purelogs | cc8afa3fb773dc68840e7d4b3423ae47e19a12bfceeadc332cddec9d1d545627

Analysis

max time kernel
241s
max time network
183s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
02-12-2023 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Web_Razer_Synapse_Installer_v2.21.24.41.exe
Size

25.6MB
MD5

2d73b9c85866634de78eb9f833fc50dc
SHA1

1a2ca691d2f53ced41d0d11973de8fb583cb1113
SHA256

cc8afa3fb773dc68840e7d4b3423ae47e19a12bfceeadc332cddec9d1d545627
SHA512

df366ba42008b7abf595c1f6d1c48b8edcefc5abc73bbf88c410134b223353a8dc1caf46a121df925e5f8ff7fb3828891773e7e1227c9097960cb5ab904067ba
SSDEEP

786432:JCMvNyeof/jP+KhRNmMogeINr0hJMPULu:JCMkewbP+8lD/cy

Score

10^/10

purelogs discovery persistence stealer

Malware Config

Signatures

Detect PureLogs payload 7 IoCs

resource	yara_rule
behavioral1/files/0x000500000001a482-1419.dat	family_purelogs
behavioral1/files/0x000500000001a482-1420.dat	family_purelogs
behavioral1/files/0x000500000001a482-1421.dat	family_purelogs
behavioral1/memory/3040-1422-0x00000000003C0000-0x0000000000406000-memory.dmp	family_purelogs
behavioral1/files/0x000500000001a482-1423.dat	family_purelogs
behavioral1/files/0x000500000001a482-1424.dat	family_purelogs
behavioral1/memory/3040-1425-0x0000000004B90000-0x0000000004BD0000-memory.dmp	family_purelogs

PureLogs
PureLogs is an infostealer written in C#.
stealer purelogs

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Razer Synapse = "\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\""	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	msiexec.exe

Blocklisted process makes network request 4 IoCs

flow	pid	Process
3	896	MSIEXEC.EXE
5	896	MSIEXEC.EXE
7	896	MSIEXEC.EXE
11	2288	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	MSIEXEC.EXE
File opened (read-only)	\??\M:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	MSIEXEC.EXE
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\B:	MSIEXEC.EXE
File opened (read-only)	\??\E:	MSIEXEC.EXE
File opened (read-only)	\??\H:	MSIEXEC.EXE
File opened (read-only)	\??\U:	MSIEXEC.EXE
File opened (read-only)	\??\X:	MSIEXEC.EXE
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	MSIEXEC.EXE
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	MSIEXEC.EXE
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	MSIEXEC.EXE
File opened (read-only)	\??\R:	MSIEXEC.EXE
File opened (read-only)	\??\S:	MSIEXEC.EXE
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	MSIEXEC.EXE
File opened (read-only)	\??\N:	MSIEXEC.EXE
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	MSIEXEC.EXE
File opened (read-only)	\??\I:	MSIEXEC.EXE
File opened (read-only)	\??\L:	MSIEXEC.EXE
File opened (read-only)	\??\P:	MSIEXEC.EXE
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	MSIEXEC.EXE
File opened (read-only)	\??\V:	MSIEXEC.EXE
File opened (read-only)	\??\W:	MSIEXEC.EXE
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rzdevinfo.dll	MSI5B02.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ko-KR\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fr-FR\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUpdateManager.exe.config	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzAIOGeneratorUi.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\pt-BR\RzAIOGeneratorUi.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzStorage.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\de-DE\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUISdk.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\rzdetmgr.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\Avro.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzAIOGeneratorUi.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fr-FR\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ko-KR\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUpdateManagerUI.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\log4net.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\pt-BR\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUnlockAgent.exe	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUtilWin.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ja-JP\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\de-DE\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzSynapseLoginUI.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\cacert.pem	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\DeviceList.xml	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzAIOGenerator.exe	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ja-JP\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\pt-BR\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzEmilySettings.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzStorageIO.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\es-ES\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUpdate.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\jQuery-MIT-License.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\PortAudio-License.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\Newtonsoft.Json.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RestartApp.exe	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ru-RU\RzAIOGeneratorUi.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\de-DE\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\pt-BR\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ru-RU\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\razer2.cer	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe.config	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RazerProtocolDLL.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ru-RU\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ja-JP\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\razer.cer	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzAIOInstallManager.exe	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ko-KR\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzTrayMgr.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\de-DE\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\curl-license.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\Razer_Application.ico	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzCommon.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\es-ES\RzAIOInstallManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\es-ES\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\Ionic.Zip.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzAIOGeneratorUi.resources.dll	msiexec.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4A8C.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcp110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm110u_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe	msiexec.exe
File created	C:\Windows\Installer\f7729c3.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc110u_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File created	C:\Windows\Installer\f7729c1.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3851.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\NewShortcut1_39DEDF8BE16D414F9CB4D01021BE0D48.exe	msiexec.exe
File created	C:\Windows\Installer\f7729bf.msi	msiexec.exe
File created	C:\Windows\Installer\f7729c0.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\1033.MST	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\1033.MST	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5B02.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\NewShortcut1_39DEDF8BE16D414F9CB4D01021BE0D48.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\f7729c0.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5FC4.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\f7729bf.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_vccorlib110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfcm110u_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\f7729c1.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcr110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_msvcp110_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\2.21.24\F_CENTRAL_mfc110u_x86.F9D0B380_EB85_31D4_96AC_C6CB40086A55	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4CFD.tmp	msiexec.exe

Executes dropped EXE 8 IoCs

pid	Process
2240	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
268	MSI4A8C.tmp
2060	MSI4CFD.tmp
584	MSI5B02.tmp
1528	MSI5FC4.tmp
2100	RazerMerger.exe
3040	RzSynapse.exe

Loads dropped DLL 40 IoCs

pid	Process
2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe
2240	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2892	Razer_Synapse_Installer_v2.21.24.41.exe
2588	MsiExec.exe
2060	MSI4CFD.tmp
584	MSI5B02.tmp
1376	regsvr32.exe
1528	MSI5FC4.tmp
1528	MSI5FC4.tmp
1528	MSI5FC4.tmp
896	MSIEXEC.EXE
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe
3040	RzSynapse.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 10 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000016d2d-156.dat	nsis_installer_2
behavioral1/files/0x0004000000005b81-332.dat	nsis_installer_2
behavioral1/files/0x000700000001ad41-391.dat	nsis_installer_1
behavioral1/files/0x000700000001ad41-391.dat	nsis_installer_2
behavioral1/files/0x000700000001ad41-392.dat	nsis_installer_1
behavioral1/files/0x000700000001ad41-392.dat	nsis_installer_2
behavioral1/files/0x000800000001ad41-406.dat	nsis_installer_1
behavioral1/files/0x000800000001ad41-406.dat	nsis_installer_2
behavioral1/files/0x000800000001ad41-407.dat	nsis_installer_1
behavioral1/files/0x000800000001ad41-407.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	RzSynapse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	RzSynapse.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RzSynapse.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RzSynapse.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RzSynapse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RzSynapse.exe

