bf6ed975a4c4f770294623c0c2a27846c1db7e2ab6cdb272cc2080341e7f8c34

Analysis

max time kernel
152s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2023, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

freedomgpt-1.1.3.Setup.exe
Size

94.4MB
MD5

d71e86e91c1523d75ba112f9953d551a
SHA1

8b76138584149289eb771c2ca6fac65e85888b18
SHA256

bf6ed975a4c4f770294623c0c2a27846c1db7e2ab6cdb272cc2080341e7f8c34
SHA512

2d9c811404febcc53b99c34f03f5d0f851a8416a3cf3b18ee27944009868ff6d4abe81ac75beac0ac3e0deed1ebe20e11faaab201d3bda2ce7b1c552865ad670
SSDEEP

1572864:jCgNjVW/qgFGkVyMmi82RP0F4ry9Fq8GWK/O0SzpRTrcxRYTkhQnoYqbDBZj0T:jdWZG0yM/je7qRWK/0lRTrcyBn3gDvjO

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	Update.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	freedomgpt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	freedomgpt.exe

Executes dropped EXE 9 IoCs

pid	Process
3276	Update.exe
4780	Squirrel.exe
3388	freedomgpt.exe
1004	freedomgpt.exe
3852	Update.exe
2092	freedomgpt.exe
4728	freedomgpt.exe
1484	freedomgpt.exe
3432	Update.exe

Loads dropped DLL 10 IoCs

pid	Process
3388	freedomgpt.exe
1004	freedomgpt.exe
2092	freedomgpt.exe
4728	freedomgpt.exe
2092	freedomgpt.exe
2092	freedomgpt.exe
2092	freedomgpt.exe
2092	freedomgpt.exe
2092	freedomgpt.exe
1484	freedomgpt.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 61 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 5e00310000000000a8566b1a10004150502d31317e312e330000440009000400efbea856671aa8566b1a2e0000007eda01000000040000000000000000000000000000003f018a006100700070002d0031002e0031002e00330000001a000000	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	freedomgpt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	freedomgpt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "152"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "56"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "56"	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5e00310000000000a8567a1a100046524545444f7e310000460009000400efbea856661aa8567a1a2e0000001da00000000004000000000000000000000000000000d4672900460072006500650064006f006d00470050005400000018000000	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	freedomgpt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search	SearchApp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	freedomgpt.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5000310000000000a856661a10004c6f63616c003c0009000400efbe5456e295a8566b1a2e000000a2e10100000001000000000000000000000000000000abef70004c006f00630061006c00000014000000	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c004346534616003100000000005456e295120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe5456e295a856661a2e0000008fe10100000001000000000000000000000000000000933b3b004100700070004400610074006100000042000000	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\microsoft.windows.search	SearchApp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	freedomgpt.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.search\ = "23"	SearchApp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.search\Total = "23"	SearchApp.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	freedomgpt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	freedomgpt.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\MuiCache	SearchApp.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3276	Update.exe
3276	Update.exe
1544	powershell.exe
1544	powershell.exe
2972	powershell.exe
2972	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3276	Update.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeDebugPrivilege	3432	Update.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeDebugPrivilege	1544	powershell.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeDebugPrivilege	2972	powershell.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeIncreaseQuotaPrivilege	2972	powershell.exe
Token: SeSecurityPrivilege	2972	powershell.exe
Token: SeTakeOwnershipPrivilege	2972	powershell.exe
Token: SeLoadDriverPrivilege	2972	powershell.exe
Token: SeSystemProfilePrivilege	2972	powershell.exe
Token: SeSystemtimePrivilege	2972	powershell.exe
Token: SeProfSingleProcessPrivilege	2972	powershell.exe
Token: SeIncBasePriorityPrivilege	2972	powershell.exe
Token: SeCreatePagefilePrivilege	2972	powershell.exe
Token: SeBackupPrivilege	2972	powershell.exe
Token: SeRestorePrivilege	2972	powershell.exe
Token: SeShutdownPrivilege	2972	powershell.exe
Token: SeDebugPrivilege	2972	powershell.exe
Token: SeSystemEnvironmentPrivilege	2972	powershell.exe
Token: SeRemoteShutdownPrivilege	2972	powershell.exe
Token: SeUndockPrivilege	2972	powershell.exe
Token: SeManageVolumePrivilege	2972	powershell.exe
Token: 33	2972	powershell.exe
Token: 34	2972	powershell.exe
Token: 35	2972	powershell.exe
Token: 36	2972	powershell.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe
Token: SeCreatePagefilePrivilege	1004	freedomgpt.exe
Token: SeShutdownPrivilege	1004	freedomgpt.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3276	Update.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1212	SearchApp.exe
1004	freedomgpt.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4204 wrote to memory of 3276	4204	freedomgpt-1.1.3.Setup.exe	84
PID 4204 wrote to memory of 3276	4204	freedomgpt-1.1.3.Setup.exe	84
PID 3276 wrote to memory of 4780	3276	Update.exe	89
PID 3276 wrote to memory of 4780	3276	Update.exe	89
PID 3276 wrote to memory of 3388	3276	Update.exe	90
PID 3276 wrote to memory of 3388	3276	Update.exe	90
PID 3276 wrote to memory of 1004	3276	Update.exe	95
PID 3276 wrote to memory of 1004	3276	Update.exe	95
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 2092	1004	freedomgpt.exe	97
PID 1004 wrote to memory of 4728	1004	freedomgpt.exe	98
PID 1004 wrote to memory of 4728	1004	freedomgpt.exe	98
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99
PID 1004 wrote to memory of 1484	1004	freedomgpt.exe	99

