acbf56c935ee70f6ed11eb6dbc790a030bab97f69f2166a74df0a4bd709fa2e0

Analysis

max time kernel
35s
max time network
308s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2023 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freedomgpt-1.1.2.Setup.exe
Size

94.8MB
MD5

d5a4206a94a54ef822c7fb919f50df81
SHA1

e1ec3f08578b2f8e342fdb4527194fb115a44acc
SHA256

acbf56c935ee70f6ed11eb6dbc790a030bab97f69f2166a74df0a4bd709fa2e0
SHA512

bc2c48258af79bf5d9b97dd0a35d7deb8d03a64a4174614a06860948ae4bc48ccb3cfd14e8a342b31d6484ba87c4c03c450cfd1916dd9f3f5e6d858946e316c5
SSDEEP

1572864:cSpvrBAu74kSOkPFYmRw+N61uKtWYNvRz4G1Q+NzYY2qYtc391NCHnF1FLTcPrq1:/bAuMOkdYvptjhZ4eQ+Nb2qYtc39jCHL

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	Update.exe

Executes dropped EXE 4 IoCs

pid	Process
5036	Update.exe
1280	Squirrel.exe
3736	freedomgpt.exe
2284	freedomgpt.exe

Loads dropped DLL 2 IoCs

pid	Process
3736	freedomgpt.exe
2284	freedomgpt.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5036	Update.exe
5036	Update.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5036	Update.exe
Token: SeShutdownPrivilege	2284	freedomgpt.exe
Token: SeCreatePagefilePrivilege	2284	freedomgpt.exe
Token: SeShutdownPrivilege	2284	freedomgpt.exe
Token: SeCreatePagefilePrivilege	2284	freedomgpt.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5036	Update.exe
2284	freedomgpt.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 5036	1692	freedomgpt-1.1.2.Setup.exe	87
PID 1692 wrote to memory of 5036	1692	freedomgpt-1.1.2.Setup.exe	87
PID 5036 wrote to memory of 1280	5036	Update.exe	91
PID 5036 wrote to memory of 1280	5036	Update.exe	91
PID 5036 wrote to memory of 3736	5036	Update.exe	93
PID 5036 wrote to memory of 3736	5036	Update.exe	93
PID 5036 wrote to memory of 2284	5036	Update.exe	95
PID 5036 wrote to memory of 2284	5036	Update.exe	95
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96
PID 2284 wrote to memory of 4044	2284	freedomgpt.exe	96

C:\Users\Admin\AppData\Local\Temp\freedomgpt-1.1.2.Setup.exe
"C:\Users\Admin\AppData\Local\Temp\freedomgpt-1.1.2.Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\Squirrel.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:1280
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --squirrel-install 1.1.2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3736
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --squirrel-firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2284
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1820,i,5584248737264025013,2119221253973476627,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --app-user-model-id=com.squirrel.FreedomGPT.freedomgpt --app-path="C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2404 --field-trial-handle=1820,i,5584248737264025013,2119221253973476627,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      PID:4892
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --mojo-platform-channel-handle=2008 --field-trial-handle=1820,i,5584248737264025013,2119221253973476627,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 --field-trial-handle=1820,i,5584248737264025013,2119221253973476627,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      PID:4604

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\Squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\icudtl.dat

Filesize
10.1MB

MD5
adfd2a259608207f256aeadb48635645

SHA1
300bb0ae3d6b6514fb144788643d260b602ac6a4

SHA256
7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050

SHA512
8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libEGL.dll

Filesize
473KB

MD5
51b892051a4e9f8f14a648172702e1d5

SHA1
860ec851dedf91f50113d95a0acb8179dfba4b10

SHA256
69daf31af2eec32f055cf5856b3d53a92b32d45567fdebfc8f0f0c1dc7e26089

SHA512
ff435e433520917636b2e659cb5c2b6787291a658be2a5cfd1e3fa2c03a5223c341a658b5c3ced3dad7aba74179a230219bb5e258fc20774a971782b5c02404d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libGLESv2.dll