Modifies data under HKEY_USERS 50 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732 = "Finds and displays information and Web sites on the Internet."	MSI4CFD.tmp
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MSI4CFD.tmp
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-738 = "Start Internet Explorer without ActiveX controls or browser extensions."	MSI4CFD.tmp
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%systemroot%\system32\windowspowershell\v1.0\powershell.exe",-111 = "Performs object-based (command-line) functions"	MSI4CFD.tmp
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A8EA4519-CD07-4692-83C6-98213C8216D1}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D67AECD9-D26F-4E6F-832F-8831580B3A3B}\1.0	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ja-JP\|RzSynapse.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|fr-FR\|RzAIOInstallManager.resources.dll\RzAIOInstallManager.resources,Version="2.1.0.29285",Culture="fr-FR",FileVersion="2.1.0.29285",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e005b002600570053007700710066002b005a003900410060003f00260062007600310068004000550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\TypeLib	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RestartApp.exe	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzSynapse.resources.dll\RzSynapse.resources,Version="2.21.24.41",Culture="de-DE",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0040005f0044006a00660070007d007a00380041005a00760037007b004300570036004a006100460000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CN\|RzUpdateManager.resources.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzAIOGeneratorUi.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ko-KR\|RzAIOInstallManager.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|fr-FR\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="2.21.24.41",Culture="fr-FR",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e00770032004b00710041007d00700024006e003f003400630052006a00320061004c0041007e00690000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzUpdateManager.resources.dll\RzUpdateManager.resources,Version="2.1.0.29285",Culture="es-ES",FileVersion="2.1.0.29285",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0024007d003000530070005d004a005b004a0040007b006400240059003400360042006e005000310000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ko-KR\|RzUpdateManager.resources.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\rzdevinfo.dll\AppID = "{4849BF16-A043-431F-951F-171A5E0913A7}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|pt-BR\|RzAIOGeneratorUi.resources.dll\RzAIOGeneratorUi.resources,Version="1.0.2.29263",Culture="pt-BR",FileVersion="1.0.2.29263",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e004f0033004f004000750051003100730070003f004e0053003500520065003300770076006300440000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CN\|RzAIOGeneratorUi.resources.dll\RzAIOGeneratorUi.resources,Version="1.0.2.29263",Culture="zh-CN",FileVersion="1.0.2.29263",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e007100690076005100290042004d0059002e003d00390070005a007b007a007400740035003d00340000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzAIOInstallManager.resources.dll\RzAIOInstallManager.resources,Version="2.1.0.29285",Culture="de-DE",FileVersion="2.1.0.29285",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e004800240036002400570064006f007e003300410053007a002800510033004c00420074005f002e0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzSynapse.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzSynapse.resources.dll\RzSynapse.resources,Version="2.21.24.41",Culture="es-ES",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e004e0046006c002a004e0074007d002700300041007b006e0049004e003500590035004a002d006a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzUpdate.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\ProductName = "Razer Synapse"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppID\{28494F0B-EC89-4BF5-A471-F1E429FA0FB7}	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ja-JP\|RzUpdateManager.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CHT\|RzUpdateManager.resources.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\TypeLib\ = "{D67AECD9-D26F-4E6F-832F-8831580B3A3B}"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CN\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="2.21.24.41",Culture="zh-CN",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e006c006c0061007e006c007e006400680034004100730061005e004600410064002b0049004a00310000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|fr-FR\|RzAIOInstallManager.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="2.21.24.41",Culture="de-DE",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e00600074007700500030002c004800440062003f004200720077004000640045006900430078004f0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr.1\CLSID\ = "{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzAIOGeneratorUi.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzAIOGenerator.exe	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\TypeLib\{D67AECD9-D26F-4E6F-832F-8831580B3A3B}\1.0\0\win32	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RestartApp.exe\RestartApp,Version="2.21.24.41",Culture="neutral",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0044002c0052005a0040006800310041004d003d005b00310074006300500048007a004e005700740000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D67AECD9-D26F-4E6F-832F-8831580B3A3B}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ja-JP\|RzSynapseLoginUI.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}\ProgID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr\CLSID\ = "{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}\ProgID\ = "rzdetmgr.RzDetectMgr.1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}\InprocServer32\InprocServer32 = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e003d00410060006f00730021006c0034005d003f0050006c0062004100720058006d00780069004d0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CHT\|RzAIOInstallManager.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ko-KR\|RzSynapse.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ru-RU\|RzAIOGeneratorUi.resources.dll\RzAIOGeneratorUi.resources,Version="1.0.2.29263",Culture="ru-RU",FileVersion="1.0.2.29263",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e00360074004f0040005a0072007800580033003f005900300066002b00330062004700500045007a0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ru-RU\|RzUpdateManager.resources.dll\RzUpdateManager.resources,Version="2.1.0.29285",Culture="ru-RU",FileVersion="2.1.0.29285",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e007a00610042003000550073004e004f0035003f0048007d003700440032007a0061006b004b00360000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\SourceList\Media\1 = "DISK1;1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\ = "_IDetectEventsManaged"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|Newtonsoft.Json.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="2.21.24.41",Culture="es-ES",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e006b007e002100460035002b007900540057003d00730038004800510057004a00590079006200300000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzTrayMgr.dll\RzTrayMgr,Version="2.21.24.41",Culture="neutral",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e00720036006d0028004400360060007100520041007e004a00660043004a004a0044005b005b002d0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|Avro.dll\Avro,Version="0.9.1.0",PublicKeyToken="B1248D7EEB9D0814",Culture="neutral",FileVersion="0.9.1.0",ProcessorArchitecture="MSIL" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0056004700580025002c007a004c0053004f00240050005d004400500071006d00380071002d00730000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ja-JP\|RzAIOInstallManager.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\TypeLib	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|fr-FR\|RzUpdateManager.resources.dll\RzUpdateManager.resources,Version="2.1.0.29285",Culture="fr-FR",FileVersion="2.1.0.29285",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e003d0058006800580075004a003000770038004000700060003f007b0055005b00480052004400320000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzUtilWin.dll\RzUtilWin,Version="1.0.0.0",Culture="neutral",FileVersion="1.0.0.0",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e004f00290046007e0075005e0043005d007500390037004f002600470076004100530068004700280000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzUpdateManager.resources.dll	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\Version = "34930712"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzAIOGeneratorUi.resources.dll\RzAIOGeneratorUi.resources,Version="1.0.2.29263",Culture="de-DE",FileVersion="1.0.2.29263",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0074003600390055002e0049005f007b0064003f003f005b0021004b00580056007000760051007a0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ko-KR\|RzSynapse.resources.dll\RzSynapse.resources,Version="2.21.24.41",Culture="ko-KR",FileVersion="2.21.24.41",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e002e00470039004e0040005500380046002600410043004d002b00210068005a00420079004900310000000000	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2288	msiexec.exe
2288	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
896	MSIEXEC.EXE

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	896	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	896	MSIEXEC.EXE
Token: SeRestorePrivilege	2288	msiexec.exe
Token: SeTakeOwnershipPrivilege	2288	msiexec.exe
Token: SeSecurityPrivilege	2288	msiexec.exe
Token: SeCreateTokenPrivilege	896	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	896	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	896	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	896	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	896	MSIEXEC.EXE
Token: SeTcbPrivilege	896	MSIEXEC.EXE
Token: SeSecurityPrivilege	896	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	896	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	896	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	896	MSIEXEC.EXE
Token: SeSystemtimePrivilege	896	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	896	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	896	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	896	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	896	MSIEXEC.EXE
Token: SeBackupPrivilege	896	MSIEXEC.EXE
Token: SeRestorePrivilege	896	MSIEXEC.EXE
Token: SeShutdownPrivilege	896	MSIEXEC.EXE
Token: SeDebugPrivilege	896	MSIEXEC.EXE
Token: SeAuditPrivilege	896	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	896	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	896	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	896	MSIEXEC.EXE
Token: SeUndockPrivilege	896	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	896	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	896	MSIEXEC.EXE
Token: SeManageVolumePrivilege	896	MSIEXEC.EXE
Token: SeImpersonatePrivilege	896	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	896	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	896	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	896	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	896	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	896	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	896	MSIEXEC.EXE
Token: SeTcbPrivilege	896	MSIEXEC.EXE
Token: SeSecurityPrivilege	896	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	896	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	896	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	896	MSIEXEC.EXE
Token: SeSystemtimePrivilege	896	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	896	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	896	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	896	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	896	MSIEXEC.EXE
Token: SeBackupPrivilege	896	MSIEXEC.EXE
Token: SeRestorePrivilege	896	MSIEXEC.EXE
Token: SeShutdownPrivilege	896	MSIEXEC.EXE
Token: SeDebugPrivilege	896	MSIEXEC.EXE
Token: SeAuditPrivilege	896	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	896	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	896	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	896	MSIEXEC.EXE
Token: SeUndockPrivilege	896	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	896	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	896	MSIEXEC.EXE
Token: SeManageVolumePrivilege	896	MSIEXEC.EXE
Token: SeImpersonatePrivilege	896	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	896	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	896	MSIEXEC.EXE

