d2b43b8c763ae4d48ba0fdf098eda2fc747bf83f89d6656e880dd6e3652d91f8

Resubmissions

11/04/2023, 00:50

230411-a7bjlsbb2z 7

11/04/2023, 00:44

230411-a3t56ahe57 7

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2023, 00:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

firebot-v5.57.0-setup.exe
Size

109.3MB
MD5

8a40b882dda95d442ededa10e0622cf5
SHA1

e6cd260132d059bd2bece9a04892171829825b44
SHA256

d2b43b8c763ae4d48ba0fdf098eda2fc747bf83f89d6656e880dd6e3652d91f8
SHA512

0b0f1b504db3212b41f176be25737fd3bfd2ed2031a2af80eddd5432b06f274b11188eb552e0c1e1d61c33bfb03d5408190d947d644389b389d0d2e1bd1c8f77
SSDEEP

1572864:J++kGudJhl/1r46WFbUpqAsUS9d9t9LBaqAqAU262xUqdyfF+Y5ytR9M8ILZoDEy:JEGuQbNUSZvtabnW8ofFP5WR7yEgtF

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Firebot v5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Firebot v5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Firebot v5.exe

Executes dropped EXE 9 IoCs

pid	Process
3796	Update.exe
1880	Squirrel.exe
1376	Firebot v5.exe
4452	Firebot v5.exe
1204	Firebot v5.exe
2348	Firebot v5.exe
1844	Firebot v5.exe
1820	Firebot v5.exe
4660	Firebot v5.exe

Loads dropped DLL 10 IoCs

pid	Process
1376	Firebot v5.exe
4452	Firebot v5.exe
1204	Firebot v5.exe
4452	Firebot v5.exe
1844	Firebot v5.exe
1820	Firebot v5.exe
2348	Firebot v5.exe
2348	Firebot v5.exe
4660	Firebot v5.exe
4660	Firebot v5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\firebotv5	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\firebotv5\	reg.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\firebotv5	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\firebotv5\ = "Firebot Setup"	reg.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
3564	reg.exe
2640	reg.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3796	Update.exe
3796	Update.exe
1844	Firebot v5.exe
1844	Firebot v5.exe
1820	Firebot v5.exe
1820	Firebot v5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3796	Update.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3796	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 3796	3420	firebot-v5.57.0-setup.exe	83
PID 3420 wrote to memory of 3796	3420	firebot-v5.57.0-setup.exe	83
PID 3420 wrote to memory of 3796	3420	firebot-v5.57.0-setup.exe	83
PID 3796 wrote to memory of 1880	3796	Update.exe	90
PID 3796 wrote to memory of 1880	3796	Update.exe	90
PID 3796 wrote to memory of 1880	3796	Update.exe	90
PID 3796 wrote to memory of 1376	3796	Update.exe	91
PID 3796 wrote to memory of 1376	3796	Update.exe	91
PID 1376 wrote to memory of 3564	1376	Firebot v5.exe	94
PID 1376 wrote to memory of 3564	1376	Firebot v5.exe	94
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 2640	1376	Firebot v5.exe	97
PID 1376 wrote to memory of 2640	1376	Firebot v5.exe	97
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 1376 wrote to memory of 4452	1376	Firebot v5.exe	96
PID 3796 wrote to memory of 1204	3796	Update.exe	99
PID 3796 wrote to memory of 1204	3796	Update.exe	99
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100
PID 1204 wrote to memory of 2348	1204	Firebot v5.exe	100

C:\Users\Admin\AppData\Local\Temp\firebot-v5.57.0-setup.exe
"C:\Users\Admin\AppData\Local\Temp\firebot-v5.57.0-setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3796
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:1880
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --squirrel-install 5.57.0
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1376
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Classes\firebotv5 /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:3564
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=gpu-process --field-trial-handle=1644,10479517138819399026,2693993378051079527,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4452
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Classes\firebotv5 /ve /t REG_SZ /d "Firebot Setup" /f
      4⤵
      Modifies registry class
      Modifies registry key
      PID:2640
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1204
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=gpu-process --field-trial-handle=1348,4271488719601198085,15953473626692911010,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1600 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2348
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=renderer --field-trial-handle=1348,4271488719601198085,15953473626692911010,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --app-user-model-id=com.squirrel.firebot.Firebotv5 --app-path="C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1820
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1348,4271488719601198085,15953473626692911010,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1788 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1844
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=gpu-process --field-trial-handle=1348,4271488719601198085,15953473626692911010,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1600 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3216

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
a69acfcb3384e17e685e1c216aff4c7a

SHA1
0ad86a0bf6383cecccc2e970f5b0050b65e6dbe7

SHA256
1ce13906005e6be51c8f50bab24a532ca95231b51ce59a3987a6f6d9db6d99c3

SHA512
7d44c67f3b070a0e52778ccf65be83ee3e5cb3447da8ab55acb563882ed1dfe722965b42f40f70537a5ac2799397a5443402342db1c496f2612925c3b01aa079

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
2.1MB

MD5
4227c47009d31f27419322f0de6f07cf

SHA1
85873083f8ee977c4820cc677112725bb9fb9ff8

SHA256
45fd7a6813677021fcbffaee43a617b037e32af73f6db17f4240ae79db3c3e40

SHA512
86c5d80d957e8e5e733c477b3e84ced67b133958aabde81c10158d3980f8daf0293aa602d9f09f30e1d71dc7f9df4d3b776fb3267f74d3b99d28dc2c153435c8