Filesize
7.2MB

MD5
1391390ef7bc6973e878546e5e749e3a

SHA1
8df79139137b7ad7b5f7a63815bd1b5ab396fb64

SHA256
31e9da5191d3f5f0f68ed23673308c52b52b8c2f4d69341d87fde418a63b9d5e

SHA512
13d7a7219b99699c62c6ff02c765cdc36c1157f47fb4eb0ecac06b109206d790b2d25b106a79c7eea236a25807cfffa35106434ec999f2819376f0839c288de5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libegl.dll

Filesize
473KB

MD5
51b892051a4e9f8f14a648172702e1d5

SHA1
860ec851dedf91f50113d95a0acb8179dfba4b10

SHA256
69daf31af2eec32f055cf5856b3d53a92b32d45567fdebfc8f0f0c1dc7e26089

SHA512
ff435e433520917636b2e659cb5c2b6787291a658be2a5cfd1e3fa2c03a5223c341a658b5c3ced3dad7aba74179a230219bb5e258fc20774a971782b5c02404d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libglesv2.dll

Filesize
7.2MB

MD5
1391390ef7bc6973e878546e5e749e3a

SHA1
8df79139137b7ad7b5f7a63815bd1b5ab396fb64

SHA256
31e9da5191d3f5f0f68ed23673308c52b52b8c2f4d69341d87fde418a63b9d5e

SHA512
13d7a7219b99699c62c6ff02c765cdc36c1157f47fb4eb0ecac06b109206d790b2d25b106a79c7eea236a25807cfffa35106434ec999f2819376f0839c288de5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\locales\en-US.pak

Filesize
326KB

MD5
19d18f8181a4201d542c7195b1e9ff81

SHA1
7debd3cf27bbe200c6a90b34adacb7394cb5929c

SHA256
1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb

SHA512
af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources.pak

Filesize
5.2MB

MD5
a25607b61da11ffc7def1bf5aebd12d8

SHA1
2d0d846f49437cc424263600ffd709621d695fa7

SHA256
587844d8e4afcf492fe17cd70bf60c175701726eda1ca0768d1c6913f0713bd9

SHA512
0abb12cedefb272b7dd7bb9eba14f569c28d5d0eba49e4212f54ee6efd36e7bd0398d2da37bafded9bfefbd5abda4481bce04f12848c50200a1cdeea20537dfc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app\.webpack\main\index.js

Filesize
822KB

MD5
a5efabbf36a65f5afd1217bab67304e7

SHA1
333f576384e04a1dcba86dc6bcba0b087b315207

SHA256
0d14332a010e6d3a64e1dcecada85b1d377390f1d932fe5ad13f3bab0c83df45

SHA512
eba1f11faf2ee22a98c790cafab6b8d3569aa8c371ca224b7984ea6caa30e7c1a613ce0b4a6ac78a43d4c217913381fdc98fb421c9b89a72810b6099323264a4

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app\package.json

Filesize
2KB

MD5
07e7656c2ee98e76a8f44c8953492662

SHA1
618e6b60e7ad8ee9f6b46e4a6edb2570a974160b

SHA256
65ec4e08fa093048e932dc6d9eadd24607909174aeff87f1424740d336fe5b1a

SHA512
e274cc81e64b68187bad6066071f633b56f3837b2efa774050b03d34ee98261604d4d19c84e24a17dd013733ec6e870735ad7a4c75f3d087b9b8256410b2697d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\v8_context_snapshot.bin

Filesize
465KB

MD5
73828e08c1432e49a17416bb7dd2abb4

SHA1
83167a7dd282aef3ad8be66a2c168a6e15706616

SHA256
91fab2bc8a09cc544625bde8d6e9568619a2292aea1192fb36d804bc7adc19cf

SHA512
27ed3c1bf35128af87f8a45f999560991d162976360e2b4fbc980fd93373050432a9f0a3db88924529d2284a173772f555b9c4ffe80f46ecef7976a3ebae9ac5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vk_swiftshader.dll

