purelogs | 261e91b02c52ad7f228d0af2aae403a694daf312b72c1afa292b2d3bc6a9f7c6

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03/12/2023, 04:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Razer_Synapse_Framework_V1.18.17.22533.exe
Size

53.2MB
MD5

b1a9b88aa04186bc82c531ffd34188d8
SHA1

66ff8b1136c7ade6273f63ae3befa6b810f65998
SHA256

261e91b02c52ad7f228d0af2aae403a694daf312b72c1afa292b2d3bc6a9f7c6
SHA512

b2d4e3ed8402d5fe89a4d61cfa1d866bdbe2fdcda8c00775918d762df261c8905116a8c3e0e2c262ff74a5130553ecc0c3fe4d5a176240ccdf7ea026dd7b66b8
SSDEEP

1572864:Z0pomZnY/0KL709NXHersAUAzJn5nUl2lA4pjs9x:Z0lnY/0Kn0XHRJ45n3lfpjqx

Score

10^/10

purelogs discovery persistence stealer

Malware Config

Signatures

Detect PureLogs payload 7 IoCs

resource	yara_rule
behavioral1/files/0x000500000001a496-1223.dat	family_purelogs
behavioral1/memory/2460-1226-0x0000000000460000-0x00000000004A6000-memory.dmp	family_purelogs
behavioral1/files/0x000500000001a496-1225.dat	family_purelogs
behavioral1/files/0x000500000001a496-1228.dat	family_purelogs
behavioral1/files/0x000500000001a496-1227.dat	family_purelogs
behavioral1/files/0x000500000001a496-1224.dat	family_purelogs
behavioral1/memory/2460-1229-0x0000000004840000-0x0000000004880000-memory.dmp	family_purelogs

PureLogs
PureLogs is an infostealer written in C#.
stealer purelogs

Executes dropped EXE 6 IoCs

pid	Process
2496	MSIF9C.tmp
2124	MSI19EA.tmp
1720	MSI2456.tmp
2844	MSI2689.tmp
2776	RazerMerger.exe
2460	RzSynapse.exe

Loads dropped DLL 44 IoCs

pid	Process
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
304	Razer_Synapse_Framework_V1.18.17.22533.exe
2680	MsiExec.exe
2124	MSI19EA.tmp
1720	MSI2456.tmp
2568	regsvr32.exe
2844	MSI2689.tmp
2844	MSI2689.tmp
2844	MSI2689.tmp
1428	MSIEXEC.EXE
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Razer Synapse = "\"C:\\Program Files (x86)\\Razer\\Synapse\\RzSynapse.exe\""	msiexec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	MSIEXEC.EXE
File opened (read-only)	\??\P:	MSIEXEC.EXE
File opened (read-only)	\??\T:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	MSIEXEC.EXE
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\I:	MSIEXEC.EXE
File opened (read-only)	\??\K:	MSIEXEC.EXE
File opened (read-only)	\??\M:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	MSIEXEC.EXE
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	MSIEXEC.EXE
File opened (read-only)	\??\Q:	MSIEXEC.EXE
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	MSIEXEC.EXE
File opened (read-only)	\??\W:	MSIEXEC.EXE
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	MSIEXEC.EXE
File opened (read-only)	\??\J:	MSIEXEC.EXE
File opened (read-only)	\??\L:	MSIEXEC.EXE
File opened (read-only)	\??\O:	MSIEXEC.EXE
File opened (read-only)	\??\R:	MSIEXEC.EXE
File opened (read-only)	\??\V:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	MSIEXEC.EXE
File opened (read-only)	\??\E:	MSIEXEC.EXE
File opened (read-only)	\??\X:	MSIEXEC.EXE
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\S:	MSIEXEC.EXE
File opened (read-only)	\??\U:	MSIEXEC.EXE

