acbf56c935ee70f6ed11eb6dbc790a030bab97f69f2166a74df0a4bd709fa2e0

Analysis

max time kernel
448s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2023, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freedomgpt-1.1.2.Setup.exe
Size

94.8MB
MD5

d5a4206a94a54ef822c7fb919f50df81
SHA1

e1ec3f08578b2f8e342fdb4527194fb115a44acc
SHA256

acbf56c935ee70f6ed11eb6dbc790a030bab97f69f2166a74df0a4bd709fa2e0
SHA512

bc2c48258af79bf5d9b97dd0a35d7deb8d03a64a4174614a06860948ae4bc48ccb3cfd14e8a342b31d6484ba87c4c03c450cfd1916dd9f3f5e6d858946e316c5
SSDEEP

1572864:cSpvrBAu74kSOkPFYmRw+N61uKtWYNvRz4G1Q+NzYY2qYtc391NCHnF1FLTcPrq1:/bAuMOkdYvptjhZ4eQ+Nb2qYtc39jCHL

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	freedomgpt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	freedomgpt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	freedomgpt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	freedomgpt.exe

Executes dropped EXE 16 IoCs

pid	Process
1680	Update.exe
4656	Squirrel.exe
3656	freedomgpt.exe
1596	Update.exe
432	freedomgpt.exe
4676	freedomgpt.exe
480	freedomgpt.exe
384	freedomgpt.exe
4840	freedomgpt.exe
2784	freedomgpt.exe
4740	freedomgpt.exe
1920	freedomgpt.exe
3804	freedomgpt.exe
3588	Update.exe
4592	chat.exe
2300	chat.exe

Loads dropped DLL 21 IoCs

pid	Process
3656	freedomgpt.exe
432	freedomgpt.exe
4676	freedomgpt.exe
480	freedomgpt.exe
432	freedomgpt.exe
432	freedomgpt.exe
432	freedomgpt.exe
432	freedomgpt.exe
432	freedomgpt.exe
384	freedomgpt.exe
4840	freedomgpt.exe
2784	freedomgpt.exe
4840	freedomgpt.exe
4840	freedomgpt.exe
4840	freedomgpt.exe
4840	freedomgpt.exe
4840	freedomgpt.exe
4740	freedomgpt.exe
1920	freedomgpt.exe
1920	freedomgpt.exe
3804	freedomgpt.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\MuiCache	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\SOFTWARE\Microsoft\Speech_OneCore\Isolated\ohDO1Sgy3MzgdEgEb4WYfDS4ei = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1680	Update.exe
1680	Update.exe
1920	freedomgpt.exe
1920	freedomgpt.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1680	Update.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe
Token: SeCreatePagefilePrivilege	384	freedomgpt.exe
Token: SeShutdownPrivilege	384	freedomgpt.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1680	Update.exe
3656	freedomgpt.exe
3656	freedomgpt.exe
384	freedomgpt.exe
384	freedomgpt.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1800	SearchApp.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 1680	2772	freedomgpt-1.1.2.Setup.exe	84
PID 2772 wrote to memory of 1680	2772	freedomgpt-1.1.2.Setup.exe	84
PID 1680 wrote to memory of 4656	1680	Update.exe	86
PID 1680 wrote to memory of 4656	1680	Update.exe	86
PID 1680 wrote to memory of 3656	1680	Update.exe	87
PID 1680 wrote to memory of 3656	1680	Update.exe	87
PID 3656 wrote to memory of 1596	3656	freedomgpt.exe	90
PID 3656 wrote to memory of 1596	3656	freedomgpt.exe	90
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 432	3656	freedomgpt.exe	92
PID 3656 wrote to memory of 4676	3656	freedomgpt.exe	94
PID 3656 wrote to memory of 4676	3656	freedomgpt.exe	94
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95
PID 3656 wrote to memory of 480	3656	freedomgpt.exe	95

