d2b43b8c763ae4d48ba0fdf098eda2fc747bf83f89d6656e880dd6e3652d91f8

Resubmissions

11/04/2023, 00:50

230411-a7bjlsbb2z 7

11/04/2023, 00:44

230411-a3t56ahe57 7

Analysis

max time kernel
998s
max time network
1007s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
11/04/2023, 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

firebot-v5.57.0-setup.exe
Size

109.3MB
MD5

8a40b882dda95d442ededa10e0622cf5
SHA1

e6cd260132d059bd2bece9a04892171829825b44
SHA256

d2b43b8c763ae4d48ba0fdf098eda2fc747bf83f89d6656e880dd6e3652d91f8
SHA512

0b0f1b504db3212b41f176be25737fd3bfd2ed2031a2af80eddd5432b06f274b11188eb552e0c1e1d61c33bfb03d5408190d947d644389b389d0d2e1bd1c8f77
SSDEEP

1572864:J++kGudJhl/1r46WFbUpqAsUS9d9t9LBaqAqAU262xUqdyfF+Y5ytR9M8ILZoDEy:JEGuQbNUSZvtabnW8ofFP5WR7yEgtF

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Firebot v5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Firebot v5.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Firebot v5.exe

Executes dropped EXE 8 IoCs

pid	Process
1644	Update.exe
2948	Squirrel.exe
3600	Firebot v5.exe
4292	Firebot v5.exe
4476	Firebot v5.exe
2252	Firebot v5.exe
3696	Firebot v5.exe
3068	Firebot v5.exe

Loads dropped DLL 8 IoCs

pid	Process
3600	Firebot v5.exe
4292	Firebot v5.exe
4476	Firebot v5.exe
2252	Firebot v5.exe
4476	Firebot v5.exe
3696	Firebot v5.exe
3068	Firebot v5.exe
3068	Firebot v5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3768	reg.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1644	Update.exe
1644	Update.exe
3696	Firebot v5.exe
3696	Firebot v5.exe
2252	Firebot v5.exe
2252	Firebot v5.exe
4292	Firebot v5.exe
4292	Firebot v5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1644	Update.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1644	Update.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 1644	1100	firebot-v5.57.0-setup.exe	82
PID 1100 wrote to memory of 1644	1100	firebot-v5.57.0-setup.exe	82
PID 1100 wrote to memory of 1644	1100	firebot-v5.57.0-setup.exe	82
PID 1644 wrote to memory of 2948	1644	Update.exe	89
PID 1644 wrote to memory of 2948	1644	Update.exe	89
PID 1644 wrote to memory of 2948	1644	Update.exe	89
PID 1644 wrote to memory of 3600	1644	Update.exe	90
PID 1644 wrote to memory of 3600	1644	Update.exe	90
PID 3600 wrote to memory of 3768	3600	Firebot v5.exe	92
PID 3600 wrote to memory of 3768	3600	Firebot v5.exe	92
PID 1644 wrote to memory of 4292	1644	Update.exe	94
PID 1644 wrote to memory of 4292	1644	Update.exe	94
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 4476	4292	Firebot v5.exe	95
PID 4292 wrote to memory of 2252	4292	Firebot v5.exe	96
PID 4292 wrote to memory of 2252	4292	Firebot v5.exe	96
PID 4292 wrote to memory of 3696	4292	Firebot v5.exe	100
PID 4292 wrote to memory of 3696	4292	Firebot v5.exe	100
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97
PID 4292 wrote to memory of 3068	4292	Firebot v5.exe	97