C:\Users\Admin\AppData\Local\Temp\freedomgpt-1.1.3.Setup.exe
"C:\Users\Admin\AppData\Local\Temp\freedomgpt-1.1.3.Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4204
- C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
  "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3276
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\Squirrel.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\Squirrel.exe" --updateSelf=C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    3⤵
    - Executes dropped EXE
    PID:4780
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe" --squirrel-install 1.1.3
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3388
  - - C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe
      C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe --createShortcut=freedomgpt.exe
      4⤵
      Executes dropped EXE
      PID:3852
- - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe
    "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe" --squirrel-firstrun
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1004
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1780,i,10207955899373589024,17239008350657165467,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2092
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --mojo-platform-channel-handle=1436 --field-trial-handle=1780,i,10207955899373589024,17239008350657165467,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:4728
  - - C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe
      "C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\freedomgpt" --app-user-model-id=com.squirrel.FreedomGPT.freedomgpt --app-path="C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2476 --field-trial-handle=1780,i,10207955899373589024,17239008350657165467,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      PID:1484
  - - C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe
      C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe --checkForUpdate https://update.electronjs.org/ohmplatform/FreedomGPT/win32-x64/1.1.3
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3432
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1544
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell "Get-CimInstance -ClassName Win32_LogicalDisk | Select-Object Caption, FreeSpace, Size"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2972

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1212

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\Update.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\D3DCompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\Squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\chrome_100_percent.pak

Filesize
126KB

MD5
8626e1d68e87f86c5b4dabdf66591913

SHA1
4cd7b0ac0d3f72587708064a7b0a3beca3f7b81c

SHA256
2caa1da9b6a6e87bdb673977fee5dd771591a1b6ed5d3c5f14b024130a5d1a59

SHA512
03bcd8562482009060f249d6a0dd7382fc94d669a2094dec08e8d119be51bef2c3b7b484bb5b7f805ae98e372dab9383a2c11a63ab0f5644146556b1bb9a4c99

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\chrome_200_percent.pak

Filesize
175KB

MD5
48515d600258d60019c6b9c6421f79f6

SHA1
0ef0b44641d38327a360aa6954b3b6e5aab2af16

SHA256
07bee34e189fe9a8789aed78ea59ad41414b6e611e7d74da62f8e6ca36af01ce

SHA512
b7266bc8abc55bd389f594dac0c0641ecf07703f35d769b87e731b5fdf4353316d44f3782a4329b3f0e260dead6b114426ddb1b0fb8cd4a51e0b90635f1191d9