Filesize
5.0MB

MD5
53e22d9beab64df1c37f1770b629a4bf

SHA1
fa19a12fd084a69d2c4fc706795f0a766b34deea

SHA256
823c3cc9b229c824e3fb89e4b5430dec5c0b42fc3f7c7e56ee4a6095b8df83d1

SHA512
3f21b7617c8494bf9f81ed008dcd65bf5d416189e861e2ace6c8d447b8d4f8e758d2019edad3d9d81b4dd1404abd57a6a3a82418ea13ba0b2d24dbf29d1ba2e8

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vk_swiftshader.dll

Filesize
5.0MB

MD5
53e22d9beab64df1c37f1770b629a4bf

SHA1
fa19a12fd084a69d2c4fc706795f0a766b34deea

SHA256
823c3cc9b229c824e3fb89e4b5430dec5c0b42fc3f7c7e56ee4a6095b8df83d1

SHA512
3f21b7617c8494bf9f81ed008dcd65bf5d416189e861e2ace6c8d447b8d4f8e758d2019edad3d9d81b4dd1404abd57a6a3a82418ea13ba0b2d24dbf29d1ba2e8

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vk_swiftshader.dll

Filesize
5.0MB

MD5
53e22d9beab64df1c37f1770b629a4bf

SHA1
fa19a12fd084a69d2c4fc706795f0a766b34deea

SHA256
823c3cc9b229c824e3fb89e4b5430dec5c0b42fc3f7c7e56ee4a6095b8df83d1

SHA512
3f21b7617c8494bf9f81ed008dcd65bf5d416189e861e2ace6c8d447b8d4f8e758d2019edad3d9d81b4dd1404abd57a6a3a82418ea13ba0b2d24dbf29d1ba2e8

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vulkan-1.dll

Filesize
904KB

MD5
15e549933586a6fdeb83dfce6548eb87

SHA1
bdd3897af1a73cd088be2e410916da3c92135562

SHA256
baaa7b43e45a7f03f51c708ae9c5a50008babe6113dcfbafe511fa05258c71e2

SHA512
6e2ee60fed20d101cd9406548e5d642835f71be67810521a822230904ccc6c83115d85d0f685fcef57bd03eb5e0a835e34aa84bb0dffaff7f4580df24cf0fb9c

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vulkan-1.dll

Filesize
904KB

MD5
15e549933586a6fdeb83dfce6548eb87

SHA1
bdd3897af1a73cd088be2e410916da3c92135562

SHA256
baaa7b43e45a7f03f51c708ae9c5a50008babe6113dcfbafe511fa05258c71e2

SHA512
6e2ee60fed20d101cd9406548e5d642835f71be67810521a822230904ccc6c83115d85d0f685fcef57bd03eb5e0a835e34aa84bb0dffaff7f4580df24cf0fb9c

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\FreedomGPT-1.1.2-full.nupkg

Filesize
93.6MB

MD5
37c95f0480adc8344d6756ed3b1b1915

SHA1
87b646bae61c4772aaa4aa1d0f4d124ed1872f7f

SHA256
30ebe368fe9af14aac037d0184d38392790176334230a8ea19cb6ca2acea593c

SHA512
7a7f70044efa24e72690565a0986f50b3e42e852a49b47e77fe221b85112581517bdf7f023cc6867fa0ed32bbbba246765ba2985120bfc3bc5d3425827a6f122

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\RELEASES

Filesize
80B

MD5
b84ff889e260632254edec108b59460f

SHA1
06d78c28c8f597563a4ca4b19f21a2f7a31aa766

SHA256
e3e90e4989ae8cc0f62adfe969b153ed328d353951f4144858a87576248825ef

SHA512
1638ff0b33d9cf6a7e4acc472149b7905771f952dc270f00eda282fc15b28f8a3f73f8b2d9314627b33c0cdc592435f65e8620f8586e16e73e1e5c842c054abc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\FreedomGPT-1.1.2-full.nupkg