C:\Users\Admin\AppData\Local\Temp\freedomgpt-1.1.2.Setup.exe
"C:\Users\Admin\AppData\Local\Temp\freedomgpt-1.1.2.Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\Squirrel.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:4656
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --squirrel-install 1.1.2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:3656
  - - C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe
      C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe --createShortcut=freedomgpt.exe
      4⤵
      Executes dropped EXE
      PID:1596
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1856,i,5527644718082033164,12257603843668272030,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:432
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --mojo-platform-channel-handle=2096 --field-trial-handle=1856,i,5527644718082033164,12257603843668272030,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4676
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --app-user-model-id=com.squirrel.FreedomGPT.freedomgpt --app-path="C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2524 --field-trial-handle=1856,i,5527644718082033164,12257603843668272030,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:480
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:384
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1792,i,8568052429402353047,13548370843730868465,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4840
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --app-user-model-id=com.squirrel.FreedomGPT.freedomgpt --app-path="C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2544 --field-trial-handle=1792,i,8568052429402353047,13548370843730868465,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:4740
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --mojo-platform-channel-handle=1960 --field-trial-handle=1792,i,8568052429402353047,13548370843730868465,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2784
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 --field-trial-handle=1792,i,8568052429402353047,13548370843730868465,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:1920
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --app-user-model-id=com.squirrel.FreedomGPT.freedomgpt --app-path="C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2532 --field-trial-handle=1792,i,8568052429402353047,13548370843730868465,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:3804
  - - C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe
      C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe --checkForUpdate https://update.electronjs.org/ohmplatform/freedom-gpt-electron-app/win32-x64/1.1.2
      4⤵
      Executes dropped EXE
      PID:3588
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\models\windows\chat.exe
      C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources/models/windows/chat -m C:\Users\Admin/FreedomGPT/ggml-alpaca-7b-q4.bin
      4⤵
      Executes dropped EXE
      PID:4592
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\models\windows\chat.exe
      C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources/models/windows/chat -m C:\Users\Admin/FreedomGPT/ggml-alpaca-7b-q4.bin
      4⤵
      Executes dropped EXE
      PID:2300

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\54fbc433ec934acaa4ae4617e9b3154e /t 3748 /p 3716
1⤵
PID:2540

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\Squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\freedomgpt.exe

Filesize
154.8MB

MD5
cb6c576881b0e237f982dfde6d552d40

SHA1
057634b4e70165462108310e23079f5f1ab7d851

SHA256
da3b3004d26e89677f3d8ee43f4fe24c72b621c8ae27e81558d7bae7dcbd890c

SHA512
62a689b4536ba470863ad4e36b553fc03a8a3637501fdcf4120cc87fb14050a9fab62ba07b160612c4bef37a51c10ba5790509e482fa0454517d343af5541b25

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\icudtl.dat

Filesize
10.1MB

MD5
adfd2a259608207f256aeadb48635645

SHA1
300bb0ae3d6b6514fb144788643d260b602ac6a4

SHA256
7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050

SHA512
8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libEGL.dll

Filesize
473KB

MD5
51b892051a4e9f8f14a648172702e1d5

SHA1
860ec851dedf91f50113d95a0acb8179dfba4b10

SHA256
69daf31af2eec32f055cf5856b3d53a92b32d45567fdebfc8f0f0c1dc7e26089

SHA512
ff435e433520917636b2e659cb5c2b6787291a658be2a5cfd1e3fa2c03a5223c341a658b5c3ced3dad7aba74179a230219bb5e258fc20774a971782b5c02404d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libGLESv2.dll

Filesize
7.2MB

MD5
1391390ef7bc6973e878546e5e749e3a

SHA1
8df79139137b7ad7b5f7a63815bd1b5ab396fb64

SHA256
31e9da5191d3f5f0f68ed23673308c52b52b8c2f4d69341d87fde418a63b9d5e

SHA512
13d7a7219b99699c62c6ff02c765cdc36c1157f47fb4eb0ecac06b109206d790b2d25b106a79c7eea236a25807cfffa35106434ec999f2819376f0839c288de5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libegl.dll

Filesize
473KB

MD5
51b892051a4e9f8f14a648172702e1d5

SHA1
860ec851dedf91f50113d95a0acb8179dfba4b10

SHA256
69daf31af2eec32f055cf5856b3d53a92b32d45567fdebfc8f0f0c1dc7e26089

SHA512
ff435e433520917636b2e659cb5c2b6787291a658be2a5cfd1e3fa2c03a5223c341a658b5c3ced3dad7aba74179a230219bb5e258fc20774a971782b5c02404d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\libglesv2.dll