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
896	MSIEXEC.EXE
896	MSIEXEC.EXE
3040	RzSynapse.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3040	RzSynapse.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2240	2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe	28
PID 2204 wrote to memory of 2240	2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe	28
PID 2204 wrote to memory of 2240	2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe	28
PID 2204 wrote to memory of 2240	2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe	28
PID 2204 wrote to memory of 2240	2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe	28
PID 2204 wrote to memory of 2240	2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe	28
PID 2204 wrote to memory of 2240	2204	Web_Razer_Synapse_Installer_v2.21.24.41.exe	28
PID 2240 wrote to memory of 2892	2240	Razer_Synapse_Installer_v2.21.24.41.exe	29
PID 2240 wrote to memory of 2892	2240	Razer_Synapse_Installer_v2.21.24.41.exe	29
PID 2240 wrote to memory of 2892	2240	Razer_Synapse_Installer_v2.21.24.41.exe	29
PID 2240 wrote to memory of 2892	2240	Razer_Synapse_Installer_v2.21.24.41.exe	29
PID 2240 wrote to memory of 2892	2240	Razer_Synapse_Installer_v2.21.24.41.exe	29
PID 2240 wrote to memory of 2892	2240	Razer_Synapse_Installer_v2.21.24.41.exe	29
PID 2240 wrote to memory of 2892	2240	Razer_Synapse_Installer_v2.21.24.41.exe	29
PID 2892 wrote to memory of 896	2892	Razer_Synapse_Installer_v2.21.24.41.exe	30
PID 2892 wrote to memory of 896	2892	Razer_Synapse_Installer_v2.21.24.41.exe	30
PID 2892 wrote to memory of 896	2892	Razer_Synapse_Installer_v2.21.24.41.exe	30
PID 2892 wrote to memory of 896	2892	Razer_Synapse_Installer_v2.21.24.41.exe	30
PID 2892 wrote to memory of 896	2892	Razer_Synapse_Installer_v2.21.24.41.exe	30
PID 2892 wrote to memory of 896	2892	Razer_Synapse_Installer_v2.21.24.41.exe	30
PID 2892 wrote to memory of 896	2892	Razer_Synapse_Installer_v2.21.24.41.exe	30
PID 2288 wrote to memory of 2588	2288	msiexec.exe	32
PID 2288 wrote to memory of 2588	2288	msiexec.exe	32
PID 2288 wrote to memory of 2588	2288	msiexec.exe	32
PID 2288 wrote to memory of 2588	2288	msiexec.exe	32
PID 2288 wrote to memory of 2588	2288	msiexec.exe	32
PID 2288 wrote to memory of 2588	2288	msiexec.exe	32
PID 2288 wrote to memory of 2588	2288	msiexec.exe	32
PID 2288 wrote to memory of 268	2288	msiexec.exe	38
PID 2288 wrote to memory of 268	2288	msiexec.exe	38
PID 2288 wrote to memory of 268	2288	msiexec.exe	38
PID 2288 wrote to memory of 268	2288	msiexec.exe	38
PID 2288 wrote to memory of 2060	2288	msiexec.exe	39
PID 2288 wrote to memory of 2060	2288	msiexec.exe	39
PID 2288 wrote to memory of 2060	2288	msiexec.exe	39
PID 2288 wrote to memory of 2060	2288	msiexec.exe	39
PID 2288 wrote to memory of 2060	2288	msiexec.exe	39
PID 2288 wrote to memory of 2060	2288	msiexec.exe	39
PID 2288 wrote to memory of 2060	2288	msiexec.exe	39
PID 2288 wrote to memory of 584	2288	msiexec.exe	40
PID 2288 wrote to memory of 584	2288	msiexec.exe	40
PID 2288 wrote to memory of 584	2288	msiexec.exe	40
PID 2288 wrote to memory of 584	2288	msiexec.exe	40
PID 2288 wrote to memory of 584	2288	msiexec.exe	40
PID 2288 wrote to memory of 584	2288	msiexec.exe	40
PID 2288 wrote to memory of 584	2288	msiexec.exe	40
PID 584 wrote to memory of 1376	584	MSI5B02.tmp	41
PID 584 wrote to memory of 1376	584	MSI5B02.tmp	41
PID 584 wrote to memory of 1376	584	MSI5B02.tmp	41
PID 584 wrote to memory of 1376	584	MSI5B02.tmp	41
PID 584 wrote to memory of 1376	584	MSI5B02.tmp	41
PID 584 wrote to memory of 1376	584	MSI5B02.tmp	41
PID 584 wrote to memory of 1376	584	MSI5B02.tmp	41
PID 2288 wrote to memory of 1528	2288	msiexec.exe	42
PID 2288 wrote to memory of 1528	2288	msiexec.exe	42
PID 2288 wrote to memory of 1528	2288	msiexec.exe	42
PID 2288 wrote to memory of 1528	2288	msiexec.exe	42
PID 1528 wrote to memory of 1188	1528	MSI5FC4.tmp	43
PID 1528 wrote to memory of 1188	1528	MSI5FC4.tmp	43
PID 1528 wrote to memory of 1188	1528	MSI5FC4.tmp	43
PID 1528 wrote to memory of 1188	1528	MSI5FC4.tmp	43
PID 1188 wrote to memory of 1832	1188	cmd.exe	45
PID 1188 wrote to memory of 1832	1188	cmd.exe	45
PID 1188 wrote to memory of 1832	1188	cmd.exe	45

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Web_Razer_Synapse_Installer_v2.21.24.41.exe
"C:\Users\Admin\AppData\Local\Temp\Web_Razer_Synapse_Installer_v2.21.24.41.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\nso47CB.tmp\Razer_Synapse_Installer_v2.21.24.41.exe
  C:\Users\Admin\AppData\Local\Temp\nso47CB.tmp\Razer_Synapse_Installer_v2.21.24.41.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer_Synapse_Installer_v2.21.24.41.exe
    C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer_Synapse_Installer_v2.21.24.41.exe /q"C:\Users\Admin\AppData\Local\Temp\nso47CB.tmp\Razer_Synapse_Installer_v2.21.24.41.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}" /IS_temp
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2892
  - - C:\Windows\SysWOW64\MSIEXEC.EXE
      "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer Synapse 2.0.msi" TRANSFORMS="C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\1033.MST" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp\nso47CB.tmp" SETUPEXENAME="Razer_Synapse_Installer_v2.21.24.41.exe"
      4⤵
      Blocklisted process makes network request
      Enumerates connected drives
      Loads dropped DLL
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      PID:896
    - - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
        
        "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" -launch
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3040
  - - C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      4⤵
      PID:3052

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Adds Run key to start application
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 56B2430FDC29761B99ADE924A5C95432 C
  2⤵
  - Loads dropped DLL
  PID:2588
- C:\Windows\Installer\MSI4A8C.tmp
  "C:\Windows\Installer\MSI4A8C.tmp" -rf "C:\ProgramData\Razer\Synapse"
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\Installer\MSI4CFD.tmp
  "C:\Windows\Installer\MSI4CFD.tmp" -rf "C:\ProgramData\Razer\Synapse"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:2060
- C:\Windows\Installer\MSI5B02.tmp
  "C:\Windows\Installer\MSI5B02.tmp"
  2⤵
  - Drops file in System32 directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:584
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\SysWOW64\regsvr32.exe" /S rzdevinfo.dll
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:1376
- C:\Windows\Installer\MSI5FC4.tmp
  "C:\Windows\Installer\MSI5FC4.tmp" /S
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1528
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\ProgramData\Razer\Synapse\Devices\SetReg.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1188
  - - C:\Windows\SysWOW64\regini.exe
      regini SetReg.txt
      4⤵
      PID:1832
- - C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe
    "C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe"
    3⤵
    - Executes dropped EXE
    PID:2100

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2368

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003C0" "00000000000003C8"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f7729c2.rbs

Filesize
75KB

MD5
cccfa99ee280a43bc38b1080513d2fb3

SHA1
b2c91f62cfd89564dd8d86034350034ac64b8e6f

SHA256
6959104ade6515ad0213f199b75ff6abc1d05cc5e43c01a95d5402e6b0983000

SHA512
6678423a94812a2e5c5f047583eef444cea347adf58f07e2ff71045d49cdb751b4087ced3c8cb569cbf14bec4227cefcfd22b808f7cd389733c78d923d46addb