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rzdevinfo.dll	MSI2456.tmp

Drops file in Program Files directory 63 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Razer\Synapse\pt-BR\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUISdk.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUpdateManagerUI.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\config.log4net	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzStorage.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ja-JP\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzTrayMgr.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\DINPro-Black.otf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\EULA Files 2012-10-03.rar	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\log4net.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CN\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\DINPro-Light.otf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzStorageIO.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ja-JP\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUpdateManager.exe	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\es-ES\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\SWFObject-license.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\es-ES\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\es-ES\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ko-KR\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\DINPro-Medium.otf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\curl-license.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzSynapseLoginUI.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fr-FR\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\de-DE\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ja-JP\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\pt-BR\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUpdate.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\DINPro-Regular.otf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\SWTORTrajan.ttf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\jQuery-MIT-License.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ru-RU\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUtilWin.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\TrajanPro-Regular.otf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ApacheLicence2.0.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\de-DE\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\DeviceList.xml	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzEmilySettings.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\pt-BR\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\zh-CHT\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\rzdetmgr.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\PortAudio-License.txt	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzCommon.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\Razer_Application.ico	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe.config	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RazerProtocolDLL.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ru-RU\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\DINPro-Bold.otf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fonts\HelveticaNeueLTPro-Roman.otf	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ko-KR\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fr-FR\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\fr-FR\RzUpdateManager.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ko-KR\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\de-DE\RzSynapse.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\ru-RU\RzSynapseLoginUI.resources.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\Synapse.ico	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\Ionic.Zip.dll	msiexec.exe
File created	C:\Program Files (x86)\Razer\Synapse\RzUpdateManager.exe.config	msiexec.exe

Drops file in Windows directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfcm100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\f76f72d.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\Installer\f76f72b.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfcm100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfc100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfc100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI19EA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f76f72b.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\NewShortcut1_39DEDF8BE16D414F9CB4D01021BE0D48.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2456.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2689.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFB9E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfc100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\1033.MST	msiexec.exe
File opened for modification	C:\Windows\Installer\f76f72c.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_msvcr100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfcm100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\1033.MST	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF9C.tmp	msiexec.exe
File created	C:\Windows\Installer\f76f72c.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\NewShortcut1_39DEDF8BE16D414F9CB4D01021BE0D48.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_msvcp100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfc100u_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\2EEB87D0FF8F8944FAA1F38FC1DEA86C\1.18.17\F_CENTRAL_mfcm100_x86.AFA96EB4_FA9F_335C_A7CB_36079407553D	msiexec.exe
File created	C:\Windows\Installer\f76f72f.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\f76f72d.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 10 IoCs

installer

resource	yara_rule
behavioral1/files/0x0006000000018b43-216.dat	nsis_installer_2
behavioral1/files/0x0008000000018b10-309.dat	nsis_installer_2
behavioral1/files/0x0006000000005587-375.dat	nsis_installer_1
behavioral1/files/0x0006000000005587-375.dat	nsis_installer_2
behavioral1/files/0x0006000000005587-376.dat	nsis_installer_1
behavioral1/files/0x0006000000005587-376.dat	nsis_installer_2
behavioral1/files/0x0007000000005587-390.dat	nsis_installer_1
behavioral1/files/0x0007000000005587-390.dat	nsis_installer_2
behavioral1/files/0x0007000000005587-391.dat	nsis_installer_1
behavioral1/files/0x0007000000005587-391.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	RzSynapse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	RzSynapse.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RzSynapse.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RzSynapse.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RzSynapse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	RzSynapse.exe