Filesize
7.2MB

MD5
1391390ef7bc6973e878546e5e749e3a

SHA1
8df79139137b7ad7b5f7a63815bd1b5ab396fb64

SHA256
31e9da5191d3f5f0f68ed23673308c52b52b8c2f4d69341d87fde418a63b9d5e

SHA512
13d7a7219b99699c62c6ff02c765cdc36c1157f47fb4eb0ecac06b109206d790b2d25b106a79c7eea236a25807cfffa35106434ec999f2819376f0839c288de5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\locales\en-US.pak

Filesize
326KB

MD5
19d18f8181a4201d542c7195b1e9ff81

SHA1
7debd3cf27bbe200c6a90b34adacb7394cb5929c

SHA256
1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb

SHA512
af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources.pak

Filesize
5.2MB

MD5
a25607b61da11ffc7def1bf5aebd12d8

SHA1
2d0d846f49437cc424263600ffd709621d695fa7

SHA256
587844d8e4afcf492fe17cd70bf60c175701726eda1ca0768d1c6913f0713bd9

SHA512
0abb12cedefb272b7dd7bb9eba14f569c28d5d0eba49e4212f54ee6efd36e7bd0398d2da37bafded9bfefbd5abda4481bce04f12848c50200a1cdeea20537dfc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app\.webpack\main\index.js

Filesize
822KB

MD5
a5efabbf36a65f5afd1217bab67304e7

SHA1
333f576384e04a1dcba86dc6bcba0b087b315207

SHA256
0d14332a010e6d3a64e1dcecada85b1d377390f1d932fe5ad13f3bab0c83df45

SHA512
eba1f11faf2ee22a98c790cafab6b8d3569aa8c371ca224b7984ea6caa30e7c1a613ce0b4a6ac78a43d4c217913381fdc98fb421c9b89a72810b6099323264a4

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\resources\app\package.json

Filesize
2KB

MD5
07e7656c2ee98e76a8f44c8953492662

SHA1
618e6b60e7ad8ee9f6b46e4a6edb2570a974160b

SHA256
65ec4e08fa093048e932dc6d9eadd24607909174aeff87f1424740d336fe5b1a

SHA512
e274cc81e64b68187bad6066071f633b56f3837b2efa774050b03d34ee98261604d4d19c84e24a17dd013733ec6e870735ad7a4c75f3d087b9b8256410b2697d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\v8_context_snapshot.bin

Filesize
465KB

MD5
73828e08c1432e49a17416bb7dd2abb4

SHA1
83167a7dd282aef3ad8be66a2c168a6e15706616

SHA256
91fab2bc8a09cc544625bde8d6e9568619a2292aea1192fb36d804bc7adc19cf

SHA512
27ed3c1bf35128af87f8a45f999560991d162976360e2b4fbc980fd93373050432a9f0a3db88924529d2284a173772f555b9c4ffe80f46ecef7976a3ebae9ac5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vk_swiftshader.dll

Filesize
5.0MB

MD5
53e22d9beab64df1c37f1770b629a4bf

SHA1
fa19a12fd084a69d2c4fc706795f0a766b34deea

SHA256
823c3cc9b229c824e3fb89e4b5430dec5c0b42fc3f7c7e56ee4a6095b8df83d1

SHA512
3f21b7617c8494bf9f81ed008dcd65bf5d416189e861e2ace6c8d447b8d4f8e758d2019edad3d9d81b4dd1404abd57a6a3a82418ea13ba0b2d24dbf29d1ba2e8

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vk_swiftshader.dll

Filesize
5.0MB

MD5
53e22d9beab64df1c37f1770b629a4bf

SHA1
fa19a12fd084a69d2c4fc706795f0a766b34deea

SHA256
823c3cc9b229c824e3fb89e4b5430dec5c0b42fc3f7c7e56ee4a6095b8df83d1

SHA512
3f21b7617c8494bf9f81ed008dcd65bf5d416189e861e2ace6c8d447b8d4f8e758d2019edad3d9d81b4dd1404abd57a6a3a82418ea13ba0b2d24dbf29d1ba2e8