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
114KB

MD5
bbb886446a9384cd088ed0f21e97c6af

SHA1
e6dc82b73f5c641c34f104817857320aef54b432

SHA256
083947aa3c8d2b4f8bd1eae9a97b248ee74419ed0eae6759ac0b98ae2fcf5c9a

SHA512
ff2409302d090967675dae5aae5c692d0d11d6d643cca9e4a670a525bf7ba72d6242d09b1df87650578af0cd96be04123e020d873f297010cd8725c087ab1005

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
585KB

MD5
60823160fc1406a5cc01eeec69d55cd8

SHA1
db9eb1e020e6688617bf936806a34d95262d028d

SHA256
83afbb7513495888211bd6073296ba80dda4fb2c7e8cb02ac1c84a6183667f08

SHA512
f7445ad8c7e48bdf49ec17b83ceebb3c02e4d988b05c909f014952793b8ac2a79f01fcc09cdd93752b8ebb8a5977b242eafc16e11b9841dd5525cf57d691562e

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
585KB

MD5
60823160fc1406a5cc01eeec69d55cd8

SHA1
db9eb1e020e6688617bf936806a34d95262d028d

SHA256
83afbb7513495888211bd6073296ba80dda4fb2c7e8cb02ac1c84a6183667f08

SHA512
f7445ad8c7e48bdf49ec17b83ceebb3c02e4d988b05c909f014952793b8ac2a79f01fcc09cdd93752b8ebb8a5977b242eafc16e11b9841dd5525cf57d691562e

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe.config

Filesize
3KB

MD5
05e0da37da22421567b0e47d0c2f9b5f

SHA1
1361bc62e097ff269cd1806990c2ce0655b82f30

SHA256
35c90ce594baea045fbea3a58c3d3799c7697696be4d8f9cfa2ddca161460c1f

SHA512
e5765cf3e6dff1199df98d70c8da854dc74f568225229d1eab3212b30afae40ac39eedcc5c07121c7880051a7f5d5404a6770b36b7f913d6923f8e300bad00e3

Download Submit
C:\Program Files (x86)\Razer\Synapse\config.log4net

Filesize
869B

MD5
4deb7380efea18de30b0cb2d0dd2669e

SHA1
5dc4999720bb8cabb36561348fd8db88d14afa33

SHA256
29e05e5e9b52d9108fca9a4a2686b8637f61b9ed1785d01dee7edd4606c40211

SHA512
6f22ad5eab6e6df8747b31793f8db4dd4ec93188466bd27c25d72ecaaa270a9cd4a084df496c98f94149b1d7148a8b8613d45cadcb6438c00d0756315b3b9f86

Download Submit
C:\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
268KB

MD5
d78fea1f8dd59b04e7ac521b73ecffa2

SHA1
e254986aa6deb671a945deae87e814a0fa81289f

SHA256
0e7df35b2d0284f892717f728a7c1430815af704d2f12aa54013235a9bdc2638

SHA512
1744a4664b69f6214298894657e2698c1f213b413dde7bb24d71cf6d13ed0cf85099329401a9a727304456b263156955e57bdb7042212cf833c8d7608c8d3d24

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse\Razer Synapse.lnk

Filesize
2KB

MD5
8a7c9c8eaa7d678fe34217e04b4cba25

SHA1
8bac15f111a03701dfe8785836491fec65f42ed5

SHA256
6b9ed63c01c92c971e11610e07d9a8163bde55d3f256ac24eeb70a25e6546735

SHA512
842a550a69eaf4d9646444d4b87b565e30bfa56a37084b4c202424fe7be737b8648f42a0b85f25a91099bd9d748a5df1d41ddbe1a50342279a6aebe05745727d

Download Submit
C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe

Filesize
31KB

MD5
2a6a74e92f408c7a90c51a9177b9082f

SHA1
b050c1a17801061d3b7deea243b6532aa9204bf1

SHA256
da1987216ab0af76be7c41071c5aaac0aba731b35cf57a94679b9e7e84cef4b2

SHA512
36cf2ece965df6259b62590234d9212d0322e06f6304553392238a2c81ada9c5da407c871a481480608dea8feb7d1a2ea06efc813e566d23c3281de3fd95cb36

Download Submit
C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe

Filesize
31KB

MD5
2a6a74e92f408c7a90c51a9177b9082f

SHA1
b050c1a17801061d3b7deea243b6532aa9204bf1

SHA256
da1987216ab0af76be7c41071c5aaac0aba731b35cf57a94679b9e7e84cef4b2

SHA512
36cf2ece965df6259b62590234d9212d0322e06f6304553392238a2c81ada9c5da407c871a481480608dea8feb7d1a2ea06efc813e566d23c3281de3fd95cb36

Download Submit
C:\ProgramData\Razer\Synapse\Devices\SetReg.bat

Filesize
51B

MD5
febaf310f2e4dc139090aab42b8cd922

SHA1
f51dda3b309e28fd72a8c87f0f7a7bf81187a36d

SHA256
e2f8ab5ac87828d8a841185ad3c632d13588a3cb7c8fe6a0fb5d6fa81b8b7a65

SHA512
ae025128d940df57d1a3ed64886707e562ef46bbac81eac0b898fa35b8c86aecbc687b58afc32615031c45977ff6966cd0d95da9486946536ade00af5a9b2834

Download Submit
C:\ProgramData\Razer\Synapse\Devices\SetReg.bat

Filesize
51B

MD5
febaf310f2e4dc139090aab42b8cd922

SHA1
f51dda3b309e28fd72a8c87f0f7a7bf81187a36d

SHA256
e2f8ab5ac87828d8a841185ad3c632d13588a3cb7c8fe6a0fb5d6fa81b8b7a65

SHA512
ae025128d940df57d1a3ed64886707e562ef46bbac81eac0b898fa35b8c86aecbc687b58afc32615031c45977ff6966cd0d95da9486946536ade00af5a9b2834

Download Submit
C:\ProgramData\Razer\Synapse\Devices\SetReg.txt

Filesize
96B

MD5
394b528b2fec22f1d4dc7657e0b038cb

SHA1
a9580e5e642845c640b6b37415a92eaf30885b72

SHA256
be5e6258c44a29ab8015f3f92b4103f6566e5d5cfb27da7a3bf4e1aa6604ba20

SHA512
5499dd82807ddfe77d3868f29f95a81cbf22b8b38a96d5e1b8eef228d3b729b4d2347f15433c58585cc215c1b1e09ed9b998f05cb5add6a7bc1f1c1eb19e2911

Download Submit
C:\ProgramData\Razer\Synapse\Devices\skins\RAZER11_BW2_Selector.png

Filesize
171KB

MD5
f2e5520c0d36b4861a6843608908d0e6

SHA1
1b81fe40734e54b9ed54ae27691d7c27a1f97319

SHA256
2c2ff837a416895be1d97f204a0f5048210b38a4c03122b1889ba0e1cc503c3f

SHA512
23c50a0eea31ea8c5dcf5be3504b770f151a6ecd32bcb862326ad4c662b262450f778f952d5a9068f9e158232b7217c2db2f0e04c100f26d5503243a85f5d7b5

Download Submit
C:\ProgramData\Razer\Synapse\Devices\skins\RAZER11_NOSTROMO_Selector.png

Filesize
171KB

MD5
7590146fe05b8cfb0d400fcc297606b6

SHA1
8551aac517611c8e1d2bdd124ee54cece8aefcd9

SHA256
0aa28f6f7f3c74c7ccafce1f3d5db82ccacc11dd92c502c28e7cb6dc6ac4758a

SHA512
52b8541ef810888bead43a4f40abb77df5f1b4e725ded015a3af2ed354786422a64dfddfa7f2b30d57581a20be6c9beca1447a9f50d5cfd8e0d982eb5151b89d

Download Submit
C:\ProgramData\Razer\Synapse\Devices\skins\VAD_speaker_F_mask.png

Filesize
201B

MD5
ec2c19f2b6294cf78f7d9267b6c8ea4a

SHA1
d3e97d2c4407ec3e4fb4d96ac9c3c5c7c06a0bff

SHA256
ebfc709058e98ac7c7a322ac7cbdbbd4a3b6abbda81d0551410970b354431891

SHA512
401196da85651c20965dc49046752a2d411203b8d7c300eb3189322420d0aa7322fbf1696cab187f26cf07b53073a5767a7aee70d37db5596f3ac2ce85cd2abb