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\ffmpeg.dll

Filesize
2.7MB

MD5
4578f9620450f9a52e205e7376cc901e

SHA1
ff13f7d3bef452dd8407fc5c2396939126395225

SHA256
822f56cc057c37b6c368fc8642ad74ff56ba39a9255b3b18bfeabc7a74aff307

SHA512
b1d584f47a452e67510b6f79e4f4bd24639c03bfca81e605ee3e86bb21d641b24988bb0bc788b3826d9c9d569867f71b67f818a5e46d5296bd1e937219919562

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe

Filesize
154.8MB

MD5
d1ce36aba0b06390be67cb76a216337c

SHA1
3f736e23a6bfa9ac148b7e593c6b5ed9ed56a13e

SHA256
b80a8385f925245c117e63bf82c2fd53028505d6271f683827e4248d9bc36a67

SHA512
6b7581386968d5f68a8ce874056e8dbf71a6206ff882fbb49fb8ca98cc78ac0f2a51e8b35b1e0d3632d611a5f4a9e776a9638b1ee4b049f258576e1a3d212fcb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe

Filesize
154.8MB

MD5
d1ce36aba0b06390be67cb76a216337c

SHA1
3f736e23a6bfa9ac148b7e593c6b5ed9ed56a13e

SHA256
b80a8385f925245c117e63bf82c2fd53028505d6271f683827e4248d9bc36a67

SHA512
6b7581386968d5f68a8ce874056e8dbf71a6206ff882fbb49fb8ca98cc78ac0f2a51e8b35b1e0d3632d611a5f4a9e776a9638b1ee4b049f258576e1a3d212fcb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe

Filesize
154.8MB

MD5
d1ce36aba0b06390be67cb76a216337c

SHA1
3f736e23a6bfa9ac148b7e593c6b5ed9ed56a13e

SHA256
b80a8385f925245c117e63bf82c2fd53028505d6271f683827e4248d9bc36a67

SHA512
6b7581386968d5f68a8ce874056e8dbf71a6206ff882fbb49fb8ca98cc78ac0f2a51e8b35b1e0d3632d611a5f4a9e776a9638b1ee4b049f258576e1a3d212fcb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe

Filesize
154.8MB

MD5
d1ce36aba0b06390be67cb76a216337c

SHA1
3f736e23a6bfa9ac148b7e593c6b5ed9ed56a13e

SHA256
b80a8385f925245c117e63bf82c2fd53028505d6271f683827e4248d9bc36a67

SHA512
6b7581386968d5f68a8ce874056e8dbf71a6206ff882fbb49fb8ca98cc78ac0f2a51e8b35b1e0d3632d611a5f4a9e776a9638b1ee4b049f258576e1a3d212fcb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe

Filesize
154.8MB

MD5
d1ce36aba0b06390be67cb76a216337c

SHA1
3f736e23a6bfa9ac148b7e593c6b5ed9ed56a13e

SHA256
b80a8385f925245c117e63bf82c2fd53028505d6271f683827e4248d9bc36a67

SHA512
6b7581386968d5f68a8ce874056e8dbf71a6206ff882fbb49fb8ca98cc78ac0f2a51e8b35b1e0d3632d611a5f4a9e776a9638b1ee4b049f258576e1a3d212fcb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe

Filesize
154.8MB

MD5
d1ce36aba0b06390be67cb76a216337c

SHA1
3f736e23a6bfa9ac148b7e593c6b5ed9ed56a13e

SHA256
b80a8385f925245c117e63bf82c2fd53028505d6271f683827e4248d9bc36a67

SHA512
6b7581386968d5f68a8ce874056e8dbf71a6206ff882fbb49fb8ca98cc78ac0f2a51e8b35b1e0d3632d611a5f4a9e776a9638b1ee4b049f258576e1a3d212fcb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\freedomgpt.exe