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vulkan-1.dll

Filesize
904KB

MD5
15e549933586a6fdeb83dfce6548eb87

SHA1
bdd3897af1a73cd088be2e410916da3c92135562

SHA256
baaa7b43e45a7f03f51c708ae9c5a50008babe6113dcfbafe511fa05258c71e2

SHA512
6e2ee60fed20d101cd9406548e5d642835f71be67810521a822230904ccc6c83115d85d0f685fcef57bd03eb5e0a835e34aa84bb0dffaff7f4580df24cf0fb9c

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.2\vulkan-1.dll

Filesize
904KB

MD5
15e549933586a6fdeb83dfce6548eb87

SHA1
bdd3897af1a73cd088be2e410916da3c92135562

SHA256
baaa7b43e45a7f03f51c708ae9c5a50008babe6113dcfbafe511fa05258c71e2

SHA512
6e2ee60fed20d101cd9406548e5d642835f71be67810521a822230904ccc6c83115d85d0f685fcef57bd03eb5e0a835e34aa84bb0dffaff7f4580df24cf0fb9c

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\freedomgpt.exe

Filesize
607KB

MD5
4338e034a129b9eecbdeea64d6763763

SHA1
725ca16838430cc30e0814d3732e44c46bf5811a

SHA256
ba65cb0b7fc893c21e0367ca45abe00ca3daaeb9ddbb6eac46756f5ce1caa582

SHA512
39a9ac7479b49ae503bb5b551a819eb1d0e71f772d1314134e23be7df1d8980840d0e785ca44b899643aa80c289943346b6819af45c4f20b9e0e2e81a7c18bde

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\FreedomGPT-1.1.2-full.nupkg

Filesize
93.6MB

MD5
37c95f0480adc8344d6756ed3b1b1915

SHA1
87b646bae61c4772aaa4aa1d0f4d124ed1872f7f

SHA256
30ebe368fe9af14aac037d0184d38392790176334230a8ea19cb6ca2acea593c

SHA512
7a7f70044efa24e72690565a0986f50b3e42e852a49b47e77fe221b85112581517bdf7f023cc6867fa0ed32bbbba246765ba2985120bfc3bc5d3425827a6f122

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\FreedomGPT-1.1.2-full.nupkg

Filesize
93.6MB

MD5
37c95f0480adc8344d6756ed3b1b1915

SHA1
87b646bae61c4772aaa4aa1d0f4d124ed1872f7f

SHA256
30ebe368fe9af14aac037d0184d38392790176334230a8ea19cb6ca2acea593c

SHA512
7a7f70044efa24e72690565a0986f50b3e42e852a49b47e77fe221b85112581517bdf7f023cc6867fa0ed32bbbba246765ba2985120bfc3bc5d3425827a6f122

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\RELEASES

Filesize
80B

MD5
b84ff889e260632254edec108b59460f

SHA1
06d78c28c8f597563a4ca4b19f21a2f7a31aa766

SHA256
e3e90e4989ae8cc0f62adfe969b153ed328d353951f4144858a87576248825ef

SHA512
1638ff0b33d9cf6a7e4acc472149b7905771f952dc270f00eda282fc15b28f8a3f73f8b2d9314627b33c0cdc592435f65e8620f8586e16e73e1e5c842c054abc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\RELEASES

Filesize
80B

MD5
b84ff889e260632254edec108b59460f

SHA1
06d78c28c8f597563a4ca4b19f21a2f7a31aa766

SHA256
e3e90e4989ae8cc0f62adfe969b153ed328d353951f4144858a87576248825ef

SHA512
1638ff0b33d9cf6a7e4acc472149b7905771f952dc270f00eda282fc15b28f8a3f73f8b2d9314627b33c0cdc592435f65e8620f8586e16e73e1e5c842c054abc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133275418885417075.txt