Download Submit
C:\ProgramData\Razer\Synapse\Logs\Synapse_Admin.log

Filesize
4KB

MD5
38c2f714b695ca545a3aa2e9a6a79828

SHA1
b2e071ef1c0ca60ac2bcb78ffc5d61e8f9e48a2c

SHA256
32a1f614a6c18ac8e2f71a8cc089f21f13dda4cd96db0a98721fcb08dd35ad41

SHA512
2367ee9ec51ad7c72deb748325e4b142572dfe5feb84c6762a5dca30cd85f1906c9845801af77c305eaf64b5ad97748138f6c6a7b304a7234423a9428fcc9afd

Download Submit
C:\ProgramData\Razer\Synapse\Modules\SystemInfo\ModuleInfo.xml

Filesize
433B

MD5
9f693b81eb90f38fbc1e343178916471

SHA1
574c7c68491c7315bf72b4c094a6d419a8586e32

SHA256
dbca02960bdc4a23104a6ae174855fa0719afe517e6aad011cd3929aa22561ce

SHA512
6dd6c68466caee92da76e5077600a37458f76e19edff5544ebe3e87ccb49c2ce91d36350bb00cb6d54f966bc0a52828a1d72e1ac656831c8724227d3f34ea2c0

Download Submit
C:\ProgramData\Razer\Synapse\Modules\SystemInfo\RzSystemInfo.dll

Filesize
29KB

MD5
52eed672d3a12bd58a5a532e793f1acf

SHA1
6e1c21c34c25ee09ee35e579718ef02a7be44105

SHA256
194fb8fc0ad69588f6632e93bc4997578e1e29024f03e9920c48c62dec6da6d7

SHA512
429861f54864ee74904a3d735aac7d5dfb7a7d0fbc3bdd83df82e828a8bd8fe8963c50733335402224e0a23512b21742de43f12cbfb96488da086a3bad15fdb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
1KB

MD5
5311b070fa635e939df7281894229a63

SHA1
99b1db355628cf56ba4b59b9cddea701eabc28a7

SHA256
f264febdb5ee7aa2f35258ea6188a6e066ce35bf1a10d6cf4010bac93eedc110

SHA512
a55326c36aa6203f0c8c3807aa63e70d1e031c2b4daca8c1c94db99c93392e5e7054e8b58412b7c0a50516a5c35ca627b94358fed3969453bf0c1e8272f24935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_137DD4AF23A78A1964C6BDEE3C0A97F1

Filesize
1KB

MD5
af75ad05c169eef41aeafa269cbd676a

SHA1
b55e65f066bb3961a7b475f6d9da9b53a7b525b2

SHA256
c99dabd24f889c225cdf6a22a7aa27dac7493b0e4619c22bdd2dbfa4e325cda0

SHA512
d76070d353851883c28ecca0297babebef1e40f4231f19c7f964e34614e1b739c8632220f5fb795334d0feb861a55d3e704b2b43a0395f3c5e539b0dae5f0cc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d3fa72cefe7f8060c138e7b286b14c59

SHA1
c2803eeb783e52fa41decafa5d14771b06b50297

SHA256
c7da0aa5fdb9de3816ed2bf804a63e91057f6d62f3fe58139b257273d469f5a7

SHA512
9917410d424af621eeee1f6ac06491c00715d4dfc079a97630293c91a006bcfd7f66df0a0dc6d87397d27a6904913dbb831e2427bb290edb94209a0cebf2b886

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
398B

MD5
1fcb7531886a8c56dcf0f0196163d251

SHA1
c569f68c1095bfddbe16064ac1cd25c32d3bb97d

SHA256
d44bc45d0ab6403aee38f495cf5cd2eeca2772858eafcf81cb672400e9d28eab

SHA512
2d66c2c23657ff0f5cbdb5411c976b2e1dbfcbfed7da9256ea0509871e260c90ef0eeb1c40a0d157bd494714dbfe5be2768520eea3789e93d451900237e13c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_137DD4AF23A78A1964C6BDEE3C0A97F1

Filesize
406B

MD5
4939d7105421aee5bcc281e6fd026748

SHA1
424b688898a2aeee4bcad175118de724ef3a9227

SHA256
e7e70beeb9366b9b1cb6299603fc0c3bdad27d58e92c2d11ae7b92135b199365

SHA512
2647946c57bbe1d8a3cc2969475717199a52dcc851103cfa6cd43d1bb431ecf9e4631d5998acfac98b700d11338d3b92f7758cad8166ada4fd547360cb80e04c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB2B2.tmp

Filesize
153KB

MD5
a7b832f632a3c7f5317c17c095c97437

SHA1
4233053b7fa9e17850545519570ee76fbb8b04df

SHA256
3d42cffe19c21d9e10778819ef7a664a135b1115f0284dbc3eb4b49740b3b4a1

SHA512
cb89f84d86c2eb5dbceca24e55bb054cd899ba368543dc81f3162d113bb056bd65244414eff8379114c07ccfa7c08d6bfdda8213c45f9b0188d5dea42113f540

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2B07.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_is8910..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj5BB8.tmp\System.dll

Filesize
10KB

MD5
0ff5120f1afd0f295c2baa0f7192d3f8

SHA1
bde842d5d11005dcb4ff1d4ea97da31865477697

SHA256
4ca5bf1beb4b802914c4d3e2f37861f6ba5ecf969cfeadf5855edf58f647a721

SHA512
e049ffd7aace8d136eee007ee4f8dbc2ae8f3dce79d1c633d9654392240f8215787df8a6d08085257db51f28ff2a8023a13333dda3ea7f9bdc8b9c57b605f0a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso47CB.tmp\Razer_Synapse_Installer_v2.21.24.41.exe

Filesize
26.3MB

MD5
81abaad267d012d85994935b4cc00a7f

SHA1
25e60a3f817e032b8b2cf0941afccd40009b299f

SHA256
d901da91edb94180bb2b814d1eeb3d9dd20e2e43652c4fde93ccab6cda0a332d

SHA512
137c4ad4b6883de78e16773c2dda476decfef1e62ee04268886dfab8d81d447a1e7c38a109eb45b41ba63ba6c57551d1bf9781a036f199bedb8c001e4592f428

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso47CB.tmp\Razer_Synapse_Installer_v2.21.24.41.exe

Filesize
26.3MB

MD5
81abaad267d012d85994935b4cc00a7f

SHA1
25e60a3f817e032b8b2cf0941afccd40009b299f

SHA256
d901da91edb94180bb2b814d1eeb3d9dd20e2e43652c4fde93ccab6cda0a332d

SHA512
137c4ad4b6883de78e16773c2dda476decfef1e62ee04268886dfab8d81d447a1e7c38a109eb45b41ba63ba6c57551d1bf9781a036f199bedb8c001e4592f428

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6105.tmp\nsExec.dll

Filesize
6KB

MD5
b38561661a7164e3bbb04edc3718fe89

SHA1
f13c873c8db121ba21244b1e9a457204360d543f

SHA256
c2c88e4a32c734b0cb4ae507c1a9a1b417a2375079111fb1b35fab23aedd41d9

SHA512
fedcaac20722de3519382011ccf22314af3edcd11b69f814db14710966853b69b9b5fc98383edcdb64d050ff825264eaba27b1c5adfe61d1fc9d77f13a052ced

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\0x0409.ini

Filesize
21KB

MD5
8586214463bd73e1c2716113e5bd3e13

SHA1
f02e3a76fd177964a846d4aa0a23f738178db2be

SHA256
089d3068e42958dd2c0aec668e5b7e57b7584aca5c77132b1bcbe3a1da33ef54

SHA512
309200f38d0e29c9aaa99bb6d95f4347f8a8c320eb65742e7c539246ad9b759608bd5151d1c5d1d05888979daa38f2b6c3bf492588b212b583b8adbe81fa161b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\1033.MST

Filesize
28KB

MD5
25ea833d33307737c7c46e00d3bca64b

SHA1
66c06bff746ca6d49243cd089dc5714528f9387a

SHA256
9c3ec9927216c973e3e084ac7c0e6cb15e79a67f4e5bf5831b1f15ef56f4c64e

SHA512
54a44f0b814dc6ef55b28633bf281293eb9858749f0f7c7ed9cf7930ed6d566001f0bfd6f27c367d96931d1879e81ed1ce0653246cfb14aa940612b6a1deec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer Synapse 2.0.msi

