4b9c70d118803fbc80d0269caa2809e1842d7d5a155da6df7eefdbf0b511bd12

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
31-01-2023 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreeMind-Windows-Installer-1.0.1-max.exe
Size

35.9MB
MD5

5550a8e4906706c418a052ee9537882a
SHA1

a364e3ade0946c82760c14fed5a6640ff0deace0
SHA256

4b9c70d118803fbc80d0269caa2809e1842d7d5a155da6df7eefdbf0b511bd12
SHA512

38b3db73fa2a3bc5d8e5b83325b05ed8c395a2acdf66afcb2286a244f6dba4f148fd61f1b4d9a4fa1cab5e207a09561897e9b2cfb148c192e1953a030ae41a90
SSDEEP

786432:zeO0u8P0hWcru78Nh0MIgiZW8t1iUJi9fT8qr6bWrZCv1/CEaN5Vhv:zeFcro8T0MkD4r8qr6bWgv1CNfhv

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
2844	FreeMind.exe

Loads dropped DLL 9 IoCs

pid	Process
1176	FreeMind-Windows-Installer-1.0.1-max.exe
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\FreeMind\accessories\is-JIAV2.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-DQ91B.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-67FO7.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-062QJ.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-64MQD.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\lib\is-Q1RAD.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\is-R3N0H.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-JJLD4.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-35GOJ.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-G5ASD.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-4N6HR.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\lib\is-1AM0O.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\lib\is-91DBL.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-P0VF0.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-13LSC.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-MRCV7.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-SUSA0.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-L4O53.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\lib\is-K5RG0.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-CGBEB.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-ROA35.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-MCGME.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-IEIVU.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\is-DAUM9.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-N2U7O.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-VSRND.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-KEMJH.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-T24JF.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-HMBBA.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-EQQF7.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-3KOV9.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\lib\jibx\is-G77EN.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\is-MK9N3.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-56H7N.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-9QG1C.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-BJU90.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\script\is-788J8.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-FIKQU.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-DB5UT.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-0OA1Q.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-6UPCH.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-S40MI.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-7S071.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\browser\is-FO6RQ.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-28Q1H.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\is-F36QL.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-Q4E0T.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-EN7RH.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-887CA.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-PJPP0.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-RO11Q.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-SDSDH.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\is-ANNTQ.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-D5UKF.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-53QIL.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\doc\is-SEUMT.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\lib\is-13VDJ.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\help\is-SVEA0.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-KP3SG.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\is-KPDSD.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\accessories\is-PR15H.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\browser\is-LJESS.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\script\is-8QPEF.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp
File created	C:\Program Files (x86)\FreeMind\plugins\svg\is-FUL04.tmp	FreeMind-Windows-Installer-1.0.1-max.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind	FreeMind-Windows-Installer-1.0.1-max.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind\ = "Freemind"	FreeMind-Windows-Installer-1.0.1-max.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind\DefaultIcon	FreeMind-Windows-Installer-1.0.1-max.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind\shell\open\command	FreeMind-Windows-Installer-1.0.1-max.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind\shell\open	FreeMind-Windows-Installer-1.0.1-max.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind\shell\open\command\ = "\"C:\\Program Files (x86)\\FreeMind\\freemind.exe\" \"%1\""	FreeMind-Windows-Installer-1.0.1-max.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mm	FreeMind-Windows-Installer-1.0.1-max.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind\DefaultIcon\ = "C:\\Program Files (x86)\\FreeMind\\freemind.exe,1"	FreeMind-Windows-Installer-1.0.1-max.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Freemind\shell	FreeMind-Windows-Installer-1.0.1-max.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mm\ = "Freemind"	FreeMind-Windows-Installer-1.0.1-max.tmp

