d2b43b8c763ae4d48ba0fdf098eda2fc747bf83f89d6656e880dd6e3652d91f8

Resubmissions

11/04/2023, 00:50

230411-a7bjlsbb2z 7

11/04/2023, 00:44

230411-a3t56ahe57 7

Analysis

max time kernel
146s
max time network
150s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
11/04/2023, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

firebot-v5.57.0-setup.exe
Size

109.3MB
MD5

8a40b882dda95d442ededa10e0622cf5
SHA1

e6cd260132d059bd2bece9a04892171829825b44
SHA256

d2b43b8c763ae4d48ba0fdf098eda2fc747bf83f89d6656e880dd6e3652d91f8
SHA512

0b0f1b504db3212b41f176be25737fd3bfd2ed2031a2af80eddd5432b06f274b11188eb552e0c1e1d61c33bfb03d5408190d947d644389b389d0d2e1bd1c8f77
SSDEEP

1572864:J++kGudJhl/1r46WFbUpqAsUS9d9t9LBaqAqAU262xUqdyfF+Y5ytR9M8ILZoDEy:JEGuQbNUSZvtabnW8ofFP5WR7yEgtF

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Control Panel\International\Geo\Nation	Firebot v5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Control Panel\International\Geo\Nation	Firebot v5.exe

Executes dropped EXE 8 IoCs

pid	Process
1964	Update.exe
840	Squirrel.exe
2000	Firebot v5.exe
1816	Firebot v5.exe
1652	Firebot v5.exe
1248	Firebot v5.exe
1540	Firebot v5.exe
1224	Firebot v5.exe

Loads dropped DLL 17 IoCs

pid	Process
1740	firebot-v5.57.0-setup.exe
1964	Update.exe
1964	Update.exe
1964	Update.exe
1964	Update.exe
1964	Update.exe
1964	Update.exe
2000	Firebot v5.exe
1816	Firebot v5.exe
1652	Firebot v5.exe
1540	Firebot v5.exe
1248	Firebot v5.exe
1248	Firebot v5.exe
1248	Firebot v5.exe
1248	Firebot v5.exe
1224	Firebot v5.exe
1224	Firebot v5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1964	Update.exe
1964	Update.exe
1540	Firebot v5.exe
1652	Firebot v5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1964	Update.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1964	Update.exe
612	SndVol.exe
612	SndVol.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
612	SndVol.exe
612	SndVol.exe
612	SndVol.exe
612	SndVol.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1964	1740	firebot-v5.57.0-setup.exe	28
PID 1740 wrote to memory of 1964	1740	firebot-v5.57.0-setup.exe	28
PID 1740 wrote to memory of 1964	1740	firebot-v5.57.0-setup.exe	28
PID 1740 wrote to memory of 1964	1740	firebot-v5.57.0-setup.exe	28
PID 1740 wrote to memory of 1964	1740	firebot-v5.57.0-setup.exe	28
PID 1740 wrote to memory of 1964	1740	firebot-v5.57.0-setup.exe	28
PID 1740 wrote to memory of 1964	1740	firebot-v5.57.0-setup.exe	28
PID 1964 wrote to memory of 840	1964	Update.exe	29
PID 1964 wrote to memory of 840	1964	Update.exe	29
PID 1964 wrote to memory of 840	1964	Update.exe	29
PID 1964 wrote to memory of 840	1964	Update.exe	29
PID 1964 wrote to memory of 2000	1964	Update.exe	30
PID 1964 wrote to memory of 2000	1964	Update.exe	30
PID 1964 wrote to memory of 2000	1964	Update.exe	30
PID 1964 wrote to memory of 2000	1964	Update.exe	30
PID 1964 wrote to memory of 1816	1964	Update.exe	31
PID 1964 wrote to memory of 1816	1964	Update.exe	31
PID 1964 wrote to memory of 1816	1964	Update.exe	31
PID 1964 wrote to memory of 1816	1964	Update.exe	31
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1248	1816	Firebot v5.exe	32
PID 1816 wrote to memory of 1652	1816	Firebot v5.exe	34
PID 1816 wrote to memory of 1652	1816	Firebot v5.exe	34
PID 1816 wrote to memory of 1652	1816	Firebot v5.exe	34
PID 1816 wrote to memory of 1540	1816	Firebot v5.exe	33