Filesize
25.6MB

MD5
946912b79c620d0b67f6ffac452276bf

SHA1
dbab78de44574bbf58215f219643c796a78c5fc2

SHA256
5e2080cd815a58a98e6fe2f48cbf9fd94f613878dce503932140b1ee9e32abf2

SHA512
f514efcc59e1ea022db3beeb5a4a64768a87b5a95fc68696b5f542a1d087bb004c99e0fba8db8d7597ff4112fd3fb93ad36ca70797850168bcdf45afb1735fb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer_Synapse_Installer_v2.21.24.41.exe

Filesize
26.3MB

MD5
81abaad267d012d85994935b4cc00a7f

SHA1
25e60a3f817e032b8b2cf0941afccd40009b299f

SHA256
d901da91edb94180bb2b814d1eeb3d9dd20e2e43652c4fde93ccab6cda0a332d

SHA512
137c4ad4b6883de78e16773c2dda476decfef1e62ee04268886dfab8d81d447a1e7c38a109eb45b41ba63ba6c57551d1bf9781a036f199bedb8c001e4592f428

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer_Synapse_Installer_v2.21.24.41.exe

Filesize
26.3MB

MD5
81abaad267d012d85994935b4cc00a7f

SHA1
25e60a3f817e032b8b2cf0941afccd40009b299f

SHA256
d901da91edb94180bb2b814d1eeb3d9dd20e2e43652c4fde93ccab6cda0a332d

SHA512
137c4ad4b6883de78e16773c2dda476decfef1e62ee04268886dfab8d81d447a1e7c38a109eb45b41ba63ba6c57551d1bf9781a036f199bedb8c001e4592f428

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer_Synapse_Installer_v2.21.24.41.exe

Filesize
26.3MB

MD5
81abaad267d012d85994935b4cc00a7f

SHA1
25e60a3f817e032b8b2cf0941afccd40009b299f

SHA256
d901da91edb94180bb2b814d1eeb3d9dd20e2e43652c4fde93ccab6cda0a332d

SHA512
137c4ad4b6883de78e16773c2dda476decfef1e62ee04268886dfab8d81d447a1e7c38a109eb45b41ba63ba6c57551d1bf9781a036f199bedb8c001e4592f428

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Setup.INI

Filesize
6KB

MD5
64b9ef3c0630156df55edbfbcb3ce36e

SHA1
47e07bfbb8ed28d21c9e11ea85a7e23c9d343f1d

SHA256
66893e522e5a49b2a44887b4e3cdec44b2fb5b684eb84635cd4e58732b74faee

SHA512
bdd8cf849dca0df04566abfca68cf4e75388006725abebb0f1ac38dd1d3bccca916d5094f8bfc4493e281f3115a62d2ffa95dfeca9daaba687581e673ed7aebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\_ISMSIDEL.INI

Filesize
712B

MD5
35200f7735ea406b0f9dd594e00262ab

SHA1
142678f6bca68f0eeeca65191973da746541937d

SHA256
eb0429b9fe9bb971c3c607d8410f2361d46939a68c74a26be8bc6b70fae0da69

SHA512
7df81ab20061dd5b3f4fad11adfd63b1b67cc090648fdf5d24ccb4a92d535dc0143136372d1310945b7172c76bb37e15c708bbedbeae32177d6815d5a3ab6f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\_ISMSIDEL.INI

Filesize
5KB

MD5
a7500aa7b2dcfb51570e2d26916624e0

SHA1
41191755dd78ce915547d37a589357f2be113cdd

SHA256
42c4f28aed584f3af3a0669ca34b32ff22143311c6241aba2eef1e2893a2858a

SHA512
c20e3af9b37d8f9c598e6306ccf008cda7ca6be7807346da049cd56830ac624502752577b8c0721550889abc55b7466ff6c108d9c07dc5bf72a17230b73d89be

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\_ISMSIDEL.INI

Filesize
3KB

MD5
c60338ce8e75432429babeb99e0dd897

SHA1
4ccd73a22e511d7775fce34fa8b05e272be7ae11

SHA256
d2bbd2911abc9d7c2c6e17690121e0ad97826f3373500450600faf133b41fb26

SHA512
066215637a51494926262118ee6a1b628b64b68a676f47523e6fc02040f376627467104796b290f8ece9f36d93cb0143b15bdee01a1e09695ab3079e806160e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\_ISMSIDEL.INI

Filesize
688B

MD5
a45e8b094d971e4e4641fe7de9ce3546

SHA1
79fbd6cb4ee590f05c7beda09dc875fb901680d2

SHA256
6e8c058163562cf9baae362bd02e73b4cdd0871052f1d02ad67945d447f1d83e

SHA512
58780f5bf14c45776d9c70cd894829940d4211ed6997845252fd8abb5cf6fdbfe5dd76ab318b23323b8fbd6dd5621475346fce56b1145c0f47612b49525a7b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\_ISMSIDEL.INI

Filesize
20B

MD5
db9af7503f195df96593ac42d5519075

SHA1
1b487531bad10f77750b8a50aca48593379e5f56

SHA256
0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

SHA512
6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\_ISMSIDEL.INI

Filesize
712B

MD5
35200f7735ea406b0f9dd594e00262ab

SHA1
142678f6bca68f0eeeca65191973da746541937d

SHA256
eb0429b9fe9bb971c3c607d8410f2361d46939a68c74a26be8bc6b70fae0da69

SHA512
7df81ab20061dd5b3f4fad11adfd63b1b67cc090648fdf5d24ccb4a92d535dc0143136372d1310945b7172c76bb37e15c708bbedbeae32177d6815d5a3ab6f1f

Download Submit
C:\Windows\Installer\MSI4A8C.tmp

Filesize
5KB

MD5
f940f5fca6601afaba033d16b557a232

SHA1
3f5ee6e2460e6cb960bd1b14514fd5a0ffda8085

SHA256
124e624ecade778a677e55e0f127f7534266cfd61cfe4258155406da8797f7c3

SHA512
fc8dde5f235f54881bb3983e0abf3a9515bf1d175d6b637fa32f1de3b6a0240bdf70cb62fdcea86006bf9dcbc1dbff7c00141c2e8b2569c9e8a1e73fba37cc16

Download Submit
C:\Windows\Installer\MSI4A8C.tmp

Filesize
5KB

MD5
f940f5fca6601afaba033d16b557a232

SHA1
3f5ee6e2460e6cb960bd1b14514fd5a0ffda8085

SHA256
124e624ecade778a677e55e0f127f7534266cfd61cfe4258155406da8797f7c3

SHA512
fc8dde5f235f54881bb3983e0abf3a9515bf1d175d6b637fa32f1de3b6a0240bdf70cb62fdcea86006bf9dcbc1dbff7c00141c2e8b2569c9e8a1e73fba37cc16

Download Submit
C:\Windows\Installer\MSI4CFD.tmp

Filesize
34KB

MD5
0717daccd818a109636c47d742cf1364

SHA1
6ffbed89d80b359696907001bb909e5a88c9676d

SHA256
725433dd11647d42c962750c5fac4b2956f7f829bbd5a0b2b0e13192a79310d6

SHA512
1d091049effd25fe817818b6701a64ead7aa0e47a5cfd0ef8ac03b9d01400a7b33e984418334367488b837ab1807831380957bc31dc2a2daaee2140fc154bb56

Download Submit
C:\Windows\Installer\MSI4CFD.tmp

Filesize
34KB

MD5
0717daccd818a109636c47d742cf1364

SHA1
6ffbed89d80b359696907001bb909e5a88c9676d

SHA256
725433dd11647d42c962750c5fac4b2956f7f829bbd5a0b2b0e13192a79310d6

SHA512
1d091049effd25fe817818b6701a64ead7aa0e47a5cfd0ef8ac03b9d01400a7b33e984418334367488b837ab1807831380957bc31dc2a2daaee2140fc154bb56