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2040	chrome.exe
1684	chrome.exe
1768	chrome.exe
1768	chrome.exe
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
1228	FreeMind-Windows-Installer-1.0.1-max.tmp
2624	chrome.exe
2632	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe
1768	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2876	javaw.exe
2876	javaw.exe
2876	javaw.exe
2876	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 1228	1176	FreeMind-Windows-Installer-1.0.1-max.exe	28
PID 1176 wrote to memory of 1228	1176	FreeMind-Windows-Installer-1.0.1-max.exe	28
PID 1176 wrote to memory of 1228	1176	FreeMind-Windows-Installer-1.0.1-max.exe	28
PID 1176 wrote to memory of 1228	1176	FreeMind-Windows-Installer-1.0.1-max.exe	28
PID 1176 wrote to memory of 1228	1176	FreeMind-Windows-Installer-1.0.1-max.exe	28
PID 1176 wrote to memory of 1228	1176	FreeMind-Windows-Installer-1.0.1-max.exe	28
PID 1176 wrote to memory of 1228	1176	FreeMind-Windows-Installer-1.0.1-max.exe	28
PID 756 wrote to memory of 1500	756	chrome.exe	30
PID 756 wrote to memory of 1500	756	chrome.exe	30
PID 756 wrote to memory of 1500	756	chrome.exe	30
PID 1768 wrote to memory of 1704	1768	chrome.exe	32
PID 1768 wrote to memory of 1704	1768	chrome.exe	32
PID 1768 wrote to memory of 1704	1768	chrome.exe	32
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 996	1768	chrome.exe	33
PID 1768 wrote to memory of 2040	1768	chrome.exe	34
PID 1768 wrote to memory of 2040	1768	chrome.exe	34
PID 1768 wrote to memory of 2040	1768	chrome.exe	34
PID 756 wrote to memory of 1936	756	chrome.exe	35
PID 756 wrote to memory of 1936	756	chrome.exe	35
PID 756 wrote to memory of 1936	756	chrome.exe	35
PID 756 wrote to memory of 1936	756	chrome.exe	35
PID 756 wrote to memory of 1936	756	chrome.exe	35
PID 756 wrote to memory of 1936	756	chrome.exe	35
PID 756 wrote to memory of 1936	756	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\FreeMind-Windows-Installer-1.0.1-max.exe
"C:\Users\Admin\AppData\Local\Temp\FreeMind-Windows-Installer-1.0.1-max.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Users\Admin\AppData\Local\Temp\is-5VR6B.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5VR6B.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp" /SL5="$A0126,37343890,56832,C:\Users\Admin\AppData\Local\Temp\FreeMind-Windows-Installer-1.0.1-max.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64d4f50,0x7fef64d4f60,0x7fef64d4f70
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1100,10366068023319696375,17237560607380073877,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1112 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1100,10366068023319696375,17237560607380073877,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64d4f50,0x7fef64d4f60,0x7fef64d4f70
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1116 /prefetch:2
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1748 /prefetch:8
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3292 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4132 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4148 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4384 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4092 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1036 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=912 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=936,5127652988937705886,17884979670816845844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=544 /prefetch:8
  2⤵
  PID:2656

C:\Program Files (x86)\FreeMind\FreeMind.exe
"C:\Program Files (x86)\FreeMind\FreeMind.exe"
1⤵
- Executes dropped EXE
PID:2844
- C:\Program Files\Java\jre7\bin\javaw.exe
  "C:\Program Files\Java\jre7\bin\javaw.exe" -Xms256m -Xmx256m -jar "C:\Program Files (x86)\FreeMind\lib\freemind.jar"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\FreeMind\FreeMind.exe

Filesize
89KB

MD5
4accd21e5dbc500ea93070e06ba966a9

SHA1
0cc3737eab20b3d4720ecf43d217821d0a0433cf

SHA256
0bf38f407dcd308032171e4aee741f8e51066b4802b62d101065816c1c85cfa8

SHA512
f580e4c48ec4cc3e56a3cc120a16ef9376a25809154d7e2ed2b496b9ff45d5acab4002f779e29277f6196840c88adecb95e21c35aee68c05ffc4e1ce7730507b

Download Submit
C:\Program Files (x86)\FreeMind\dictionaries.properties

Filesize
65B

MD5
0d2546d756a4ccf99fa4ece68a80f6e3

SHA1
f83ba09c0593b5769bcd3ef1b352b4cc4c424eb5

SHA256
13e12982ec0598bd4e5152165d3a7117fd84862c4d6415eb6671f08168bc0ae6

SHA512
b32a13b05cd23da4b8b83f77a869b0fba731523f23b5941af742112868c1437be77552248a76b380f8e2406385b0904d93444c555bf03fe24dd8eb813f3fcc75

Download Submit
C:\Program Files (x86)\FreeMind\dictionary_en.ortho

Filesize
1.6MB

MD5
99eee1ba4808cd6c517426bd63e92a98

SHA1
1f634de41c5377a214fa084e472e4f65d6a19761

SHA256
542dd4e054548010aee06790571db3f840916e023ce0f62b9639366eb7d0990b

SHA512
e1eef7d11ba402958056add207a7a16b3289d89444cb1f94959c65436ed40d9eb36080c2ff51358c7ecd7358ce676c4ac4522434fc1bab1d72adc2ed95b6603e