Filesize
76KB

MD5
12c9a3fd7b455949ce4a4883ca900266

SHA1
6c01ef39a082bcf1f68a0caa346b81484eef21e3

SHA256
62ff469ff683304c4ab073ea92a3dd2d4490583973a030aeaf6714b1baa2b80c

SHA512
d81d293571d8fe0cd8fbebfce7ac3c6dd8823aa75daf9025a248e9f07a874ce40183848ce2976774bcd0145547ffc1ec07d11c3bd425d0e0d64d7c11134bd7c6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\FreedomGPT-1.1.2-full.nupkg

Filesize
93.6MB

MD5
37c95f0480adc8344d6756ed3b1b1915

SHA1
87b646bae61c4772aaa4aa1d0f4d124ed1872f7f

SHA256
30ebe368fe9af14aac037d0184d38392790176334230a8ea19cb6ca2acea593c

SHA512
7a7f70044efa24e72690565a0986f50b3e42e852a49b47e77fe221b85112581517bdf7f023cc6867fa0ed32bbbba246765ba2985120bfc3bc5d3425827a6f122

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
b84ff889e260632254edec108b59460f

SHA1
06d78c28c8f597563a4ca4b19f21a2f7a31aa766

SHA256
e3e90e4989ae8cc0f62adfe969b153ed328d353951f4144858a87576248825ef

SHA512
1638ff0b33d9cf6a7e4acc472149b7905771f952dc270f00eda282fc15b28f8a3f73f8b2d9314627b33c0cdc592435f65e8620f8586e16e73e1e5c842c054abc

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
43KB

MD5
b5a42ecde0b058b3c4e661e0ec84400b

SHA1
7e2bfc653c5bc6997553c150a0823daae372cd99

SHA256
ce636d201ef86ffbf4ee8c8762b4d9dc255be9d5f490d0a22e36fe0c938f7244

SHA512
b7f4a7bddb226066f7edf23dfb9bee658c30ae03dfe727ec739f51fd98c63831f732343c14a6ca080f31baed38bf9064cdd57c9d1daaf4c42c029fe83d846dc0

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
352KB

MD5
5640aa75945e9ef9808f7db2d53f2b9d

SHA1
c314affd5a0edd2ea8bfd7affde123e441d521d4

SHA256
e1917947cf58b8f4041b1ea0fc673d7d220cdcd3f36a6483c7ed85b6c510a1c9

SHA512
c9a4efc3a53693743c573b36fe6a1289c2961602146f2f85def48cee91da0b5468dce389d2f1c1475fa6a30a30c52b181c6dd19102ca9cb211ba0c3e0d6a3578

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\593d4b6d-acb9-490d-aef7-2722c6652858.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
586cfa615a36b5abbdef1d8353586379

SHA1
e5c921b891f4927c508dbde6e53ea4ae72ad3705

SHA256
f8c156ccda4d6d9f48ddaf1301671a3541b2f67c3a7257c201b0d0e7a3a9f2f2

SHA512
6e3810ff89cae05030994d383c859720428bb2cd58668ae08ac2a1a5add9b7551bb026aa6184e747871e1455b61c8df7d97e4c82d2583f7325635b473309b850

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
2c8fa643a616d98446773d8b6d65feb3

SHA1
62fe2b863637599db67a7d2d7e5c90e4e62231c1

SHA256
39eff8567e5c5a94e9f074753af6ee9487626d3ccdd99a86a44162f42013c8ca

SHA512
41db5b1df74d1fb298681f03e166ed0a7436971469b18eb6d2cf3edece9be48e96d13b9ddb4efbd931b18664cf4177a9b47077ec0f23d26bc69ee447fd51091c

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\DawnCache\index

Filesize
256KB

MD5
e3e8a017d8c39d8149e5ccc8369d7750

SHA1
276bcffa2b450c542605dbda7f0ec783b38ceaa5

SHA256
9d605a4b0ea12c6b7e17992ec2b3ccf988b389bfbe269231d098702e12c278b0

SHA512
48dd02a748da192edcd046d5596ca32dfe4037b528def27d7e82840ce3b2674d0057ea11fda8ecd632eb8232ea712e09edd27660fe578839b89fdc8762a3cfab