C:\Users\Admin\AppData\Local\Temp\firebot-v5.57.0-setup.exe
"C:\Users\Admin\AppData\Local\Temp\firebot-v5.57.0-setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:840
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --squirrel-install 5.57.0
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2000
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1816
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=gpu-process --field-trial-handle=1004,6304721393605261184,5972702787737075900,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1016 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1248
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=renderer --field-trial-handle=1004,6304721393605261184,5972702787737075900,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=com.squirrel.firebot.Firebotv5 --app-path="C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1540
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1004,6304721393605261184,5972702787737075900,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1316 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1652
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=gpu-process --field-trial-handle=1004,6304721393605261184,5972702787737075900,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1016 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1224

C:\Windows\system32\SndVol.exe
SndVol.exe -f 24903760 6675
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:612

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
a69acfcb3384e17e685e1c216aff4c7a

SHA1
0ad86a0bf6383cecccc2e970f5b0050b65e6dbe7

SHA256
1ce13906005e6be51c8f50bab24a532ca95231b51ce59a3987a6f6d9db6d99c3

SHA512
7d44c67f3b070a0e52778ccf65be83ee3e5cb3447da8ab55acb563882ed1dfe722965b42f40f70537a5ac2799397a5443402342db1c496f2612925c3b01aa079

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
2.1MB

MD5
4227c47009d31f27419322f0de6f07cf

SHA1
85873083f8ee977c4820cc677112725bb9fb9ff8

SHA256
45fd7a6813677021fcbffaee43a617b037e32af73f6db17f4240ae79db3c3e40

SHA512
86c5d80d957e8e5e733c477b3e84ced67b133958aabde81c10158d3980f8daf0293aa602d9f09f30e1d71dc7f9df4d3b776fb3267f74d3b99d28dc2c153435c8

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\firebot-5.57.0-full.nupkg

Filesize
106.5MB

MD5
77df82e162946f2bf5d7e2bf90b09641

SHA1
3ed7e305d2066e99777e779310e13044c9aa43e4

SHA256
a30850652c079d019afe0cac62612bb75076206caacea734a1d64ae301a3bfb4

SHA512
a85e9a0370f82e4fbbafa105497cdff56e85b7a772ecb6ab48afc9b96e3762969f65a6ca6647b05bba8a1c63bca93643a10692b2775a709400bb80e7dd6db83c

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\libegl.dll

Filesize
436KB

MD5
0784e4ae88ce1d7c92e26d78ffcc90c6

SHA1
c00e10888c062f8d5294d18c44433d932a9e5dd0

SHA256
b516cf5b8073ef35797e8cd422b62ebc117d8bc49471392a9f249d5d20dd8269

SHA512
84c18b2bc77b2832104ba63dc018aa6aa4917d09f8c43bb002bedee0d9f58f74a8f27913c7fb7ec5351f64408458358e68f452b96fccf2923dce48eb8b9c31a0

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\libglesv2.dll

Filesize
7.5MB

MD5
3a7fe037b4a1f7c4862dea99d6017b42

SHA1
6342ef92e0c813cf304e496184d486dff1ff6145

SHA256
47b58af0713e4563489f85716abaed659d8ac85064e3e498cc5af5582da3f537

SHA512
e57fe62f8aeb281b315184c80350dca15553eb2672bd8f1468488e82672643b07f78aacb2b56f9752b0446d691005019a18026c1e78ee02259a53ea88a03fc30