Download Submit
C:\Program Files (x86)\FreeMind\lib\SimplyHTML\SimplyHTML.jar

Filesize
420KB

MD5
3bdc3816da9e6fd3230c3095b1930fba

SHA1
1f58227b90ef935260ac88ca2611783397dda493

SHA256
a267bb23668cc6ec63908d88da53d3d20316b8f63f610a22f87e503986dcb676

SHA512
1386343ba52e0bc24ab2ff7f7edbbf0e006683cfe9df642729ad9936a3a9f944ba559800434050d8442c17f7b05dc1626e143805bf579de08d4b31cf42dac40b

Download Submit
C:\Program Files (x86)\FreeMind\lib\SimplyHTML\gnu-regexp-1.1.4.jar

Filesize
29KB

MD5
f41316762b63c9a94ca95af90ea0809e

SHA1
85cae44e6ff2199d20a46e91c171fceecace2ca1

SHA256
748cf1b23aac742500c5823fa579fbad357e3dcbc159bbe1d2dca771ccd16d2c

SHA512
10b3259733c10fb3fe8f0f227861947339147fb29b8c7e5f987b6160a814992a81133d070361694f931d834c0a214d347d2849965da3a2b9baa3ac16e3c4343d

Download Submit
C:\Program Files (x86)\FreeMind\lib\bindings.jar

Filesize
441KB

MD5
bb3a19d8e73e38a26b28a0faa2953c46

SHA1
037141ba4aabb4785d50411334525c5dc297ce02

SHA256
5f205201799414ac5b66b4462ab520a794f8e32b4fa70edd44c44bc2889afcc1

SHA512
7083985e6453a279a7346022255221f50f17d20fe5e428fd31b812c3eb47a7de9db8d38e15e7c85cad8cd371365a787ba774a0ddbc3e94caac648ef894178f44

Download Submit
C:\Program Files (x86)\FreeMind\lib\forms-1.0.5.jar

Filesize
83KB

MD5
58c0058b95c19e2b5eb4380b5278a99c

SHA1
c08e06c22a1828b6f401adadd0431fb8df7d797c

SHA256
ff0e24499a110b40d3e8d8dc94de6c55056015b14e1fed4377185018bedbb8b0

SHA512
18498a7b6b7d42b1a4251060331ecb8c95e2d50c6c2a0d72cf4f7b627b123337215336bb2d806b080c6e0cb4c57c084649cb17d3477d05e1873d1da88c6a2910

Download Submit
C:\Program Files (x86)\FreeMind\lib\freemind.jar

Filesize
11.2MB

MD5
0ff11aab57ff24382fd6f8fe37535f56

SHA1
6881636052ca669d5c01badd8a19ed6933c6e191

SHA256
6d547ed42a27c3a1b1b80c60de31906f37d23c6eecd5fc11b21755f28962e0d7

SHA512
d5a5c3a613bce5537bc761330ff7865e9f13988f2047b0baa915806be02d173fbb51aac70c8dc812676494484e6d683f22bb2a1c33c67489b8a2ea6a58c58bfb

Download Submit
C:\Program Files (x86)\FreeMind\lib\jibx\jibx-run.jar

Filesize
133KB

MD5
49974a5b7d1a60af54a53d7df3722e95

SHA1
2f8dee415316f637264fc6ed6c028bf88dffa377

SHA256
9e5e5b88d9500ab1e62bfed63d6972eafc2d01278d86be04ced43b7ae3ccecc0

SHA512
b5afddc2c06961cd502a75282df9c9dcdfbce48a1512c82dae2eec9e19e4279de32d233e068ee53d64b4798e9107eca1c2deef06cc0051a2286ca8e756421d17

Download Submit
C:\Program Files (x86)\FreeMind\lib\jibx\xpp3.jar

Filesize
117KB

MD5
799105b1ea95641f626806717c1ef8a0

SHA1
1c165262edac1c1e4f0a67c1643c4b7476187034

SHA256
ebcdef45cb16eeb113032b27c8537fd98d6f46b1071b6765febd596b8cac0f1a

SHA512
b9c527961d62b015936f67a6adc701b319617c358043972d3c19377c671b6adaabd664f682fb5ab2d863a8984ad976c7044157290fa33b3b71cc5b4adff2d3b6

Download Submit
C:\Program Files (x86)\FreeMind\lib\jortho.jar

Filesize
55KB

MD5
c06140d0aaef9c7c5a67a3337524ee83

SHA1
d4d0c56d5393d60c45d551eb8d42dcfe1297565b

SHA256
d904041dd56aea43cba4976252d1980752be2f86a9fed7ee53c3462036ba5858

SHA512
237a8000312bc5dcb74b02d3cdc0243ba024fdb5103f73527d54a1b98809e60da02186850be417bd969d7e2df69e863b0a2f43db8f6e31f53da91c7ff073bae7

