243adde9e2b2699ce929482a46226ff6299b0a0e40fe2ddc56

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\AlternateServices.bin

Filesize
6KB

MD5
fa9ab529ab858eac4224d7dd4fe8d7ac

SHA1
b980203f774a3f87e50d53bbfd694193db4a455c

SHA256
8a321b04e8ac61541fa5732362bebc800ddc5e3910c8e162a467015c5d571001

SHA512
1e508c03e1529b9ba6cb2a4eb348953b73192f619a1586510bd482454db90769bacbf0ef8d3bc820f0bc2b5c8e570292563842efb8ca1068a186e65bb5e1dbd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\AlternateServices.bin

Filesize
20KB

MD5
bfa2a398748c0919dbb763f03898c2bd

SHA1
d4a977b39a4e00fe085f848e150c723fe69afb8a

SHA256
eb6db2cdf1e259efa81804757c658d56c8aaa8e5e625c3bb5887cc4cb7cab79b

SHA512
fe8ddbf2cae9d6bcd802c39ddf27fa7006c4452480af24b60592ebd2995d5203f5952ea307dc73c3a1bf37aa6b9c54390bbacadd318c7ca1994abb2b59aa22a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
999cc7237344a595447e4fd299b0a611

SHA1
9317673f38fcd08dc0663eed731f2e660fbe0821

SHA256
8d8c280b9bf800f9b50d2727f03da3389458540e4cea621a21bb1f3301564b35

SHA512
d0c2f5cd4a3b5e34cbc20420810906f715d9a6ff69878f4e75f2996d5790c3a3481e23989afb646bb7cc03a1e1f73883566df27db6feac2171248a87d80dd63f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
8426d633c2f4ced06e8219f0ab256509

SHA1
0dc6293a020b49211cbeda15aa3b809ad86b719e

SHA256
d99f03499e6314d9b1fdacc88f088afe4de005d4ebf3a1b58f0b149ae40845bc

SHA512
92d46d3088ffa026fc7799d034aade91116ca7a553760594a4800f05c012fcf673a366a66264956e314419952c222e3703aa92f63fd74de364d0d52ec3c30b99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
a6bde32c634742d22ebeed80cbf8f695

SHA1
391e2b825a63a0623ed4f99c3fdd21f1af822b49

SHA256
1668c6b224b16c3151459617392c01d9d0d901e6707a9ec3d10876a74a3e8af5

SHA512
14b6aac224e8c4d0ddbda1706c77f4d95296b55beee5199ef32fd46e949ab5d4f821a9bfb273d619843c4d4cb1f5f28f9c4e79ca1226555c0247b7f26f75cd0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
c623129beebf99a72af87ba9ea12c0ec

SHA1
b8d268cce98fb98c219f8bc85c822191123b3277

SHA256
0726bce81713373ce8a5af48143ce11d7e6c001bde6a91ad2c37f1d38d506137

SHA512
0e332e4591fea03132626f868307333be7803012523f8420e62e54b35773d1cbc98c5be70d05bf09fbb9d9d2977dcc76d61ebbab54d55576a38f44dabb3bffe0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\pending_pings\0c22541d-a0f6-41c6-8a56-762ff81d5790

Filesize
2KB

MD5
be95e4e8b7f2bf98a960dedf9027cc36

SHA1
4ed98a5ee2e550aba649fd85ccbf42963c5aae07

SHA256
bdf9576a5a78a727f5749d40281ecedc3838e289ddc552ff570b9f222d771601

SHA512
d8afba5f43ebf00226343a3032a4b97f82aa924712ba0ef17be44202095573e955d2baa39940a3100b98e8c73d47e2cdc7e2e945648d6e3e14b5ad2ba45fa258

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\pending_pings\11573054-09cc-4371-9c05-3b98c5485c20

Filesize
235B

MD5
90ef6fda1ce05bf796a007070e6586f1

SHA1
e5fe3f81c3dae69bf35697688bf7b05c0bdd665c

SHA256
79b9f02bb452f8d31161cfeed5676fdac830be07ee49fbd0751f4371878fa781

SHA512
b9541d95cfce97908e877e29f967bdb08bcaa40da034acad0bcae07387ca2fd75ae39bfa11d28cc99811fce29a3b39cf8f96694104e7b93872f5855e1e8fcd18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\pending_pings\67291fec-aa3a-4081-afeb-d592f4205c02