Filesize
154.8MB

MD5
d1ce36aba0b06390be67cb76a216337c

SHA1
3f736e23a6bfa9ac148b7e593c6b5ed9ed56a13e

SHA256
b80a8385f925245c117e63bf82c2fd53028505d6271f683827e4248d9bc36a67

SHA512
6b7581386968d5f68a8ce874056e8dbf71a6206ff882fbb49fb8ca98cc78ac0f2a51e8b35b1e0d3632d611a5f4a9e776a9638b1ee4b049f258576e1a3d212fcb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\icudtl.dat

Filesize
10.1MB

MD5
adfd2a259608207f256aeadb48635645

SHA1
300bb0ae3d6b6514fb144788643d260b602ac6a4

SHA256
7c8c7b05d70145120b45ccb64bf75bee3c63ff213e3e64d092d500a96afb8050

SHA512
8397e74c7a85b0a2987cae9f2c66ce446923aa4140686d91a1e92b701e16b73a6ce459540e718858607ecb12659bedac0aa95c2713c811a2bc2d402691ff29dc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\libEGL.dll

Filesize
473KB

MD5
51b892051a4e9f8f14a648172702e1d5

SHA1
860ec851dedf91f50113d95a0acb8179dfba4b10

SHA256
69daf31af2eec32f055cf5856b3d53a92b32d45567fdebfc8f0f0c1dc7e26089

SHA512
ff435e433520917636b2e659cb5c2b6787291a658be2a5cfd1e3fa2c03a5223c341a658b5c3ced3dad7aba74179a230219bb5e258fc20774a971782b5c02404d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\libGLESv2.dll

Filesize
7.2MB

MD5
1391390ef7bc6973e878546e5e749e3a

SHA1
8df79139137b7ad7b5f7a63815bd1b5ab396fb64

SHA256
31e9da5191d3f5f0f68ed23673308c52b52b8c2f4d69341d87fde418a63b9d5e

SHA512
13d7a7219b99699c62c6ff02c765cdc36c1157f47fb4eb0ecac06b109206d790b2d25b106a79c7eea236a25807cfffa35106434ec999f2819376f0839c288de5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\libegl.dll

Filesize
473KB

MD5
51b892051a4e9f8f14a648172702e1d5

SHA1
860ec851dedf91f50113d95a0acb8179dfba4b10

SHA256
69daf31af2eec32f055cf5856b3d53a92b32d45567fdebfc8f0f0c1dc7e26089

SHA512
ff435e433520917636b2e659cb5c2b6787291a658be2a5cfd1e3fa2c03a5223c341a658b5c3ced3dad7aba74179a230219bb5e258fc20774a971782b5c02404d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\libglesv2.dll

Filesize
7.2MB

MD5
1391390ef7bc6973e878546e5e749e3a

SHA1
8df79139137b7ad7b5f7a63815bd1b5ab396fb64

SHA256
31e9da5191d3f5f0f68ed23673308c52b52b8c2f4d69341d87fde418a63b9d5e

SHA512
13d7a7219b99699c62c6ff02c765cdc36c1157f47fb4eb0ecac06b109206d790b2d25b106a79c7eea236a25807cfffa35106434ec999f2819376f0839c288de5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\locales\en-US.pak

Filesize
326KB

MD5
19d18f8181a4201d542c7195b1e9ff81

SHA1
7debd3cf27bbe200c6a90b34adacb7394cb5929c

SHA256
1d20e626444759c2b72aa6e998f14a032408d2b32f957c12ec3abd52831338fb

SHA512
af07e1b08bbf2dd032a5a51a88ee2923650955873753629a086cad3b1600ce66ca7f9ed31b8ca901c126c10216877b24e123144bb0048f2a1e7757719aae73f2

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\resources.pak

Filesize
5.2MB

MD5
a25607b61da11ffc7def1bf5aebd12d8

SHA1
2d0d846f49437cc424263600ffd709621d695fa7

SHA256
587844d8e4afcf492fe17cd70bf60c175701726eda1ca0768d1c6913f0713bd9

SHA512
0abb12cedefb272b7dd7bb9eba14f569c28d5d0eba49e4212f54ee6efd36e7bd0398d2da37bafded9bfefbd5abda4481bce04f12848c50200a1cdeea20537dfc

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\resources\app\.webpack\main\index.js

