hxxp://github[.]com/ollama/ollama/releases/download/v0[.]1[.]37/OllamaSetup[.]exe

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://github.com/ollama/ollama/releases/download/v0.1.37/OllamaSetup.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1720	OllamaSetup.exe
2860	OllamaSetup.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601004279370335"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2860	OllamaSetup.tmp
2860	OllamaSetup.tmp
3916	chrome.exe
3916	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe
Token: SeShutdownPrivilege	2336	chrome.exe
Token: SeCreatePagefilePrivilege	2336	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe
2336	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2064	2336	chrome.exe	82
PID 2336 wrote to memory of 2064	2336	chrome.exe	82
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 4440	2336	chrome.exe	86
PID 2336 wrote to memory of 2996	2336	chrome.exe	87
PID 2336 wrote to memory of 2996	2336	chrome.exe	87
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88
PID 2336 wrote to memory of 940	2336	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://github.com/ollama/ollama/releases/download/v0.1.37/OllamaSetup.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea6afab58,0x7ffea6afab68,0x7ffea6afab78
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:2
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:2996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4740 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1636 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4464 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4920 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Users\Admin\Downloads\OllamaSetup.exe
  "C:\Users\Admin\Downloads\OllamaSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\is-ER6JE.tmp\OllamaSetup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-ER6JE.tmp\OllamaSetup.tmp" /SL5="$B01FE,207029149,783872,C:\Users\Admin\Downloads\OllamaSetup.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1864 --field-trial-handle=1900,i,8025570680502003539,10826945274027665377,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
54289f99047f11188af80e00e55a2eec

SHA1
6ab794d0f921b921bef08150c3da5fa10f7ce649

SHA256
6919f570fa2c8769d66ce319181a65337e761d61d781950640f042d469170c3c

SHA512
18672cba42fb945d1557c80b154ad82da72eb00a3814c42c284f8f20dfdee8a2e9742d1efff254ada0766d58973dfd82391a99becf651003083b087f70698873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
830e46915be48092a3b612ce58255301

SHA1
ecf263405a754b2e85be68883051cbed90bb2752

SHA256
ada71f8e2241cbb6d086d23f1623de55a3617d086ab2bc4bcece9263df2c5f25

SHA512
cc5243e2124a6281dcf7943c6bdec5a1b5d0d2cd9b255c40c274aa37d10ecf924e807a39f3409d4cb9d016ba9a7f235dc6a9ad4fa88cd9b7cfc7af13288dcc80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29e8e63875150096e7e6eb240528dfa7

SHA1
df66e6a16e9023d2932db8b3f76e83feda9927e5

SHA256
2a0e98e63358a3ec7eab1a3815cf4d6f993bc05a513bac1f05735afb586568f9

SHA512
a5fcf62d0bcedfd29c40a925404f51d35e8e42568c15cca756431275ebef1a2b9542154bd15d7e3cf1d55e6b3c6e6bfd0298324d269ca3309b3bc6b00cd3cc2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b2a416776829abb44872d31917cf372

SHA1
27807c9e15888e7f5c44405d611e0e77605a3f63

SHA256
a4c2aad1733c14071078b214951197f362e23ab28209b0532dbcdbe8f0ad1c47

SHA512
f4828d6f6f9ea915c60508021b44a5616cf3299576b9e921d13679adf60b5403552fb2e50bb3c5b6f15e5bc776ab7bf436cdabdcc294fe067a24378135a3dba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
352892ac8b0ebcd01c20a0ebab9ad9c0

SHA1
de5d6d8a19c7de3ff0e1cce77bac8df0ccc6f7df

SHA256
e814d0a2c5b4cad24667acb5812936ff2dd4ef30919c2ce7463700078e99ef25

SHA512
855b58ef6653a12e90ecd882bbf530f505be6e919f7e2f4501312c465791377a82abd15ab49d01ee2257a984e073c0b92830d066733d261b854b504afbb938e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
841524d8343bfcfbf2eddc044a607910

SHA1
ab8a739731ccf5d8075406c28beea01b584c86fc

SHA256
eba5382a9fa9566e0b7cb7a0b7cf96daf12f08f29d46714edf3c947c0068d1f1

SHA512
377d8c294354ee399ddd1ac8f8850b3f5a2744daa8544a3cc69e6d401540739357574d1c9a57d8c4033d3632289ac04707d0d1c2f85313dc492d04e58bbfa4ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5806d1.TMP

Filesize
94KB

MD5
b44f413a7a7b752242f3664a96663a1e

SHA1
92d0330c6b065bc156b2ee2f8ad99c33152a19c0

SHA256
5a1315b725fb5666c0202632815aca02882fdda67de7520ba4541d2bece8f67e

SHA512
2f067fa3e1782db13c0d08860f838da17fdac34767c16d877260dbf01049d55657dbba13ce0b67862f18b4ab6342e6816ac37b5b40cb6f45e3e629537b8b1803

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ER6JE.tmp\OllamaSetup.tmp

Filesize
3.0MB

MD5
6aecb94defe56fa970e165c66fb08813

SHA1
ea37f7c7a975a368a56016a96afbabb318ad17c4

SHA256
fbc9012f7542da1f076c1dab5e8733db0a8ea8e60f6bd435a3f6e34d58a6f228

SHA512
73fc7aa4a0dae4b78578e3a45885d168b599b52aa543fad9027178bb11bf9bb9861f79aeaa06c840e2ee7e61efff7a2c58ee10f606c2a69e574f1733cec56673

Download Submit
memory/1720-114-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1720-79-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1720-125-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/1720-78-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2860-84-0x0000000000400000-0x0000000000708000-memory.dmp

Filesize
3.0MB

Download
memory/2860-115-0x0000000000400000-0x0000000000708000-memory.dmp

Filesize
3.0MB

Download
memory/2860-124-0x0000000000400000-0x0000000000708000-memory.dmp

Filesize
3.0MB

Download