Filesize
235B

MD5
dc7a041f00d2dc5b1226137d01549f2d

SHA1
ce9d534ad4668e9f7b8938fce9efbd5478278544

SHA256
37e37364a14f216beec8c0f928d802c320a729f207bf3c52b01094fb2cd34857

SHA512
5acffad92377cec9975cbb9a059811ce3449575f6ff90bf99dd95ebd9d814577293e4b63373cd35804e5448e651a61e239588079c1f705a59462672cf3401af9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\pending_pings\b1b52a44-ca83-4116-b9b0-81d295a9736b

Filesize
883B

MD5
dcd22991ea0cfefab8dc93d114b16fc4

SHA1
e2ca513e62ad0399fd6cc249f8275c3bc4306596

SHA256
21344f647c451392ce7341a5843884fc536476599169c03087a471e9e01aedd0

SHA512
b5b34f51504244dff37260b68950b2a2c0e9f4da0202b9dae3b99b8a35643b408fd4814fc69cddc11a59a4aedace40edb5a0b10d34b29139f28389a4b18bba65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\pending_pings\bbe4d663-fe19-4be4-9000-ba1c438cd9be

Filesize
17KB

MD5
1c77fc78810601a8d9555e3a4e630909

SHA1
87574bd1c653a0428d5420ebf2dba4a7fa8bc8e9

SHA256
ad3cdb1396f78e6ff1406c0b5ebeb4b2d359b7a760b83ec6f161579c5ceba73b

SHA512
a6bf373bfa648e01f96b51ed7f6048f2be9e5b310fc54c4fc9235fb7b7f3c77b0bc3642ea3dde4446ddd9278f0831aa593f6617b607f9c6ef805380dfd4231cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\datareporting\glean\pending_pings\de9070dc-ce1e-4cd5-97f2-29d2664ec3c1

Filesize
886B

MD5
f927c71b6acd1b2488a49d45be365a2f

SHA1
afc5f4ce74d9da004ca1badf57e1428c9063d18b

SHA256
0cf769498cb87c4b330a0a9a8e99b4b257a40ae3dfa648bfeadeb0958c860910

SHA512
7365e3708103f3e3f76b939d2ca4f7bef18ec2a9023639c795d38165ebfd317bbb2284e4dede7bcdd860f69738c5b345e94703e678742a51686ca08b6acf6662

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\extensions.json

Filesize
16KB

MD5
83ac2a49c02383f9791a7ef4be6f8cbb

SHA1
36aad1d4fdc72cfb8953e2805f2293860af888a5

SHA256
2853b3e3d62b9cf34d39c6605fb802c9bf31c59ade6a015293a5ef4beb0a0087

SHA512
b51296f130190e7143448253ee29706760d531dcb8d60d3891597a38f1849b990b85882bcc86c44e26b253ef26f9cb0cabc6a32428faa6cc5c7567615fb75b74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\prefs-1.js

Filesize
7KB

MD5
bcc5ca79812ab78e39ef5c0899685a17

SHA1
632c2b8f3ba56947da2bf06c467dd7ff76e6d857

SHA256
186227a29cff5a4ddf9890f446c76807894fd73264ee9c4aeaa08101dac3a9e5

SHA512
51e6c1d4b135e71b6464620d9434b5a25e81a1f705ec6e5f31c28384d0f8ae33b9a2d5468e1983e93545773836cf8eb80403c4cf0d9b0819486e6faddab2a921

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\prefs-1.js

Filesize
8KB

MD5
61f05f849e9f5dc016aeea654572e6ae

SHA1
249c3de985e7cdca1d43602bc9114849a654a607

SHA256
06987476beda38eee8348758ffaa9095158a974f08d48b20e6adb588be096a1c

SHA512
86584da8db83b0b97c44ac0ea64799930d9bdd88d253eb903dffd4d85ddb2e11acbd3b82e507c45913d40b2cd3c89ca321bedec1ef258bc42a4eccd936a64886

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\prefs-1.js

Filesize
12KB

MD5
44370b4c146b755bcd1c754b91014ce6

SHA1
d13ef34a7aceaaad856af5d244279f88e6d87f39

SHA256
75fbca64bb22adeeb70c6d035da65144dd7d26e0a50cab3328cf9cb6204fcc2f

SHA512
7693953ebf35e47816f36b0505db69185b65f7e4b684d5f4bd4d23561f233aa083e9b29d1a04a2f46636c22b782f7886291c19772c0f28cb36a607ea18c70ffa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\prefs.js