Filesize
817KB

MD5
6ae5d9d4af58a67a56deec5792679677

SHA1
ae9f49f57f87545aeefab2de64d8cce1b57cc549

SHA256
7ba93ae9ac68e8c4448dba8c96985f47cad0059e5f5ef112f438e1c8bc05d8f5

SHA512
6fd9c3c27bcd0c01de589d25e9ebd856ef9f1e9f201b70ebc90fa03bee8bc400e377a5c10ba6d1586f7aebbc346fde3013e6ca989395170658f1277ee4c62a6d

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\resources\app\.webpack\renderer\fc2b5060f7accec5cf74.ttf

Filesize
164KB

MD5
8a36205bd9b83e03af0591a004bc97f4

SHA1
56c5c0d38bde4c1f1549dda43db37b09c608aad3

SHA256
4e147ab64b9fdf6d89d01f6b8c3ca0b3cddc59d608a8e2218f9a2504b5c98e14

SHA512
e96b43b0ca3fd7775d75a702f44cd1b0dfd325e1db317f7cba84efdf572571fe7594068f9132a937251aab8bd1f68783213677d4953aca197195fbe5db1f90d7

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\resources\app\.webpack\renderer\main_window\index.html

Filesize
184B

MD5
acb847014441b72564e7a543c39526bb

SHA1
bef10a8b0a64c20e7ec0a291f0f7b5723e26654e

SHA256
aea548438b53f6f40c41c5e48b8d109bf30ca5b3ca5ddbfa98eda18c2ebbda5a

SHA512
e48df51c71aa1570f0d943fa93fdd5ef1d4c1c084338b4944b871ee57cd1307f6b47f1cb0836cc1f813051d233c26572f812af482e84b0f82c6dd866836a1fa4

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\resources\app\.webpack\renderer\main_window\index.js

Filesize
332KB

MD5
42aa8bf8f6ed882ea5e581f0696fdb67

SHA1
dfba3e11313d8fb2434464c9c38ff368d5f8cbaf

SHA256
8de9f7a1b4725924434478aa4abdbc706b4c88613719d135c462d56d78524823

SHA512
19cd83c4501260bf8d8da2ff7fcfc55a5253d7d4a3ef791412558ec133b892bbc11bee3359cb4eb3071d0f42965fb3bf696ff470854dafce908ed90370e1ed6c

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\resources\app\package.json

Filesize
2KB

MD5
e8922c119698789e52f8bca5c1f8a8c8

SHA1
03e6b109d0ad753a5d3c4d64cb8a7c9624fa7190

SHA256
a7b0a2c535ce52948fad1398296d5db5f8ab5ecea4c406fc61f461c1f68c3e85

SHA512
827505c854d33208fd8dd97fc94f103511703ca9d3c2c28e86c130ad2630fa6cff2762aecaf84e240e2fabf2deb1f267441f509b6c2b15d1d426dce13ba6d5bb

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\squirrel.exe

Filesize
2.2MB

MD5
d497e00ee09558c69ac90563a17272bb

SHA1
b6e98269379983aa4d04bcb504078d7e00d16985

SHA256
c154edf405b68dc8b23137708659fdacd5d7879b914b45f575814e325aa218ae

SHA512
1dcf67690e378a39f5813b4a149ede16f325d8aa20817bbfee39ccb63043dc5c1d90975842cdf89d49ae440e6732e7cc6995969de262893b2123128a5c7ca913

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\v8_context_snapshot.bin

Filesize
465KB

MD5
73828e08c1432e49a17416bb7dd2abb4

SHA1
83167a7dd282aef3ad8be66a2c168a6e15706616

SHA256
91fab2bc8a09cc544625bde8d6e9568619a2292aea1192fb36d804bc7adc19cf

SHA512
27ed3c1bf35128af87f8a45f999560991d162976360e2b4fbc980fd93373050432a9f0a3db88924529d2284a173772f555b9c4ffe80f46ecef7976a3ebae9ac5