Modifies data under HKEY_USERS 50 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-732 = "Finds and displays information and Web sites on the Internet."	MSI19EA.tmp
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%systemroot%\system32\windowspowershell\v1.0\powershell.exe",-111 = "Performs object-based (command-line) functions"	MSI19EA.tmp
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MSI19EA.tmp
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\@"%windir%\System32\ie4uinit.exe",-738 = "Start Internet Explorer without ActiveX controls or browser extensions."	MSI19EA.tmp
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ru-RU\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="1.18.17.22533",Culture="ru-RU",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e007100300068004b004b00300039004f00530040006a0057007d002e0034004b006100670050004b0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A8EA4519-CD07-4692-83C6-98213C8216D1}\1.0\HELPDIR\ = "C:\\Windows\\SysWOW64"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D67AECD9-D26F-4E6F-832F-8831580B3A3B}\1.0\ = "rzdetmgr 1.0 Type Library"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3166420C45A97864C858DF9428D6D6B0\2EEB87D0FF8F8944FAA1F38FC1DEA86C	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ru-RU\|RzUpdateManager.resources.dll\RzUpdateManager.resources,Version="2.1.0.20796",Culture="ru-RU",FileVersion="2.1.0.20796",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e007a00610042003000550073004e004f0035003f0048007d003700440032007a0061006b004b00360000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\2EEB87D0FF8F8944FAA1F38FC1DEA86C	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\Version = "17956881"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A8EA4519-CD07-4692-83C6-98213C8216D1}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}\InprocServer32\ThreadingModel = "Both"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|Ionic.Zip.dll\Ionic.Zip,Version="1.9.1.8",PublicKeyToken="EDBE51AD942A3F5C",Culture="neutral",FileVersion="1.9.1.8",ProcessorArchitecture="MSIL" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e006b007100310032006d00600043003500440041007d002b002600670040005a00500024006d00770000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ja-JP\|RzSynapse.resources.dll\RzSynapse.resources,Version="1.18.17.22533",Culture="ja-JP",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0075003d0067005e00520029002c0024004c0041005b0067005a0056003400320055003d004500720000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|fr-FR\|RzSynapse.resources.dll\RzSynapse.resources,Version="1.18.17.22533",Culture="fr-FR",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0052002b003f0077002900240045004300400040004100720032002b00590021004900500046003f0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzSynapse.resources.dll\RzSynapse.resources,Version="1.18.17.22533",Culture="es-ES",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e004e0046006c002a004e0074007d002700300041007b006e0049004e003500590035004a002d006a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr.1\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{28494F0B-EC89-4BF5-A471-F1E429FA0FB7}\ = "rzdetmgr"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\Version\ = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzSynapse.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CHT\|RzSynapse.resources.dll\RzSynapse.resources,Version="1.18.17.22533",Culture="zh-CHT",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e005f00300045005e006100500045007a005300410075006f00660039003100620027005a005a006d0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzSynapseLoginUI.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CN\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="1.18.17.22533",Culture="zh-CN",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e006c006c0061007e006c007e006400680034004100730061005e004600410064002b0049004a00310000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|es-ES\|RzUpdateManager.resources.dll\RzUpdateManager.resources,Version="2.1.0.20796",Culture="es-ES",FileVersion="2.1.0.20796",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0024007d003000530070005d004a005b004a0040007b006400240059003400360042006e005000310000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}\VersionIndependentProgID\ = "rzdetmgr.RzDetectMgr"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D67AECD9-D26F-4E6F-832F-8831580B3A3B}	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{C8F5DEDB-CEC8-43E5-B980-F4E9E90D94AD}\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CHT\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="1.18.17.22533",Culture="zh-CHT",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0038003900310073004000300033007800500039004c00750050006100540043002b002a007a002c0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\InprocServer32\ = "C:\\Windows\\SysWOW64\\rzdevinfo.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr\ = "RzDetectMgr Class"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzSynapse.resources.dll\RzSynapse.resources,Version="1.18.17.22533",Culture="de-DE",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0040005f0044006a00660070007d007a00380041005a00760037007b004300570036004a006100460000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ja-JP\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="1.18.17.22533",Culture="ja-JP",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0075005f00700036002d007b00260057004200410067005b003700430073006f00250059007500770000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ru-RU\|RzSynapse.resources.dll	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\SourceList\PackageName = "Razer Synapse 2.0.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\ = "_IDetectEventsManaged"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\ProxyStubClsid	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr\CurVer\ = "rzdetmgr.RzDetectMgr.1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzUpdate.dll\RzUpdate,Version="2.1.0.20796",Culture="neutral",FileVersion="2.1.0.20796",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e0051004500500057002c004400620057005f004000490074007500780068002a0064004a005a00300000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4849BF16-A043-431F-951F-171A5E0913A7}\ = "rzdevinfo"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\ = "RzDevInfoMgr Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD530747-8FAC-4D42-868A-44D0A7873C51}\TypeLib\Version = "1.0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|pt-BR\|RzSynapseLoginUI.resources.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzUtilWin.dll	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr\CurVer	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}\TypeLib	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ko-KR\|RzSynapseLoginUI.resources.dll\RzSynapseLoginUI.resources,Version="1.18.17.22533",Culture="ko-KR",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e004200530024004d0021005a006d00740078003f006e0035005200640056002100700024004600520000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|ko-KR\|RzSynapseLoginUI.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|RzTrayMgr.dll\RzTrayMgr,Version="1.18.17.22533",Culture="neutral",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e00720036006d0028004400360060007100520041007e004a00660043004a004a0044005b005b002d0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\TypeLib\ = "{A8EA4519-CD07-4692-83C6-98213C8216D1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|de-DE\|RzSynapse.resources.dll	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|zh-CN\|RzSynapse.resources.dll\RzSynapse.resources,Version="1.18.17.22533",Culture="zh-CN",FileVersion="1.18.17.22533",ProcessorArchitecture="X86" = 4f005e0025004400270053006b00210027003d00250064006e006b007800290031007b006d0068003e00740050005e0031002b0048004b006e0067004000650043007a004d0060006600360031006c00240000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7F0550D0-288F-4A8D-9694-C46DA7ACA987}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\rzdetmgr.RzDetectMgr\CLSID\ = "{7CC0C4B6-B68F-4141-9023-E3A189EDE86D}"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|Razer\|Synapse\|Ionic.Zip.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C	msiexec.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	RzSynapse.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	RzSynapse.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	RzSynapse.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1760	msiexec.exe
1760	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1428	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	1428	MSIEXEC.EXE
Token: SeRestorePrivilege	1760	msiexec.exe
Token: SeTakeOwnershipPrivilege	1760	msiexec.exe
Token: SeSecurityPrivilege	1760	msiexec.exe
Token: SeCreateTokenPrivilege	1428	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	1428	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	1428	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	1428	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	1428	MSIEXEC.EXE
Token: SeTcbPrivilege	1428	MSIEXEC.EXE
Token: SeSecurityPrivilege	1428	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	1428	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	1428	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	1428	MSIEXEC.EXE
Token: SeSystemtimePrivilege	1428	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	1428	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	1428	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	1428	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	1428	MSIEXEC.EXE
Token: SeBackupPrivilege	1428	MSIEXEC.EXE
Token: SeRestorePrivilege	1428	MSIEXEC.EXE
Token: SeShutdownPrivilege	1428	MSIEXEC.EXE
Token: SeDebugPrivilege	1428	MSIEXEC.EXE
Token: SeAuditPrivilege	1428	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	1428	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	1428	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	1428	MSIEXEC.EXE
Token: SeUndockPrivilege	1428	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	1428	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	1428	MSIEXEC.EXE
Token: SeManageVolumePrivilege	1428	MSIEXEC.EXE
Token: SeImpersonatePrivilege	1428	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	1428	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	1428	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	1428	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	1428	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	1428	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	1428	MSIEXEC.EXE
Token: SeTcbPrivilege	1428	MSIEXEC.EXE
Token: SeSecurityPrivilege	1428	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	1428	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	1428	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	1428	MSIEXEC.EXE
Token: SeSystemtimePrivilege	1428	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	1428	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	1428	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	1428	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	1428	MSIEXEC.EXE
Token: SeBackupPrivilege	1428	MSIEXEC.EXE
Token: SeRestorePrivilege	1428	MSIEXEC.EXE
Token: SeShutdownPrivilege	1428	MSIEXEC.EXE
Token: SeDebugPrivilege	1428	MSIEXEC.EXE
Token: SeAuditPrivilege	1428	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	1428	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	1428	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	1428	MSIEXEC.EXE
Token: SeUndockPrivilege	1428	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	1428	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	1428	MSIEXEC.EXE
Token: SeManageVolumePrivilege	1428	MSIEXEC.EXE
Token: SeImpersonatePrivilege	1428	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	1428	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	1428	MSIEXEC.EXE