C:\Users\Admin\AppData\Local\Temp\firebot-v5.57.0-setup.exe
"C:\Users\Admin\AppData\Local\Temp\firebot-v5.57.0-setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:2948
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --squirrel-install 5.57.0
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3600
  - - C:\Windows\system32\reg.exe
      C:\Windows\system32\reg.exe ADD HKCU\Software\Classes\firebotv5 /f
      4⤵
      Modifies registry key
      PID:3768
- - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
    "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4292
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=gpu-process --field-trial-handle=1572,12206699925217138919,165307499378728830,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1576 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4476
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,12206699925217138919,165307499378728830,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=es --service-sandbox-type=network --mojo-platform-channel-handle=2064 /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:2252
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=gpu-process --field-trial-handle=1572,12206699925217138919,165307499378728830,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1576 /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3068
  - - C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe
      "C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe" --type=renderer --field-trial-handle=1572,12206699925217138919,165307499378728830,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=es --app-user-model-id=com.squirrel.firebot.Firebotv5 --app-path="C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
79B

MD5
a69acfcb3384e17e685e1c216aff4c7a

SHA1
0ad86a0bf6383cecccc2e970f5b0050b65e6dbe7

SHA256
1ce13906005e6be51c8f50bab24a532ca95231b51ce59a3987a6f6d9db6d99c3

SHA512
7d44c67f3b070a0e52778ccf65be83ee3e5cb3447da8ab55acb563882ed1dfe722965b42f40f70537a5ac2799397a5443402342db1c496f2612925c3b01aa079

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
2.1MB

MD5
4227c47009d31f27419322f0de6f07cf

SHA1
85873083f8ee977c4820cc677112725bb9fb9ff8

SHA256
45fd7a6813677021fcbffaee43a617b037e32af73f6db17f4240ae79db3c3e40

SHA512
86c5d80d957e8e5e733c477b3e84ced67b133958aabde81c10158d3980f8daf0293aa602d9f09f30e1d71dc7f9df4d3b776fb3267f74d3b99d28dc2c153435c8

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\firebot-5.57.0-full.nupkg

Filesize
106.5MB

MD5
77df82e162946f2bf5d7e2bf90b09641

SHA1
3ed7e305d2066e99777e779310e13044c9aa43e4

SHA256
a30850652c079d019afe0cac62612bb75076206caacea734a1d64ae301a3bfb4

SHA512
a85e9a0370f82e4fbbafa105497cdff56e85b7a772ecb6ab48afc9b96e3762969f65a6ca6647b05bba8a1c63bca93643a10692b2775a709400bb80e7dd6db83c

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Firebot v5.exe

Filesize
125.1MB

MD5
55a4dda59a975f803ee599e4a6bed2a6

SHA1
5c0f64385e788a36089690b3b3558d63a90ee715

SHA256
1da2bc379083a9c70e27591cdd4ece004bdf32f4cc943e3b9cc2d803a5616c51

SHA512
3e90cf509034230c690a5afbf642ddb007c1b337ca5d64847eff520b490e4d3b811aa2181c1b6ff73d8fdb566386556daa3f0f06b74ec24085d86fe1edbd2de7

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\Squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\chrome_100_percent.pak

Filesize
123KB

MD5
a59ea69d64bf4f748401dc5a46a65854

SHA1
111c4cc792991faf947a33386a5862e3205b0cff

SHA256
f1a935db8236203cbc1dcbb9672d98e0bd2fa514429a3f2f82a26e0eb23a4ff9

SHA512
12a1d953df00b6464ecc132a6e5b9ec3b301c7b3cefe12cbcad27a496d2d218f89e2087dd01d293d37f29391937fcbad937f7d5cf2a6f303539883e2afe3dacd

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\chrome_200_percent.pak

Filesize
183KB

MD5
1985b8fc603db4d83df72cfaeeac7c50

SHA1
5b02363de1c193827062bfa628261b1ec16bd8cf

SHA256
7f9ded50d81c50f9c6ed89591fa621fabbd45cef150c8aabcceb3b7a9de5603b

SHA512
27e90dd18cbce0e27c70b395895ef60a8d2f2f3c3f2ca38f48b7ecf6b0d5e6fefbe88df7e7c98224222b34ff0fbd60268fdec17440f1055535a79002044c955b