Download Submit
C:\Program Files (x86)\FreeMind\lib\serializer.jar

Filesize
271KB

MD5
a6b64dfe58229bdd810263fa0cc54cff

SHA1
4b4b18df434451249bb65a63f2fb69e215a6a020

SHA256
a15078d243d4a20b6b4e8ae2f61ed4655e352054e121aada6f7441f1ed445a3c

SHA512
2897f9d80e0cdbd5d327184f59c6c1f2875456fdbbd8b366df8ff8682a452523e756d48f20e3c831881c1fd17fed94c8e9492d3cd453859161843264b12e4497

Download Submit
C:\Program Files (x86)\FreeMind\lib\xalan.jar

Filesize
3.0MB

MD5
d43aad24f2c143b675292ccfef487f9c

SHA1
75f1d83ce27bab5f29fff034fc74aa9f7266f22a

SHA256
55a2e95144acf1abe44fea91c2948525c9b1f00fcaa1d10e753e92872ffbdd1e

SHA512
6b6c59cffccc1f3c8d3e8080c25d831ca8a56cc615efe2a3f966f0e8f57cf4347d1068adb23949de77464e9e956f94f4355e5ea85131600494351c086298d5ae

Download Submit
C:\Program Files (x86)\FreeMind\lib\xercesImpl.jar

Filesize
1.2MB

MD5
33ec8d237cbaceeffb2c2a7f52afd79a

SHA1
868c0792233fc78d8c9bac29ac79ade988301318

SHA256
9c55051d9473f1a8d27b00eeeb139fd89983cd93a8b8da187abad53eaa84c3d4

SHA512
1449caba5537d6b46a85d9b9cb9c9259cc93c2d8a02c0ee12702e7f3faa1cb4413c7eb311b217253fd19bffcccfec4002f4c1fc426e3e64415f938a87fd25346

Download Submit
C:\Program Files (x86)\FreeMind\lib\xml-apis.jar

Filesize
189KB

MD5
9ae9c29e4497fc35a3eade1e6dd0bbeb

SHA1
90b215f48fe42776c8c7f6e3509ec54e84fd65ef

SHA256
d404aa881eb9c5f7a4fb546e84ea11506cd417a72b5972e88eff17f43f9f8a64

SHA512
1086a52924add2406e0b4ec7219a8783ac20e02a32a7a2461efbf092f0070501f7cade9c0588907c403352f1a48f80b950e6d40b2e4e3e9eb886e7db4e97bdec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e2bef241a62ab33280f991285ff2da5a

SHA1
14b6eca7e1ba753b1922dcdc32fe7e564b81f4d9

SHA256
0ec0fa954061b903ef702d74e6a9622baf6e325a80403d5f21dce2b7cf368fb6

SHA512
7ab359d434979331bb2c77d9370cb8ef7a707aaaddf4ff908a5e10b8f777c989ef02891e32eeb842f745d2d2096d8dfa3ece5fcbee63c6c1d4b4a060cbdae0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e2bef241a62ab33280f991285ff2da5a

SHA1
14b6eca7e1ba753b1922dcdc32fe7e564b81f4d9

SHA256
0ec0fa954061b903ef702d74e6a9622baf6e325a80403d5f21dce2b7cf368fb6

SHA512
7ab359d434979331bb2c77d9370cb8ef7a707aaaddf4ff908a5e10b8f777c989ef02891e32eeb842f745d2d2096d8dfa3ece5fcbee63c6c1d4b4a060cbdae0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e2bef241a62ab33280f991285ff2da5a

SHA1
14b6eca7e1ba753b1922dcdc32fe7e564b81f4d9

SHA256
0ec0fa954061b903ef702d74e6a9622baf6e325a80403d5f21dce2b7cf368fb6

SHA512
7ab359d434979331bb2c77d9370cb8ef7a707aaaddf4ff908a5e10b8f777c989ef02891e32eeb842f745d2d2096d8dfa3ece5fcbee63c6c1d4b4a060cbdae0aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
103KB

MD5
fcc2b90a51380a04502fe43585f4961d

SHA1
e80d00c0df6cfe9c4aa6837c0d16c2a2c4bb3948

SHA256
e62b0973e688cd7b4b66562d9fabde478b2f1909e53b67dc4179d3aa2555c987

SHA512
eb502ca03d4ee99b73179d44ffcdd5b9ddef2c2522821dd97fc1808b52b089d5a17eaba46a6f407038ba73bce5c51afb4a6c1ce2d3aa0cb3f96f0092bcceedfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5VR6B.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5VR6B.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
\Program Files (x86)\FreeMind\FreeMind.exe