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources.pak

Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources\app.asar

Filesize
122.9MB

MD5
2d32f612971ef65ad38b942ccf9603bf

SHA1
e92e0bd68c472c723560213386199eb8f04e39a2

SHA256
3f2acfec5cee8c01d1469a02715916ed837a8a56f76f75de631da675d14c38dd

SHA512
3c86c4483e742c5e04a317ce8e2271aae655134a144082502a25c6ce39a6a4719680de36193c4adf629f84ab52485bce575881220f259dc52b74fb7f998d06b0

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\v8_context_snapshot.bin

Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
C:\Users\Admin\AppData\Local\firebot\packages\RELEASES

Filesize
79B

MD5
a69acfcb3384e17e685e1c216aff4c7a

SHA1
0ad86a0bf6383cecccc2e970f5b0050b65e6dbe7

SHA256
1ce13906005e6be51c8f50bab24a532ca95231b51ce59a3987a6f6d9db6d99c3

SHA512
7d44c67f3b070a0e52778ccf65be83ee3e5cb3447da8ab55acb563882ed1dfe722965b42f40f70537a5ac2799397a5443402342db1c496f2612925c3b01aa079

Download Submit
C:\Users\Admin\AppData\Local\firebot\packages\firebot-5.57.0-full.nupkg

Filesize
106.5MB

MD5
77df82e162946f2bf5d7e2bf90b09641

SHA1
3ed7e305d2066e99777e779310e13044c9aa43e4

SHA256
a30850652c079d019afe0cac62612bb75076206caacea734a1d64ae301a3bfb4

SHA512
a85e9a0370f82e4fbbafa105497cdff56e85b7a772ecb6ab48afc9b96e3762969f65a6ca6647b05bba8a1c63bca93643a10692b2775a709400bb80e7dd6db83c

Download Submit
C:\Users\Admin\AppData\Local\firebot\update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\libEGL.dll

Filesize
436KB

MD5
0784e4ae88ce1d7c92e26d78ffcc90c6

SHA1
c00e10888c062f8d5294d18c44433d932a9e5dd0

SHA256
b516cf5b8073ef35797e8cd422b62ebc117d8bc49471392a9f249d5d20dd8269

SHA512
84c18b2bc77b2832104ba63dc018aa6aa4917d09f8c43bb002bedee0d9f58f74a8f27913c7fb7ec5351f64408458358e68f452b96fccf2923dce48eb8b9c31a0

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\libGLESv2.dll

Filesize
7.5MB

MD5
3a7fe037b4a1f7c4862dea99d6017b42

SHA1
6342ef92e0c813cf304e496184d486dff1ff6145

SHA256
47b58af0713e4563489f85716abaed659d8ac85064e3e498cc5af5582da3f537

SHA512
e57fe62f8aeb281b315184c80350dca15553eb2672bd8f1468488e82672643b07f78aacb2b56f9752b0446d691005019a18026c1e78ee02259a53ea88a03fc30

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
memory/612-347-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/840-185-0x0000000000860000-0x0000000000A3A000-memory.dmp

Filesize
1.9MB

Download
memory/840-191-0x0000000004C70000-0x0000000004CB0000-memory.dmp

Filesize
256KB

Download
memory/840-208-0x0000000004C70000-0x0000000004CB0000-memory.dmp

Filesize
256KB

Download
memory/1248-271-0x0000000076E90000-0x0000000076E91000-memory.dmp

Filesize
4KB

Download
memory/1248-215-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1816-258-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/1964-167-0x0000000004220000-0x000000000422A000-memory.dmp

Filesize
40KB

Download
memory/1964-165-0x0000000004220000-0x000000000422A000-memory.dmp

Filesize
40KB

Download
memory/1964-64-0x0000000004310000-0x0000000004350000-memory.dmp

Filesize
256KB

Download
memory/1964-63-0x0000000000C50000-0x0000000000E14000-memory.dmp

Filesize
1.8MB

Download
memory/1964-192-0x0000000004310000-0x0000000004350000-memory.dmp

Filesize
256KB

Download