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\ffmpeg.dll

Filesize
2.7MB

MD5
b34d74a152e1788532b0acfa8cfbdf1e

SHA1
e99e5a26d8b695b57cb1a1bb0d2c032d822d0461

SHA256
8653b57b37618f11e358c93aad9dc9ef0193f0288f7e59147194e42b0842b50e

SHA512
06f8def21101d8c899c321b3a445e6838f824d6d6305d569b49fb7ad14a197a57c601a8965c50057e7af1d5414b74dd2c79e2f27a58eedab31b3b36202947dd9

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\icudtl.dat

Filesize
9.9MB

MD5
70499b58dc18e7ee1d7452a1d7a8bc6e

SHA1
41c5382f08c6a88670ce73a20c0dcdb3822f19e9

SHA256
02db39ba465fc8b7a4cd280732760f29911edde87b331bf7cea7677e94d483e0

SHA512
a80939e9809bb7d20f00ad685c94d5c182fa729616c975e605abf09afb58376be73a49fefa35b75ed1a284eccf208af7656c8df44c5959df7eaf51367d232dc6

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\locales\es.pak

Filesize
101KB

MD5
7acfaa72d9a182658325e12f4ddd62e1

SHA1
be210eb1df7f70b5e9672517822e5fd4f32f09f1

SHA256
115c1c08de2d8d250cffbdc458f96d716531c122ccefb23c6d3a087828c9792e

SHA512
9d40c3a4f37ffb45a75c69cafc6361e3761ba5413fcb03cca3204c4f4a9e01a66776bb12a46ae0230612d76286f9bf5f1a71e7bc03bd4d51b83f671b37b7c705

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources.pak

Filesize
4.9MB

MD5
5507bc28022b806ea7a3c3bc65a1c256

SHA1
9f8d3a56fef7374c46cd3557f73855d585692b54

SHA256
367467609a389b67600628760c26732fc1a25f563f73263bc2c4bf6eec9033df

SHA512
ae698d4feacc3e908981ee44df3a9d76e42a39bf083eaf099442ace2b863f882b43232e26e2c18051ca7aec81dccef5742acc7b82fb0cda2e14086b14d5a9a26

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\resources\app.asar

Filesize
122.9MB

MD5
2d32f612971ef65ad38b942ccf9603bf

SHA1
e92e0bd68c472c723560213386199eb8f04e39a2

SHA256
3f2acfec5cee8c01d1469a02715916ed837a8a56f76f75de631da675d14c38dd

SHA512
3c86c4483e742c5e04a317ce8e2271aae655134a144082502a25c6ce39a6a4719680de36193c4adf629f84ab52485bce575881220f259dc52b74fb7f998d06b0

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\squirrel.exe

Filesize
1.8MB

MD5
dcdf96ca7708a502eea8b2f9c731a977

SHA1
e78e2a47c57e7f8eaf7d8168fd53dce21eeeb984

SHA256
a83a2a2b2b1450faf6a283d7713a550501e9b006f75160beaee4d22da0a15353

SHA512
35869f36a7c4f23d7a6e6c179785ebdbe40c3e0af9e214e912f98d7676c27d0032a06e1df79c12e59cf66b43e90df9bcda335561e41f30986d1ee3a4c767a3a2

Download Submit
C:\Users\Admin\AppData\Local\firebot\app-5.57.0\v8_context_snapshot.bin

Filesize
160KB

MD5
b64c1fc7d75234994012c86dc5af10a6

SHA1
d0d562b5735d28381d59d0d86078ff6b493a678e

SHA256
31c3aa5645b5487bf484fd910379003786523f3063e946ef9b50d257d0ee5790

SHA512
6218fcb74ef715030a2dd718c87b32f41e976dd4ce459c54a45341ee0f5ca5c927ad507d3afcffe7298b989e969885ed7fb72030ea59387609e8bd5c4b8eb60a