Filesize
6KB

MD5
37a944c343b042eefa4d53a62b4de70e

SHA1
518a60723145a0bc898245d5ee9a227e50e3de3b

SHA256
5c0ec1af027573d404859d71366f7e534a388047a7fba877dcf2ef7141702649

SHA512
c852d9138d1c7b43d98c2b7a9be441bf466caf6ed4e0811007cc7bade799468c5b1283454530d1baf40d3765c45e1b877328afce1fef7a873cc98e5f0a14354f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\prefs.js

Filesize
6KB

MD5
b442b83ecb4c8e90b863ecc1a1a3f600

SHA1
49a3190f56534cc3108927621ce928ffa16f78a3

SHA256
24211f446eec7204baedd287e92ce0c53e824b561b2ec74d12024c3ec5b980ac

SHA512
c53698d1f734cbacfde65345c3b86a861179e6ecfc84fcf9fef2b00e56d3925ab3f7584154ca223ab86a8f1b2d99b590f21fe43bae9d67fb279536cbd1032411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\prefs.js

Filesize
11KB

MD5
840f9a1a4b6520e3b34b5c50807a7be4

SHA1
be561fc466d5caad27c3fba30480300afbe5f392

SHA256
504336ce44c055c7a5f0c87aaabc99e16488548a9e1f799e7f4399aed4133d1f

SHA512
8cdbcd9519df6863c88390c33c64182faab696f6c04eaeb437387ebbdf983b087ee6b7256c398bf460019065057b15abe4a928643b3bda80b7b57b408634ffba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\prefs.js

Filesize
6KB

MD5
87ab81fbcbf494417e64373e586c1630

SHA1
7d55a35a60c4d0d80deb4c95f1a575a68ce76ad9

SHA256
94da07c96f4332c00f9e831009de3c043ac0eef9fa49bbb19b67277294e2b2e5

SHA512
9e723048ced5971b02ac3026d13be7f69d66bce1aa31a85faf5e5062d4534f23a1c039c0966b4ecbcd852d96c08e2b1933a87c0b68aa4fc448217c2e1fcff0d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
6504ebdd2c799cdecdee07c92b081002

SHA1
2c6a8919ff6a6a1e48c18e4a1766fafde7404764

SHA256
ca4566f2c55e56cca020ca127d2240b69cc1c8977e3fa58e4519b6959fb1bb95

SHA512
8038a2deb720c25f56691fd47db6a1acea58cd324761d65226f1926ee46addbdd5e53f8d5e7036801b47758504b7ce9f56437996043c7610e2a94dfa36bd09ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
64f133c49d678918048005e32599ec86

SHA1
f995bc7a2110c625e46af419d4fcb7753c05931e

SHA256
317f6601cc9e24406adbf33ac3ede8493f2bb476da52c62a326b9b4e9f5693b2

SHA512
64068271ccfaaea03f53ffb61d0dc87f3ceb3ad8dad67812b0ba57ce2ade8c649a5fbadea26929cd3bd47a69b70ed6cc62290d42530a4a46f4fa68e41c8ff1d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
963a143e3f2d992d678b2d03ba395a54

SHA1
44aa0cdadf1809c5f9888c641de21b7ee396ec41

SHA256
7ceef38004698b774aaacafd5264341eb9b79f74607c0972cc1e326f5b3eaf1b

SHA512
bfa1692edea7a199d7d2da4821dbe672c74fd3557c6d0210dca4a44e074d1e5c207ce3ebe09a66de8c9faf329826f29132094bc0d97b74f94197dadaf4c0f950

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
629ea9e563d5bcf903435498713addb9

SHA1
64bc9c6499d5c08d06a9f73a7d5aff7646faf374

SHA256
e7d022c4214cf9202d8c204c94d564906e9f5a9ff2bab1d385ad8613205e2e88

SHA512
ade2d288ff342b6653a3f643cc10bbd329fc9ce6ccc91ffb966b9c58b4fb5507adba96ec927a0a1384a8d4d2adb80cecc0ccce7fae596f845d427a2116267928

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\storage\default\https+++app.stoic.ai\ls\usage

Filesize
12B

MD5
66935c78b749ec047fa12a918703fd81

SHA1
2526e1245956218a0f6f9ea981eacd97faf615b0

SHA256
bd1506b7c11d34e1c7a62591f84148f351f78221182da798b63eb88c00066b34

SHA512
44a092999788112f4e2d3e269d71848a9490798769ae9ce7a8e0262b636000271759b0b29d24958ea8d9fc914fd888ca605819e8cff17f8c79dd1af48c7af694