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\firebot-5.57.0-full.nupkg

Filesize
106.5MB

MD5
77df82e162946f2bf5d7e2bf90b09641

SHA1
3ed7e305d2066e99777e779310e13044c9aa43e4

SHA256
a30850652c079d019afe0cac62612bb75076206caacea734a1d64ae301a3bfb4

SHA512
a85e9a0370f82e4fbbafa105497cdff56e85b7a772ecb6ab48afc9b96e3762969f65a6ca6647b05bba8a1c63bca93643a10692b2775a709400bb80e7dd6db83c

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\locales\en-US.pak

Filesize
85KB

MD5
6bbeeb72daebc3b0cbd9c39e820c87a9

SHA1
bd9ebec2d3fc03a2b27f128cf2660b33a3344f43

SHA256
ac1cdb4fb4d9fb27a908ed0e24cc9cc2bd885bc3ffba7e08b0b907fd4d1a8c4b

SHA512
66944fb1abcc2a7e08e5fd8a2cee53eb9da57653d7880aea226f25879e26379f7d745ebf62a3518378fa503f3a31b3ea3716f49fe4c7db4f4af0228b81b53a10

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources.pak

Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources\app.asar

Filesize
122.9MB

MD5
2d32f612971ef65ad38b942ccf9603bf

SHA1
e92e0bd68c472c723560213386199eb8f04e39a2

SHA256
3f2acfec5cee8c01d1469a02715916ed837a8a56f76f75de631da675d14c38dd

SHA512
3c86c4483e742c5e04a317ce8e2271aae655134a144082502a25c6ce39a6a4719680de36193c4adf629f84ab52485bce575881220f259dc52b74fb7f998d06b0

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\v8_context_snapshot.bin

Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
C:\Users\Admin\AppData\Local\firebot\packages\RELEASES

Filesize
79B

MD5
a69acfcb3384e17e685e1c216aff4c7a

SHA1
0ad86a0bf6383cecccc2e970f5b0050b65e6dbe7

SHA256
1ce13906005e6be51c8f50bab24a532ca95231b51ce59a3987a6f6d9db6d99c3

SHA512
7d44c67f3b070a0e52778ccf65be83ee3e5cb3447da8ab55acb563882ed1dfe722965b42f40f70537a5ac2799397a5443402342db1c496f2612925c3b01aa079

Download Submit
C:\Users\Admin\AppData\Local\firebot\packages\firebot-5.57.0-full.nupkg

Filesize
106.5MB

MD5
77df82e162946f2bf5d7e2bf90b09641

SHA1
3ed7e305d2066e99777e779310e13044c9aa43e4

SHA256
a30850652c079d019afe0cac62612bb75076206caacea734a1d64ae301a3bfb4

SHA512
a85e9a0370f82e4fbbafa105497cdff56e85b7a772ecb6ab48afc9b96e3762969f65a6ca6647b05bba8a1c63bca93643a10692b2775a709400bb80e7dd6db83c

Download Submit
C:\Users\Admin\AppData\Local\firebot\update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Roaming\Firebot\v5\global-settings.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Firebot\v5\logs\2023-04-11.log

Filesize
64B

MD5
5ca5d9b672fd0a8f0a254614ca927d23

SHA1
bc3b6b23a451e93d0e355ea20cfb09952acabbc4

SHA256
2916ae90aec189327ad35cc3830cdd1d0ac3a2bea89317d84f92e36e7b9d3113

SHA512
35ac79ee1e1b7bef0ab8b6fc80201e4cd5c362a03d6a7f4f67b3c0c903c19bc3547df8093a20a0be62d99bf153e55d94a0ac0a226878ec2c6f861cc1dfb09877

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/1880-379-0x0000000004CF0000-0x0000000004D00000-memory.dmp

Filesize
64KB

Download
memory/1880-258-0x0000000004CF0000-0x0000000004D00000-memory.dmp

Filesize
64KB

Download
memory/1880-255-0x0000000000250000-0x000000000042A000-memory.dmp

Filesize
1.9MB

Download
memory/2348-355-0x000001C753CE0000-0x000001C753D10000-memory.dmp

Filesize
192KB

Download
memory/3796-140-0x0000000000350000-0x0000000000514000-memory.dmp

Filesize
1.8MB

Download
memory/3796-349-0x0000000005E20000-0x0000000005E40000-memory.dmp

Filesize
128KB

Download
memory/3796-213-0x000000000A140000-0x000000000A14E000-memory.dmp

Filesize
56KB

Download
memory/3796-336-0x0000000005FD0000-0x0000000006062000-memory.dmp

Filesize
584KB

Download
memory/3796-212-0x000000000A180000-0x000000000A1B8000-memory.dmp

Filesize
224KB

Download
memory/3796-144-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

Filesize
64KB

Download
memory/4452-277-0x00007FF918CD0000-0x00007FF918CD1000-memory.dmp

Filesize
4KB

Download
memory/4452-375-0x00000197855B0000-0x00000197855E0000-memory.dmp

Filesize
192KB

Download
memory/4660-362-0x000002310B400000-0x000002310B430000-memory.dmp

Filesize
192KB

Download