Download Submit
C:\Users\Admin\AppData\Local\firebot\packages\RELEASES

Filesize
79B

MD5
a69acfcb3384e17e685e1c216aff4c7a

SHA1
0ad86a0bf6383cecccc2e970f5b0050b65e6dbe7

SHA256
1ce13906005e6be51c8f50bab24a532ca95231b51ce59a3987a6f6d9db6d99c3

SHA512
7d44c67f3b070a0e52778ccf65be83ee3e5cb3447da8ab55acb563882ed1dfe722965b42f40f70537a5ac2799397a5443402342db1c496f2612925c3b01aa079

Download Submit
C:\Users\Admin\AppData\Local\firebot\packages\firebot-5.57.0-full.nupkg

Filesize
106.5MB

MD5
77df82e162946f2bf5d7e2bf90b09641

SHA1
3ed7e305d2066e99777e779310e13044c9aa43e4

SHA256
a30850652c079d019afe0cac62612bb75076206caacea734a1d64ae301a3bfb4

SHA512
a85e9a0370f82e4fbbafa105497cdff56e85b7a772ecb6ab48afc9b96e3762969f65a6ca6647b05bba8a1c63bca93643a10692b2775a709400bb80e7dd6db83c

Download Submit
C:\Users\Admin\AppData\Local\firebot\update.exe

Filesize
1.7MB

MD5
095254c23cb3172b9254a8b7538f7f8b

SHA1
a9e35f3a81e92911e260ec9694232d7edbcf0ce4

SHA256
1dacaeafc733021fdd9be7929af609950eade2de72e0b7de48002c48e0c41470

SHA512
67830e3b8dd2bda3dd38ac6c7d15bb9b2f65c0bcc26ed5efd97e0fddfa88c096f49fb5b67bfca752a60e18278cf86e09bc9958f3c70b2cfb2f61c92f4e87e6e6

Download Submit
C:\Users\Admin\AppData\Roaming\Firebot\v5\global-settings.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\firebotv5\Network Persistent State

Filesize
368B

MD5
0e5fc50ce87073d14003ae3851d41426

SHA1
5ed2f3f93b3db15b1a0be22f1e31f50d5f70afda

SHA256
f9df54a08ce31a695a8cd778fd90467889108964eabe0ece3a17c10d1cfcef6c

SHA512
63fae5b18d4b04aab00bcfae872baf897c31cd9355c7913d88c1df8ad71fa5cf5928fb6e672c3d1a011e36ff82d2640346f1bc113040b5ec4746800f084f1729

Download Submit
C:\Users\Admin\AppData\Roaming\firebotv5\Network Persistent State~RFe587bd2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
memory/1644-213-0x000000000A050000-0x000000000A088000-memory.dmp

Filesize
224KB

Download
memory/1644-140-0x0000000000130000-0x00000000002F4000-memory.dmp

Filesize
1.8MB

Download
memory/1644-287-0x000000000E3A0000-0x000000000E3C0000-memory.dmp

Filesize
128KB

Download
memory/1644-286-0x000000000C240000-0x000000000C25A000-memory.dmp

Filesize
104KB

Download
memory/1644-214-0x000000000A030000-0x000000000A03E000-memory.dmp

Filesize
56KB

Download
memory/1644-284-0x000000000E6E0000-0x000000000E772000-memory.dmp

Filesize
584KB

Download
memory/1644-290-0x0000000010C80000-0x0000000010CC0000-memory.dmp

Filesize
256KB

Download
memory/1644-145-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/1644-143-0x0000000005630000-0x0000000005732000-memory.dmp

Filesize
1.0MB

Download
memory/2948-259-0x0000000004BA0000-0x0000000004BB0000-memory.dmp

Filesize
64KB

Download
memory/2948-256-0x0000000000220000-0x00000000003FA000-memory.dmp

Filesize
1.9MB

Download
memory/3068-338-0x000001E982970000-0x000001E982A9A000-memory.dmp

Filesize
1.2MB

Download
memory/4476-302-0x00007FFBBB380000-0x00007FFBBB381000-memory.dmp

Filesize
4KB

Download
memory/4476-331-0x0000022AA2E20000-0x0000022AA2F4A000-memory.dmp

Filesize
1.2MB

Download