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ja7zeu9s.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cstoic.ai%29\cache\morgue\110\{e9f2ffcc-bff6-44e6-9dd0-6ff18641956e}.final

Filesize
10KB

MD5
be4b8d06204faba090b711ee174418e4

SHA1
8b60f0834f1576a131c10514e10f7508db287153

SHA256
1f38853b4f515c0aa982835b112cd20e62e9ced63ee6d3ac80bb0a6b08c24cc6

SHA512
745f17334e1b89d6227068f926cc7f2ad518a84460575029fa3314fbee86bdd77a3fdec81475f3a5b6f52a7fedb516e0d3ccdd72fd8a30357ff22b759328ef0d

Download Submit
memory/3708-14-0x0000000006250000-0x0000000006650000-memory.dmp

Filesize
4.0MB

Download
memory/3708-13-0x00000000757E0000-0x0000000075A32000-memory.dmp

Filesize
2.3MB

Download
memory/3708-16-0x00007FFC92361000-0x00007FFC9248A000-memory.dmp

Filesize
1.2MB

Download
memory/3708-1-0x0000000002B30000-0x0000000002B9E000-memory.dmp

Filesize
440KB

Download
memory/3708-11-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download
memory/3708-10-0x0000000006250000-0x0000000006650000-memory.dmp

Filesize
4.0MB

Download
memory/3708-9-0x0000000006250000-0x0000000006650000-memory.dmp

Filesize
4.0MB

Download
memory/3708-33-0x00007FFC92361000-0x00007FFC9248A000-memory.dmp

Filesize
1.2MB

Download
memory/3708-8-0x0000000006250000-0x0000000006650000-memory.dmp

Filesize
4.0MB

Download
memory/3708-3-0x0000000002F40000-0x0000000002F43000-memory.dmp

Filesize
12KB

Download
memory/3708-0-0x0000000002B30000-0x0000000002B9E000-memory.dmp

Filesize
440KB

Download
memory/3708-4-0x0000000003050000-0x00000000030CF000-memory.dmp

Filesize
508KB

Download
memory/3964-4780-0x0000000006030000-0x0000000006430000-memory.dmp

Filesize
4.0MB

Download
memory/3964-4773-0x0000000002E90000-0x0000000002F0F000-memory.dmp

Filesize
508KB

Download
memory/3964-4779-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download
memory/3964-4771-0x0000000002D60000-0x0000000002D63000-memory.dmp

Filesize
12KB

Download
memory/3964-4783-0x00000000757E0000-0x0000000075A32000-memory.dmp

Filesize
2.3MB

Download
memory/3964-4784-0x0000000002950000-0x00000000029BE000-memory.dmp

Filesize
440KB

Download
memory/3964-4768-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download
memory/4256-23-0x00000000757E0000-0x0000000075A32000-memory.dmp

Filesize
2.3MB

Download
memory/4256-24-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download
memory/4256-19-0x0000000000DA0000-0x00000000011A0000-memory.dmp

Filesize
4.0MB

Download
memory/4256-15-0x0000000000520000-0x000000000052A000-memory.dmp

Filesize
40KB

Download
memory/4256-18-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download
memory/4256-21-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download
memory/6848-4792-0x0000000002B80000-0x0000000002B83000-memory.dmp

Filesize
12KB

Download
memory/6848-4793-0x0000000002CB0000-0x0000000002D2F000-memory.dmp

Filesize
508KB

Download
memory/6848-4798-0x0000000005E30000-0x0000000006230000-memory.dmp

Filesize
4.0MB

Download
memory/6848-4801-0x00000000757E0000-0x0000000075A32000-memory.dmp

Filesize
2.3MB

Download
memory/6848-4799-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download
memory/6992-4802-0x0000000000C60000-0x0000000000C6A000-memory.dmp

Filesize
40KB

Download
memory/6992-4804-0x00000000012E0000-0x00000000016E0000-memory.dmp

Filesize
4.0MB

Download
memory/6992-4807-0x00000000757E0000-0x0000000075A32000-memory.dmp

Filesize
2.3MB

Download
memory/6992-4805-0x00007FFC92360000-0x00007FFC92569000-memory.dmp

Filesize
2.0MB

Download