Download Submit
C:\Windows\Installer\MSI5B02.tmp

Filesize
86KB

MD5
d85c82226a80559dc8586007c9694793

SHA1
44947af2f724902e2f7b5d0c9de31507f797808b

SHA256
2a289a0b3f3d5ec3e2f3a653bc753d97596ff906d6e2a73eccc3d95320ed7bd3

SHA512
149b54c1df1c9ec9ab401584e239b4d5d14e1aae99515ead2c18754dd72545c4a339a168086d0c9ed05eb840a35fc00457ec5278f20ef0b0da621e1af0051f57

Download Submit
C:\Windows\Installer\MSI5B02.tmp

Filesize
86KB

MD5
d85c82226a80559dc8586007c9694793

SHA1
44947af2f724902e2f7b5d0c9de31507f797808b

SHA256
2a289a0b3f3d5ec3e2f3a653bc753d97596ff906d6e2a73eccc3d95320ed7bd3

SHA512
149b54c1df1c9ec9ab401584e239b4d5d14e1aae99515ead2c18754dd72545c4a339a168086d0c9ed05eb840a35fc00457ec5278f20ef0b0da621e1af0051f57

Download Submit
C:\Windows\Installer\MSI5FC4.tmp

Filesize
12.2MB

MD5
90b50ba28159771d5967e73c2fd7b28a

SHA1
24f535f14ba1c73d9806fd9b7d5ce92158ad7f24

SHA256
d4007cfe69d58fc7d842f2f98cf853849e099bf69d36e18ce4e4b3d932279dbf

SHA512
c5f6f47e25d597d43c7fb9612535491c7764a93c2edab10c598ffc2bfad43b05f155a45721423f72800dba40bc822f5ee500a572f18d71dde992250302c88e42

Download Submit
C:\Windows\Installer\MSI5FC4.tmp

Filesize
12.2MB

MD5
90b50ba28159771d5967e73c2fd7b28a

SHA1
24f535f14ba1c73d9806fd9b7d5ce92158ad7f24

SHA256
d4007cfe69d58fc7d842f2f98cf853849e099bf69d36e18ce4e4b3d932279dbf

SHA512
c5f6f47e25d597d43c7fb9612535491c7764a93c2edab10c598ffc2bfad43b05f155a45721423f72800dba40bc822f5ee500a572f18d71dde992250302c88e42

Download Submit
C:\Windows\Installer\f7729bf.msi

Filesize
25.6MB

MD5
946912b79c620d0b67f6ffac452276bf

SHA1
dbab78de44574bbf58215f219643c796a78c5fc2

SHA256
5e2080cd815a58a98e6fe2f48cbf9fd94f613878dce503932140b1ee9e32abf2

SHA512
f514efcc59e1ea022db3beeb5a4a64768a87b5a95fc68696b5f542a1d087bb004c99e0fba8db8d7597ff4112fd3fb93ad36ca70797850168bcdf45afb1735fb6

Download Submit
C:\Windows\Installer\f7729c0.mst

Filesize
28KB

MD5
25ea833d33307737c7c46e00d3bca64b

SHA1
66c06bff746ca6d49243cd089dc5714528f9387a

SHA256
9c3ec9927216c973e3e084ac7c0e6cb15e79a67f4e5bf5831b1f15ef56f4c64e

SHA512
54a44f0b814dc6ef55b28633bf281293eb9858749f0f7c7ed9cf7930ed6d566001f0bfd6f27c367d96931d1879e81ed1ce0653246cfb14aa940612b6a1deec04

Download Submit
C:\Windows\SysWOW64\rzdevinfo.dll

Filesize
95KB

MD5
1987e86dcbef29b9abff648303bdaf16

SHA1
15afc76aef7d8f4b9d9b18e10c2a296bf99d681c

SHA256
54f87a95714dc97195e22d55bf7dae0989c91ce11863d7de73c70441ed756639

SHA512
1ac5a9b86f3a3f2abfab6b2ea47f303f0f2c36b4eb0f2090eb5a21f0ec1e7f894b2c0f0d588dc4920848d1e017c742daa5888499e523b7791989531a82b947de

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
114KB

MD5
bbb886446a9384cd088ed0f21e97c6af

SHA1
e6dc82b73f5c641c34f104817857320aef54b432

SHA256
083947aa3c8d2b4f8bd1eae9a97b248ee74419ed0eae6759ac0b98ae2fcf5c9a

SHA512
ff2409302d090967675dae5aae5c692d0d11d6d643cca9e4a670a525bf7ba72d6242d09b1df87650578af0cd96be04123e020d873f297010cd8725c087ab1005

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
114KB

MD5
bbb886446a9384cd088ed0f21e97c6af

SHA1
e6dc82b73f5c641c34f104817857320aef54b432

SHA256
083947aa3c8d2b4f8bd1eae9a97b248ee74419ed0eae6759ac0b98ae2fcf5c9a

SHA512
ff2409302d090967675dae5aae5c692d0d11d6d643cca9e4a670a525bf7ba72d6242d09b1df87650578af0cd96be04123e020d873f297010cd8725c087ab1005

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
114KB

MD5
bbb886446a9384cd088ed0f21e97c6af

SHA1
e6dc82b73f5c641c34f104817857320aef54b432

SHA256
083947aa3c8d2b4f8bd1eae9a97b248ee74419ed0eae6759ac0b98ae2fcf5c9a

SHA512
ff2409302d090967675dae5aae5c692d0d11d6d643cca9e4a670a525bf7ba72d6242d09b1df87650578af0cd96be04123e020d873f297010cd8725c087ab1005

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
114KB

MD5
bbb886446a9384cd088ed0f21e97c6af

SHA1
e6dc82b73f5c641c34f104817857320aef54b432

SHA256
083947aa3c8d2b4f8bd1eae9a97b248ee74419ed0eae6759ac0b98ae2fcf5c9a

SHA512
ff2409302d090967675dae5aae5c692d0d11d6d643cca9e4a670a525bf7ba72d6242d09b1df87650578af0cd96be04123e020d873f297010cd8725c087ab1005

Download Submit
\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
585KB

MD5
60823160fc1406a5cc01eeec69d55cd8

SHA1
db9eb1e020e6688617bf936806a34d95262d028d

SHA256
83afbb7513495888211bd6073296ba80dda4fb2c7e8cb02ac1c84a6183667f08

SHA512
f7445ad8c7e48bdf49ec17b83ceebb3c02e4d988b05c909f014952793b8ac2a79f01fcc09cdd93752b8ebb8a5977b242eafc16e11b9841dd5525cf57d691562e

Download Submit
\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
585KB

MD5
60823160fc1406a5cc01eeec69d55cd8

SHA1
db9eb1e020e6688617bf936806a34d95262d028d

SHA256
83afbb7513495888211bd6073296ba80dda4fb2c7e8cb02ac1c84a6183667f08

SHA512
f7445ad8c7e48bdf49ec17b83ceebb3c02e4d988b05c909f014952793b8ac2a79f01fcc09cdd93752b8ebb8a5977b242eafc16e11b9841dd5525cf57d691562e

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
268KB

MD5
d78fea1f8dd59b04e7ac521b73ecffa2

SHA1
e254986aa6deb671a945deae87e814a0fa81289f

SHA256
0e7df35b2d0284f892717f728a7c1430815af704d2f12aa54013235a9bdc2638

SHA512
1744a4664b69f6214298894657e2698c1f213b413dde7bb24d71cf6d13ed0cf85099329401a9a727304456b263156955e57bdb7042212cf833c8d7608c8d3d24

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
268KB

MD5
d78fea1f8dd59b04e7ac521b73ecffa2

SHA1
e254986aa6deb671a945deae87e814a0fa81289f

SHA256
0e7df35b2d0284f892717f728a7c1430815af704d2f12aa54013235a9bdc2638

SHA512
1744a4664b69f6214298894657e2698c1f213b413dde7bb24d71cf6d13ed0cf85099329401a9a727304456b263156955e57bdb7042212cf833c8d7608c8d3d24

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
268KB

MD5
d78fea1f8dd59b04e7ac521b73ecffa2

SHA1
e254986aa6deb671a945deae87e814a0fa81289f

SHA256
0e7df35b2d0284f892717f728a7c1430815af704d2f12aa54013235a9bdc2638

SHA512
1744a4664b69f6214298894657e2698c1f213b413dde7bb24d71cf6d13ed0cf85099329401a9a727304456b263156955e57bdb7042212cf833c8d7608c8d3d24

