052100564a8a9a9e8675a554053cbbabc2d4b6c680ebf69c1184054caaf10b30

Analysis

max time kernel
38s
max time network
46s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FurMark_1.31.0.0_Setup.exe
Size

12.3MB
MD5

e82154c5410cd6614523b4e6e7116d2f
SHA1

b6bc190e023d883401ae3c73d6b5acc6ecd0fdfb
SHA256

052100564a8a9a9e8675a554053cbbabc2d4b6c680ebf69c1184054caaf10b30
SHA512

8493072976f105ddba26b46ca38423499e533ce0f7ea51bac9b23bff0aa2047af6855b549847915074a03b4ae77f43a2469ba215db4734afc311d6bc98f74616
SSDEEP

196608:wLDa+a89OrilnUAuqNPKCV5GbbDBCMy7gJFbPjQD2sNzZQtfQexaJfTnP:KWn9kUBnb3BCSfMF1P

Score

9^/10

discovery upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll	acprotect
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll	acprotect

Executes dropped EXE 2 IoCs

Processes:

FurMark_1.31.0.0_Setup.tmpFurMark.exe

pid process

3376 FurMark_1.31.0.0_Setup.tmp
5016 FurMark.exe

pid	process
3376	FurMark_1.31.0.0_Setup.tmp
5016	FurMark.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll	upx
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll	upx
behavioral1/memory/5016-146-0x0000000010000000-0x00000000102A8000-memory.dmp	upx
behavioral1/memory/5016-150-0x0000000010000000-0x00000000102A8000-memory.dmp	upx

Loads dropped DLL 2 IoCs

Processes:

FurMark.exe

pid process

5016 FurMark.exe
5016 FurMark.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
5016	FurMark.exe
5016	FurMark.exe

Drops file in Program Files directory 30 IoCs

Processes:

FurMark_1.31.0.0_Setup.tmpFurMark.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\gpushark.exe	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-TA34H.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-INECE.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-CBV6K.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-GLK25.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-9TLHP.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-33H38.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-STGF3.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-0GGDR.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-3HLJU.tmp	FurMark_1.31.0.0_Setup.tmp
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\core3d.dll	FurMark_1.31.0.0_Setup.tmp
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\zlib1.dll	FurMark_1.31.0.0_Setup.tmp
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\cpuburner.exe	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\unins000.dat	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-JJRV6.tmp	FurMark_1.31.0.0_Setup.tmp
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark_0001.txt	FurMark.exe
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-KMVA4.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-LEP8F.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-SJT8R.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-CONP4.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-DNQPA.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-37MF4.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-TUKD4.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\is-R35IA.tmp	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\screenshots\is-57GME.tmp	FurMark_1.31.0.0_Setup.tmp
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\unins000.dat	FurMark_1.31.0.0_Setup.tmp
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\gpuz.exe	FurMark_1.31.0.0_Setup.tmp
File opened for modification	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll	FurMark_1.31.0.0_Setup.tmp
File created	C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\sound\is-VS6M2.tmp	FurMark_1.31.0.0_Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

FurMark.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	FurMark.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	FurMark.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

FurMark_1.31.0.0_Setup.tmpmsedge.exe

pid process

3376 FurMark_1.31.0.0_Setup.tmp
3376 FurMark_1.31.0.0_Setup.tmp
3648 msedge.exe
3648 msedge.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

FurMark_1.31.0.0_Setup.tmp

pid process

3376 FurMark_1.31.0.0_Setup.tmp

pid	process
3376	FurMark_1.31.0.0_Setup.tmp
3376	FurMark_1.31.0.0_Setup.tmp
3648	msedge.exe
3648	msedge.exe

pid	process
3376	FurMark_1.31.0.0_Setup.tmp

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

FurMark_1.31.0.0_Setup.exeFurMark_1.31.0.0_Setup.tmpmsedge.exe

description	pid	process	target process
PID 2220 wrote to memory of 3376	2220	FurMark_1.31.0.0_Setup.exe	FurMark_1.31.0.0_Setup.tmp
PID 2220 wrote to memory of 3376	2220	FurMark_1.31.0.0_Setup.exe	FurMark_1.31.0.0_Setup.tmp
PID 2220 wrote to memory of 3376	2220	FurMark_1.31.0.0_Setup.exe	FurMark_1.31.0.0_Setup.tmp
PID 3376 wrote to memory of 5016	3376	FurMark_1.31.0.0_Setup.tmp	FurMark.exe
PID 3376 wrote to memory of 5016	3376	FurMark_1.31.0.0_Setup.tmp	FurMark.exe
PID 3376 wrote to memory of 5016	3376	FurMark_1.31.0.0_Setup.tmp	FurMark.exe
PID 3376 wrote to memory of 4424	3376	FurMark_1.31.0.0_Setup.tmp	msedge.exe
PID 3376 wrote to memory of 4424	3376	FurMark_1.31.0.0_Setup.tmp	msedge.exe
PID 4424 wrote to memory of 1084	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1084	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 4276	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3648	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 3648	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe
PID 4424 wrote to memory of 1968	4424	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\FurMark_1.31.0.0_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\FurMark_1.31.0.0_Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmp" /SL5="$B0052,12019398,832512,C:\Users\Admin\AppData\Local\Temp\FurMark_1.31.0.0_Setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3376

C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe
"C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ozone3d.net/redirect.php?id=201
3⤵
- Suspicious use of WriteProcessMemory
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff906f246f8,0x7ff906f24708,0x7ff906f24718
4⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11905321864115468715,8204785048279165266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
4⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11905321864115468715,8204785048279165266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11905321864115468715,8204785048279165266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
4⤵
PID:1968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll
Filesize
889KB