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\vk_swiftshader.dll

Filesize
5.0MB

MD5
53e22d9beab64df1c37f1770b629a4bf

SHA1
fa19a12fd084a69d2c4fc706795f0a766b34deea

SHA256
823c3cc9b229c824e3fb89e4b5430dec5c0b42fc3f7c7e56ee4a6095b8df83d1

SHA512
3f21b7617c8494bf9f81ed008dcd65bf5d416189e861e2ace6c8d447b8d4f8e758d2019edad3d9d81b4dd1404abd57a6a3a82418ea13ba0b2d24dbf29d1ba2e8

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\vk_swiftshader.dll

Filesize
5.0MB

MD5
53e22d9beab64df1c37f1770b629a4bf

SHA1
fa19a12fd084a69d2c4fc706795f0a766b34deea

SHA256
823c3cc9b229c824e3fb89e4b5430dec5c0b42fc3f7c7e56ee4a6095b8df83d1

SHA512
3f21b7617c8494bf9f81ed008dcd65bf5d416189e861e2ace6c8d447b8d4f8e758d2019edad3d9d81b4dd1404abd57a6a3a82418ea13ba0b2d24dbf29d1ba2e8

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\vulkan-1.dll

Filesize
904KB

MD5
15e549933586a6fdeb83dfce6548eb87

SHA1
bdd3897af1a73cd088be2e410916da3c92135562

SHA256
baaa7b43e45a7f03f51c708ae9c5a50008babe6113dcfbafe511fa05258c71e2

SHA512
6e2ee60fed20d101cd9406548e5d642835f71be67810521a822230904ccc6c83115d85d0f685fcef57bd03eb5e0a835e34aa84bb0dffaff7f4580df24cf0fb9c

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\app-1.1.3\vulkan-1.dll

Filesize
904KB

MD5
15e549933586a6fdeb83dfce6548eb87

SHA1
bdd3897af1a73cd088be2e410916da3c92135562

SHA256
baaa7b43e45a7f03f51c708ae9c5a50008babe6113dcfbafe511fa05258c71e2

SHA512
6e2ee60fed20d101cd9406548e5d642835f71be67810521a822230904ccc6c83115d85d0f685fcef57bd03eb5e0a835e34aa84bb0dffaff7f4580df24cf0fb9c

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\FreedomGPT-1.1.3-full.nupkg

Filesize
93.2MB

MD5
4db3bbfb8218737fcb5d46343bb8d3f0

SHA1
b96552bf17de7533b393926c5fdb85766addcfef

SHA256
53f8a50de09c2206ea8e52f2b70a0bd8204d4e8fabcb8593b2860e829e4668ba

SHA512
aa98e40251a2ea99463727da3b74f7210a1bb6649d5bc0bd6a0e9f12fba73a03cbfd496dfb61de8ab7c69d03932cc86cbc8477e3fed02b4365066ba2956bfe6a

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\RELEASES

Filesize
80B

MD5
d90133c87cc350ec2c9308d26a1fb0a2

SHA1
cfaddaff3b6149f8eb548391a0875836f7a7fb5b

SHA256
15b9ccdfee6c75ec8f2193d00e9e347de629b4a535ac07b9322fe7c91b49565e

SHA512
6c33990551d91a344d51a5bf7c2e93985e97c256624254c71164936d53d4eab18a65a951fe16560cb0ffd97dc3d3dd6738faa98be804d5c65d25d6fc60dc4030

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\packages\RELEASES

Filesize
80B

MD5
d90133c87cc350ec2c9308d26a1fb0a2

SHA1
cfaddaff3b6149f8eb548391a0875836f7a7fb5b

SHA256
15b9ccdfee6c75ec8f2193d00e9e347de629b4a535ac07b9322fe7c91b49565e

SHA512
6c33990551d91a344d51a5bf7c2e93985e97c256624254c71164936d53d4eab18a65a951fe16560cb0ffd97dc3d3dd6738faa98be804d5c65d25d6fc60dc4030

Download Submit
C:\Users\Admin\AppData\Local\FreedomGPT\update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Update.exe.log