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\GPUCache\index

Filesize
256KB

MD5
a19e7184d2ceb3e981c43604249f8de0

SHA1
722909af1a1bba45542952befdec0e15e6d848ed

SHA256
8243eed18069722a41475efef174801df605137be9d3026c7854b6aca0f1d8d8

SHA512
7954a41463049692c584429123df84da949292c986a85b924df6f2ca4c5eb497831e45b39a53fed55b6c3de562afee0386056831d1d08904c70758fa0c6ce049

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Local State

Filesize
389B

MD5
1af985fbd018d212a67e5caf9727e1be

SHA1
2066cf706e7e230791b02dfbaf09b094efeca896

SHA256
7a94e679f2931b1425f3817dafcde8f7aa98009a73ec932ae4bad7e6c9a1fdb9

SHA512
d974dbaa483314f2263550381032cee17e1c580baf7ddf614b2ab7b27234480174c5199288bcbd210607f83e5109fd326642b97537567e412fce27f298bb62f6

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Local Storage\leveldb\LOG

Filesize
251B

MD5
fbafdc2fe42aa8d4a369b8f4a95cdc3a

SHA1
267efc8fed14dca517c24e3524a635788ae22c43

SHA256
8a5832dbe72213101c5840b4e09cf03faa2ed03adc01fdc69f4149e7c934eb9a

SHA512
8e45cc0aeedec5e28d7ba8924564a391a26240bf0c12fdfe0cc506e029c0b729142e5cf03262ead40e675a12e35d73f474525cfc8d66d35d4a7348bb375501ac

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Local Storage\leveldb\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Network\Network Persistent State

Filesize
300B

MD5
6b7e149ab032a32b7a0b19290f18dc7f

SHA1
74545143914145cdf5e75a1c159522fd66cd111b

SHA256
eafb93d449416918dc39a5d5d58550b780610bf811a63e06b98b837078151585

SHA512
6e8e593544e689d8de96fcdfdb3c124bab7114c886d48d0d38d695b7a338438326dc72ba97396b1069476342a831a29f57318bdfb9b1cd3628bb1b4c6173104a

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Network\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
memory/480-356-0x00007FFE8B830000-0x00007FFE8B831000-memory.dmp

Filesize
4KB

Download
memory/480-332-0x00007FFE8B820000-0x00007FFE8B821000-memory.dmp

Filesize
4KB

Download
memory/1596-345-0x00000000014C0000-0x00000000014E0000-memory.dmp

Filesize
128KB

Download
memory/1680-222-0x0000000022680000-0x000000002268E000-memory.dmp

Filesize
56KB

Download
memory/1680-145-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/1680-203-0x00000000226B0000-0x00000000226E8000-memory.dmp

Filesize
224KB

Download
memory/1680-265-0x0000000002D40000-0x0000000002D50000-memory.dmp

Filesize
64KB

Download
memory/1680-141-0x0000000000AE0000-0x0000000000CB6000-memory.dmp

Filesize
1.8MB

Download
memory/1800-492-0x000001E9B9BB0000-0x000001E9B9BD0000-memory.dmp

Filesize
128KB

Download
memory/1800-501-0x000001E9B9F50000-0x000001E9B9F70000-memory.dmp

Filesize
128KB

Download
memory/1800-483-0x000001E9B9BF0000-0x000001E9B9C10000-memory.dmp

Filesize
128KB

Download
memory/1920-659-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-658-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-663-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-651-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-652-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-653-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-657-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-662-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-660-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/1920-661-0x000001CB15210000-0x000001CB15211000-memory.dmp

Filesize
4KB

Download
memory/3588-676-0x00000000013C0000-0x00000000013D0000-memory.dmp

Filesize
64KB

Download
memory/3588-678-0x000000001D1F0000-0x000000001D718000-memory.dmp

Filesize
5.2MB

Download
memory/4656-277-0x0000000000DE0000-0x0000000000DF0000-memory.dmp

Filesize
64KB

Download
memory/4656-264-0x0000000000DE0000-0x0000000000DF0000-memory.dmp

Filesize
64KB

Download
memory/4656-260-0x0000000000460000-0x000000000068E000-memory.dmp

Filesize
2.2MB

Download