Filesize
89KB

MD5
4accd21e5dbc500ea93070e06ba966a9

SHA1
0cc3737eab20b3d4720ecf43d217821d0a0433cf

SHA256
0bf38f407dcd308032171e4aee741f8e51066b4802b62d101065816c1c85cfa8

SHA512
f580e4c48ec4cc3e56a3cc120a16ef9376a25809154d7e2ed2b496b9ff45d5acab4002f779e29277f6196840c88adecb95e21c35aee68c05ffc4e1ce7730507b

Download Submit
\Program Files (x86)\FreeMind\FreeMind.exe

Filesize
89KB

MD5
4accd21e5dbc500ea93070e06ba966a9

SHA1
0cc3737eab20b3d4720ecf43d217821d0a0433cf

SHA256
0bf38f407dcd308032171e4aee741f8e51066b4802b62d101065816c1c85cfa8

SHA512
f580e4c48ec4cc3e56a3cc120a16ef9376a25809154d7e2ed2b496b9ff45d5acab4002f779e29277f6196840c88adecb95e21c35aee68c05ffc4e1ce7730507b

Download Submit
\Program Files (x86)\FreeMind\FreeMind.exe

Filesize
89KB

MD5
4accd21e5dbc500ea93070e06ba966a9

SHA1
0cc3737eab20b3d4720ecf43d217821d0a0433cf

SHA256
0bf38f407dcd308032171e4aee741f8e51066b4802b62d101065816c1c85cfa8

SHA512
f580e4c48ec4cc3e56a3cc120a16ef9376a25809154d7e2ed2b496b9ff45d5acab4002f779e29277f6196840c88adecb95e21c35aee68c05ffc4e1ce7730507b

Download Submit
\Program Files (x86)\FreeMind\unins000.exe

Filesize
701KB

MD5
6cebdc06632ac5bf26e476f4ef979517

SHA1
21f9e39709cf3870595cffaefbcf2000d974b63f

SHA256
1fbaf460b95d1c10156e41dfea583dc33f947cacbd949ff920c53a4b49b4b5b1

SHA512
5f350c6a957e39e6cfccdb40810ed87b7a8453781879ed96a7f76937a692e5aa7b48bf0a7ba654dfb13a57b0584003b74210a81cd21f39816010c84195a99a2f

Download Submit
\Users\Admin\AppData\Local\Temp\is-1SVLB.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
\Users\Admin\AppData\Local\Temp\is-1SVLB.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-1SVLB.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-1SVLB.tmp\isxbb.dll

Filesize
11KB

MD5
3133066770f4cbabc512bb73ca6c39ff

SHA1
5ea2a744442c521c72c2c9de7513cd05b961e591

SHA256
8acfa833388f02a698896ca8c581d098c9ea71d5d38b3d40757e1693788f1565

SHA512
7bcf1d56301b4f40ac10ba74f80c1cb21b6e95ef382c1310e4b2086da709eb62a3eb870c05a44990d75015f4fcfda4873442e1e42d0083f9bda2f7939e612234

Download Submit
\Users\Admin\AppData\Local\Temp\is-5VR6B.tmp\FreeMind-Windows-Installer-1.0.1-max.tmp

Filesize
690KB

MD5
a2c4d52c66b4b399facadb8cc8386745

SHA1
c326304c56a52a3e5bfbdce2fef54604a0c653e0

SHA256
6c0465ce64c07e729c399a338705941d77727c7d089430957df3e91a416e9d2a

SHA512
2a66256ff8535e2b300aa0ca27b76e85d42422b0aaf5e7e6d055f7abb9e338929c979e185c6be8918d920fb134b7f28a76b714579cacb8ace09000c046dd34d6

Download Submit
memory/1176-78-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1176-55-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1176-54-0x0000000074FA1000-0x0000000074FA3000-memory.dmp

Filesize
8KB

Download
memory/1176-61-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1228-72-0x00000000740F1000-0x00000000740F3000-memory.dmp

Filesize
8KB

Download
memory/2876-104-0x00000000022E0000-0x00000000052E0000-memory.dmp

Filesize
48.0MB

Download
memory/2876-105-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download
memory/2876-106-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download
memory/2876-82-0x000007FEFB5E1000-0x000007FEFB5E3000-memory.dmp

Filesize
8KB

Download
memory/2876-110-0x00000000022E0000-0x00000000052E0000-memory.dmp

Filesize
48.0MB

Download
memory/2876-112-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download
memory/2876-111-0x00000000003B0000-0x00000000003BA000-memory.dmp

Filesize
40KB

Download