Filesize
2KB

MD5
dc2fadc301da9c5dea3499a79bc02086

SHA1
3716685ad7aedd12e6cc6fd19c5f3131d5660a16

SHA256
01a3e3e8c493aa07a663a5578073d0c700f4852cf38a8251f4cc6b099abab875

SHA512
d5f724c9a2e442aefa9e42d1508ed08420d90edaf239b698b6a0119af9d236314d652802c35bf9d44df3e420cd163920310b3e2a86350152ec225618aebd6bd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
3f01549ee3e4c18244797530b588dad9

SHA1
3e87863fc06995fe4b741357c68931221d6cc0b9

SHA256
36b51e575810b6af6fc5e778ce0f228bc7797cd3224839b00829ca166fa13f9a

SHA512
73843215228865a4186ac3709bf2896f0f68da0ba3601cc20226203dd429a2ad9817b904a45f6b0456b8be68deebf3b011742a923ce4a77c0c6f3a155522ab50

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\FreedomGPT-1.1.3-full.nupkg

Filesize
93.2MB

MD5
4db3bbfb8218737fcb5d46343bb8d3f0

SHA1
b96552bf17de7533b393926c5fdb85766addcfef

SHA256
53f8a50de09c2206ea8e52f2b70a0bd8204d4e8fabcb8593b2860e829e4668ba

SHA512
aa98e40251a2ea99463727da3b74f7210a1bb6649d5bc0bd6a0e9f12fba73a03cbfd496dfb61de8ab7c69d03932cc86cbc8477e3fed02b4365066ba2956bfe6a

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
80B

MD5
d90133c87cc350ec2c9308d26a1fb0a2

SHA1
cfaddaff3b6149f8eb548391a0875836f7a7fb5b

SHA256
15b9ccdfee6c75ec8f2193d00e9e347de629b4a535ac07b9322fe7c91b49565e

SHA512
6c33990551d91a344d51a5bf7c2e93985e97c256624254c71164936d53d4eab18a65a951fe16560cb0ffd97dc3d3dd6738faa98be804d5c65d25d6fc60dc4030

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.8MB

MD5
3db8b783a08194a66b0b4dd98f1a37d6

SHA1
5d1031c2aa317c412b553b86ec4f40c8482689bc

SHA256
03655ece724dcd2e64011814afa4e40e375a09117ffb5fa3050bf07816a36599

SHA512
5b65f3acc577025cffcc64143b8a887064cc1feabf724cb99f4d9d4ca6af686740ccace5876e02ef964b9f93cf6d9f37d5660b1c54ee03e7f5a0593064db2de4

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\background.gif

Filesize
43KB

MD5
b5a42ecde0b058b3c4e661e0ec84400b

SHA1
7e2bfc653c5bc6997553c150a0823daae372cd99

SHA256
ce636d201ef86ffbf4ee8c8762b4d9dc255be9d5f490d0a22e36fe0c938f7244

SHA512
b7f4a7bddb226066f7edf23dfb9bee658c30ae03dfe727ec739f51fd98c63831f732343c14a6ca080f31baed38bf9064cdd57c9d1daaf4c42c029fe83d846dc0

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\setupIcon.ico

Filesize
352KB

MD5
5640aa75945e9ef9808f7db2d53f2b9d

SHA1
c314affd5a0edd2ea8bfd7affde123e441d521d4

SHA256
e1917947cf58b8f4041b1ea0fc673d7d220cdcd3f36a6483c7ed85b6c510a1c9

SHA512
c9a4efc3a53693743c573b36fe6a1289c2961602146f2f85def48cee91da0b5468dce389d2f1c1475fa6a30a30c52b181c6dd19102ca9cb211ba0c3e0d6a3578

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_u0a32k3l.4zg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
c930fdce1545a6baa996f9f75f899f08

SHA1
09913736e6306e1727e0dcd224e803a81d322e8b

SHA256
53c6d972efc48e01599fb118e615e997d7ce70236a96ee13da8c436d5cc83744

SHA512
5204da206eb42d236fafe2abb8a881a8c72a5e4055e43cafc0105b3f8e730b4e2dd1f3e2081d5275769b9117c2ca8267c087a8e6afb7f89548f12d698a64704b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
830f727106ac1c05d2138aa7247747b1