MD5
cb1c50b16863e835371a2a8fcea3a653

SHA1
9b98f2aefe5a2d7f7b27d0cf3422746a54635cec

SHA256
a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b

SHA512
df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de

Download Submit
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FreeImage.dll
Filesize
889KB

MD5
cb1c50b16863e835371a2a8fcea3a653

SHA1
9b98f2aefe5a2d7f7b27d0cf3422746a54635cec

SHA256
a2ed0dd0a52847645a05a2c61f64284cb5cbefa9cd8e168af5e8c6138ef7fe4b

SHA512
df619f4f85cd9bd464e9216f7b6a9414898cf7f5e293a741f033b5a7259da94e0b65860b8b3ca244afdb8eee93a9cfbe56af88d742760aa00353332897fe06de

Download Submit
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe
Filesize
2.9MB

MD5
4e988590c55b3e0f34e81e92db10cc9e

SHA1
af7a996073be1b7fd204720f7fee04921767f794

SHA256
af541ea37e276af0c5c341ced297608764acc384c4bad0a2d790182a0bcc57c1

SHA512
545b7b546a693d4dabbd4605d09c9edfd978f559db2b3334cd24c59cc8631f3c65c95e48d9a96c2cd472db4c6669cd40d2ef9180903625b5cc6bc85e90b668f2

Download Submit
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\FurMark.exe
Filesize
2.9MB

MD5
4e988590c55b3e0f34e81e92db10cc9e

SHA1
af7a996073be1b7fd204720f7fee04921767f794

SHA256
af541ea37e276af0c5c341ced297608764acc384c4bad0a2d790182a0bcc57c1

SHA512
545b7b546a693d4dabbd4605d09c9edfd978f559db2b3334cd24c59cc8631f3c65c95e48d9a96c2cd472db4c6669cd40d2ef9180903625b5cc6bc85e90b668f2

Download Submit
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\core3d.dll
Filesize
1.9MB

MD5
f9a508f4a8209193a334bca97d8a441a

SHA1
370c4db76180eac57313c18aaa562a1556a157f6

SHA256
710f0b1bf5d08923e9721bdf79b03ae49e0d04f40758fafbf5f8f4b1fee88147

SHA512
7ba10ecf4d7e95494f7841f2938b65366b93afabed6c8ddc7ec3eddf37c12a0ec458c5f8e25304c68aa3e1322734f138493c3396705c6b18669ac8ec2f8d15cf

Download Submit
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\core3d.dll
Filesize
1.9MB

MD5
f9a508f4a8209193a334bca97d8a441a

SHA1
370c4db76180eac57313c18aaa562a1556a157f6

SHA256
710f0b1bf5d08923e9721bdf79b03ae49e0d04f40758fafbf5f8f4b1fee88147

SHA512
7ba10ecf4d7e95494f7841f2938b65366b93afabed6c8ddc7ec3eddf37c12a0ec458c5f8e25304c68aa3e1322734f138493c3396705c6b18669ac8ec2f8d15cf

Download Submit
C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark\startup_options.xml
Filesize
1013B

MD5
b913978e5db3eaedc60d2e93b2e6880a

SHA1
4030fe568631e2b58839d0ba4c4211a94c0e6eb9

SHA256
f1542becf5b77d8eccb869b7f16f92f5ee9d602bc74f72adf9f132ef81dd2ef3

SHA512
54cb0886d3e9386492d63b6f6383820078d3afc0e1ce292efc7fa0c2adf05077757654dfa39eba54beeea11c6324a8a5a1a72649343088cd7e22238c6de820ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmp
Filesize
3.0MB

MD5
939a0c062e0849746a9b90ae4323a411

SHA1
efff0195c9510916145eacbc69c6082a699c9158

SHA256
d42046246bbb78670480bb9e87b83221d6de868a38ffdf48245b33afc9c90003

SHA512
a9d132d60e314ca3913f15e137bc0a2a370316677c2a75d88eabee25035f3241aa8b6360a60536698d2c79ee52b9892c1c5121debb02f8658f18d8663e245fea

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NJIM0.tmp\FurMark_1.31.0.0_Setup.tmp
Filesize
3.0MB

MD5
939a0c062e0849746a9b90ae4323a411

SHA1
efff0195c9510916145eacbc69c6082a699c9158

SHA256
d42046246bbb78670480bb9e87b83221d6de868a38ffdf48245b33afc9c90003

SHA512
a9d132d60e314ca3913f15e137bc0a2a370316677c2a75d88eabee25035f3241aa8b6360a60536698d2c79ee52b9892c1c5121debb02f8658f18d8663e245fea

Download Submit
\??\pipe\LOCAL\crashpad_4424_EGEPBDSCNFOLSLTD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1084-148-0x0000000000000000-mapping.dmp

Download
memory/1968-156-0x0000000000000000-mapping.dmp

Download
memory/2220-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2220-132-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2220-149-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3376-134-0x0000000000000000-mapping.dmp

Download
memory/3648-153-0x0000000000000000-mapping.dmp

Download
memory/4276-152-0x0000000000000000-mapping.dmp

Download
memory/4424-147-0x0000000000000000-mapping.dmp

Download
memory/5016-138-0x0000000000000000-mapping.dmp

Download
memory/5016-146-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download
memory/5016-150-0x0000000010000000-0x00000000102A8000-memory.dmp

Filesize
2.7MB

Download