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
268KB

MD5
d78fea1f8dd59b04e7ac521b73ecffa2

SHA1
e254986aa6deb671a945deae87e814a0fa81289f

SHA256
0e7df35b2d0284f892717f728a7c1430815af704d2f12aa54013235a9bdc2638

SHA512
1744a4664b69f6214298894657e2698c1f213b413dde7bb24d71cf6d13ed0cf85099329401a9a727304456b263156955e57bdb7042212cf833c8d7608c8d3d24

Download Submit
\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe

Filesize
31KB

MD5
2a6a74e92f408c7a90c51a9177b9082f

SHA1
b050c1a17801061d3b7deea243b6532aa9204bf1

SHA256
da1987216ab0af76be7c41071c5aaac0aba731b35cf57a94679b9e7e84cef4b2

SHA512
36cf2ece965df6259b62590234d9212d0322e06f6304553392238a2c81ada9c5da407c871a481480608dea8feb7d1a2ea06efc813e566d23c3281de3fd95cb36

Download Submit
\Users\Admin\AppData\Local\Temp\MSIB2B2.tmp

Filesize
153KB

MD5
a7b832f632a3c7f5317c17c095c97437

SHA1
4233053b7fa9e17850545519570ee76fbb8b04df

SHA256
3d42cffe19c21d9e10778819ef7a664a135b1115f0284dbc3eb4b49740b3b4a1

SHA512
cb89f84d86c2eb5dbceca24e55bb054cd899ba368543dc81f3162d113bb056bd65244414eff8379114c07ccfa7c08d6bfdda8213c45f9b0188d5dea42113f540

Download Submit
\Users\Admin\AppData\Local\Temp\_is8799..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8799..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8910..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8910..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8A0B..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8A0B..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8AE6..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8AE6..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8C4E..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is8C4E..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\nsj5BB8.tmp\System.dll

Filesize
10KB

MD5
0ff5120f1afd0f295c2baa0f7192d3f8

SHA1
bde842d5d11005dcb4ff1d4ea97da31865477697

SHA256
4ca5bf1beb4b802914c4d3e2f37861f6ba5ecf969cfeadf5855edf58f647a721

SHA512
e049ffd7aace8d136eee007ee4f8dbc2ae8f3dce79d1c633d9654392240f8215787df8a6d08085257db51f28ff2a8023a13333dda3ea7f9bdc8b9c57b605f0a0

Download Submit
\Users\Admin\AppData\Local\Temp\nso47CB.tmp\Razer_Synapse_Installer_v2.21.24.41.exe

Filesize
26.3MB

MD5
81abaad267d012d85994935b4cc00a7f

SHA1
25e60a3f817e032b8b2cf0941afccd40009b299f

SHA256
d901da91edb94180bb2b814d1eeb3d9dd20e2e43652c4fde93ccab6cda0a332d

SHA512
137c4ad4b6883de78e16773c2dda476decfef1e62ee04268886dfab8d81d447a1e7c38a109eb45b41ba63ba6c57551d1bf9781a036f199bedb8c001e4592f428

Download Submit
\Users\Admin\AppData\Local\Temp\nso6105.tmp\nsExec.dll

Filesize
6KB

MD5
b38561661a7164e3bbb04edc3718fe89

SHA1
f13c873c8db121ba21244b1e9a457204360d543f

SHA256
c2c88e4a32c734b0cb4ae507c1a9a1b417a2375079111fb1b35fab23aedd41d9

SHA512
fedcaac20722de3519382011ccf22314af3edcd11b69f814db14710966853b69b9b5fc98383edcdb64d050ff825264eaba27b1c5adfe61d1fc9d77f13a052ced

Download Submit
\Users\Admin\AppData\Local\Temp\nso6105.tmp\nsExec.dll

Filesize
6KB

MD5
b38561661a7164e3bbb04edc3718fe89

SHA1
f13c873c8db121ba21244b1e9a457204360d543f

SHA256
c2c88e4a32c734b0cb4ae507c1a9a1b417a2375079111fb1b35fab23aedd41d9

SHA512
fedcaac20722de3519382011ccf22314af3edcd11b69f814db14710966853b69b9b5fc98383edcdb64d050ff825264eaba27b1c5adfe61d1fc9d77f13a052ced

Download Submit
\Users\Admin\AppData\Local\Temp\{66DCC1CE-2DE8-4C48-B294-4967C6654618}\Razer_Synapse_Installer_v2.21.24.41.exe

Filesize
26.3MB

MD5
81abaad267d012d85994935b4cc00a7f

SHA1
25e60a3f817e032b8b2cf0941afccd40009b299f

SHA256
d901da91edb94180bb2b814d1eeb3d9dd20e2e43652c4fde93ccab6cda0a332d

SHA512
137c4ad4b6883de78e16773c2dda476decfef1e62ee04268886dfab8d81d447a1e7c38a109eb45b41ba63ba6c57551d1bf9781a036f199bedb8c001e4592f428

Download Submit
\Windows\SysWOW64\rzdevinfo.dll

Filesize
95KB

MD5
1987e86dcbef29b9abff648303bdaf16

SHA1
15afc76aef7d8f4b9d9b18e10c2a296bf99d681c

SHA256
54f87a95714dc97195e22d55bf7dae0989c91ce11863d7de73c70441ed756639

SHA512
1ac5a9b86f3a3f2abfab6b2ea47f303f0f2c36b4eb0f2090eb5a21f0ec1e7f894b2c0f0d588dc4920848d1e017c742daa5888499e523b7791989531a82b947de

Download Submit
memory/268-349-0x0000000001090000-0x0000000001098000-memory.dmp

Filesize
32KB

Download
memory/268-350-0x0000000072BB0000-0x000000007329E000-memory.dmp

Filesize
6.9MB

Download
memory/268-1404-0x0000000072BB0000-0x000000007329E000-memory.dmp

Filesize
6.9MB

Download
memory/2060-356-0x0000000000B20000-0x0000000000B2E000-memory.dmp

Filesize
56KB

Download
memory/2060-357-0x0000000072B30000-0x000000007321E000-memory.dmp

Filesize
6.9MB

Download
memory/2060-387-0x0000000072B30000-0x000000007321E000-memory.dmp

Filesize
6.9MB

Download
memory/2100-1382-0x0000000000180000-0x000000000018E000-memory.dmp

Filesize
56KB

Download
memory/2100-1383-0x0000000072B20000-0x000000007320E000-memory.dmp

Filesize
6.9MB

Download
memory/2100-1408-0x0000000072B20000-0x000000007320E000-memory.dmp

Filesize
6.9MB

Download
memory/3040-1425-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download
memory/3040-1422-0x00000000003C0000-0x0000000000406000-memory.dmp

Filesize
280KB

Download
memory/3040-1418-0x0000000000300000-0x0000000000322000-memory.dmp

Filesize
136KB

Download
memory/3040-1540-0x0000000004B10000-0x0000000004B86000-memory.dmp

Filesize
472KB

Download
memory/3040-1539-0x0000000000930000-0x000000000094E000-memory.dmp

Filesize
120KB

Download
memory/3040-1414-0x0000000001270000-0x0000000001308000-memory.dmp

Filesize
608KB

Download
memory/3040-1568-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download
memory/3040-1569-0x0000000006130000-0x00000000063E2000-memory.dmp

Filesize
2.7MB

Download
memory/3040-1574-0x0000000005E70000-0x0000000005EE8000-memory.dmp

Filesize
480KB

Download
memory/3040-1413-0x0000000072BB0000-0x000000007329E000-memory.dmp

Filesize
6.9MB

Download
memory/3040-1592-0x0000000000F50000-0x0000000000F5A000-memory.dmp

Filesize
40KB

Download
memory/3040-1593-0x0000000000F50000-0x0000000000F5A000-memory.dmp

Filesize
40KB

Download
memory/3040-1595-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download
memory/3040-1596-0x0000000072BB0000-0x000000007329E000-memory.dmp

Filesize
6.9MB

Download
memory/3040-1597-0x0000000004B90000-0x0000000004BD0000-memory.dmp

Filesize
256KB

Download