Filesize
93.6MB

MD5
37c95f0480adc8344d6756ed3b1b1915

SHA1
87b646bae61c4772aaa4aa1d0f4d124ed1872f7f

SHA256
30ebe368fe9af14aac037d0184d38392790176334230a8ea19cb6ca2acea593c

SHA512
7a7f70044efa24e72690565a0986f50b3e42e852a49b47e77fe221b85112581517bdf7f023cc6867fa0ed32bbbba246765ba2985120bfc3bc5d3425827a6f122

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
b84ff889e260632254edec108b59460f

SHA1
06d78c28c8f597563a4ca4b19f21a2f7a31aa766

SHA256
e3e90e4989ae8cc0f62adfe969b153ed328d353951f4144858a87576248825ef

SHA512
1638ff0b33d9cf6a7e4acc472149b7905771f952dc270f00eda282fc15b28f8a3f73f8b2d9314627b33c0cdc592435f65e8620f8586e16e73e1e5c842c054abc

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
43KB

MD5
b5a42ecde0b058b3c4e661e0ec84400b

SHA1
7e2bfc653c5bc6997553c150a0823daae372cd99

SHA256
ce636d201ef86ffbf4ee8c8762b4d9dc255be9d5f490d0a22e36fe0c938f7244

SHA512
b7f4a7bddb226066f7edf23dfb9bee658c30ae03dfe727ec739f51fd98c63831f732343c14a6ca080f31baed38bf9064cdd57c9d1daaf4c42c029fe83d846dc0

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
352KB

MD5
5640aa75945e9ef9808f7db2d53f2b9d

SHA1
c314affd5a0edd2ea8bfd7affde123e441d521d4

SHA256
e1917947cf58b8f4041b1ea0fc673d7d220cdcd3f36a6483c7ed85b6c510a1c9

SHA512
c9a4efc3a53693743c573b36fe6a1289c2961602146f2f85def48cee91da0b5468dce389d2f1c1475fa6a30a30c52b181c6dd19102ca9cb211ba0c3e0d6a3578

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Network\Network Persistent State

Filesize
300B

MD5
402029cee5d57ca53207f78d7083a55e

SHA1
728a55b1c0759a9e69fc621f81265a5697e5e893

SHA256
63927b602c5f9e97d38ba9fdfb19731d65a7a65a58bd7339c50ad05fe1b89e01

SHA512
15837bcfb749619193bf3fcdc935859903b943c0ac1802a3a8ff768959372c9056788713e7e5cd87fb98d6d9e4da6a85cd0d4200d1ffc67c345490acf360b4c9

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Network\Network Persistent State~RFe58ad33.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
memory/1280-264-0x000000001C2B0000-0x000000001C2C0000-memory.dmp

Filesize
64KB

Download
memory/1280-261-0x00000000006D0000-0x00000000008FE000-memory.dmp

Filesize
2.2MB

Download
memory/1280-275-0x000000001C2B0000-0x000000001C2C0000-memory.dmp

Filesize
64KB

Download
memory/4604-433-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-432-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-435-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-424-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-434-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-436-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-425-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-426-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-430-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4604-431-0x000001DC45770000-0x000001DC45771000-memory.dmp

Filesize
4KB

Download
memory/4892-336-0x00007FFB39B70000-0x00007FFB39B71000-memory.dmp

Filesize
4KB

Download
memory/4892-353-0x00007FFB39EB0000-0x00007FFB39EB1000-memory.dmp

Filesize
4KB

Download
memory/5036-246-0x000000001CD30000-0x000000001CD3E000-memory.dmp

Filesize
56KB

Download
memory/5036-291-0x0000000026230000-0x0000000026250000-memory.dmp

Filesize
128KB

Download
memory/5036-141-0x0000000000240000-0x0000000000416000-memory.dmp

Filesize
1.8MB

Download
memory/5036-142-0x000000001BD10000-0x000000001BD20000-memory.dmp

Filesize
64KB

Download
memory/5036-245-0x0000000021E50000-0x0000000021E88000-memory.dmp

Filesize
224KB

Download