SHA1
3ede61605b4fea08f3bd7de022ef00cebcee8944

SHA256
d63bd52387e04a73eabc79d6c1e69458ea831d89ef89dac2065da55be94abc11

SHA512
dbd666fef1dbe1ed7619fcde92a8ca114732c9aaee7a085e7808f10292b87a40da015bd4cf5b72a9af36cd8757075361fb4b55874d78cb0dcf9652fd32033bb0

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Network\Network Persistent State

Filesize
300B

MD5
b2156d2fb3a6af903938c0e45967fbae

SHA1
e6b35832a2fac27a8fde0ea09b973fcb84860286

SHA256
6e6e7f7b9497f0417774a7931faae45731a8cedbf77658a99479c9f5ab9507c4

SHA512
345cd5ea9697e3b81dc059c216e7a78b5f06908aa219076153f7536f4d482ee4e4d5a8c383ddc49bdb6fa81f1a5ac3606d0d50ad95b3f3359f367939ca01b26e

Download Submit
C:\Users\Admin\AppData\Roaming\freedomgpt\Network\Network Persistent State~RFe587dc6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
memory/1212-452-0x0000020704650000-0x0000020704670000-memory.dmp

Filesize
128KB

Download
memory/1212-449-0x0000020704240000-0x0000020704260000-memory.dmp

Filesize
128KB

Download
memory/1212-438-0x0000020704280000-0x00000207042A0000-memory.dmp

Filesize
128KB

Download
memory/1484-371-0x00007FFD65F00000-0x00007FFD65F01000-memory.dmp

Filesize
4KB

Download
memory/1484-372-0x00007FFD66060000-0x00007FFD66061000-memory.dmp

Filesize
4KB

Download
memory/1544-404-0x000001F667EE0000-0x000001F667EF0000-memory.dmp

Filesize
64KB

Download
memory/1544-414-0x000001F667EE0000-0x000001F667EF0000-memory.dmp

Filesize
64KB

Download
memory/1544-403-0x000001F64F850000-0x000001F64F872000-memory.dmp

Filesize
136KB

Download
memory/1544-415-0x000001F667EE0000-0x000001F667EF0000-memory.dmp

Filesize
64KB

Download
memory/1544-416-0x000001F668C30000-0x000001F668C74000-memory.dmp

Filesize
272KB

Download
memory/1544-417-0x000001F668D00000-0x000001F668D76000-memory.dmp

Filesize
472KB

Download
memory/2972-463-0x000001EC23E60000-0x000001EC23E70000-memory.dmp

Filesize
64KB

Download
memory/2972-495-0x000001EC3D5B0000-0x000001EC3D5D4000-memory.dmp

Filesize
144KB

Download
memory/2972-493-0x000001EC3D5B0000-0x000001EC3D5DA000-memory.dmp

Filesize
168KB

Download
memory/3276-258-0x0000000002A50000-0x0000000002A60000-memory.dmp

Filesize
64KB

Download
memory/3276-284-0x000000001C7A0000-0x000000001C7C0000-memory.dmp

Filesize
128KB

Download
memory/3276-141-0x00000000006D0000-0x00000000008A6000-memory.dmp

Filesize
1.8MB

Download
memory/3276-142-0x0000000002A50000-0x0000000002A60000-memory.dmp

Filesize
64KB

Download
memory/3276-154-0x0000000021560000-0x0000000021598000-memory.dmp

Filesize
224KB

Download
memory/3276-155-0x0000000021530000-0x000000002153E000-memory.dmp

Filesize
56KB

Download
memory/3432-393-0x000000001CF50000-0x000000001D478000-memory.dmp

Filesize
5.2MB

Download
memory/3432-398-0x000000001B670000-0x000000001B680000-memory.dmp

Filesize
64KB

Download
memory/3432-562-0x000000001B670000-0x000000001B680000-memory.dmp

Filesize
64KB

Download
memory/4780-257-0x0000000000B90000-0x0000000000DBE000-memory.dmp

Filesize
2.2MB

Download
memory/4780-287-0x0000000002E10000-0x0000000002E20000-memory.dmp

Filesize
64KB

Download