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
1428	MSIEXEC.EXE
1428	MSIEXEC.EXE
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe
2460	RzSynapse.exe

Suspicious use of WriteProcessMemory 59 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 1428	304	Razer_Synapse_Framework_V1.18.17.22533.exe	28
PID 304 wrote to memory of 1428	304	Razer_Synapse_Framework_V1.18.17.22533.exe	28
PID 304 wrote to memory of 1428	304	Razer_Synapse_Framework_V1.18.17.22533.exe	28
PID 304 wrote to memory of 1428	304	Razer_Synapse_Framework_V1.18.17.22533.exe	28
PID 304 wrote to memory of 1428	304	Razer_Synapse_Framework_V1.18.17.22533.exe	28
PID 304 wrote to memory of 1428	304	Razer_Synapse_Framework_V1.18.17.22533.exe	28
PID 304 wrote to memory of 1428	304	Razer_Synapse_Framework_V1.18.17.22533.exe	28
PID 1760 wrote to memory of 2680	1760	msiexec.exe	30
PID 1760 wrote to memory of 2680	1760	msiexec.exe	30
PID 1760 wrote to memory of 2680	1760	msiexec.exe	30
PID 1760 wrote to memory of 2680	1760	msiexec.exe	30
PID 1760 wrote to memory of 2680	1760	msiexec.exe	30
PID 1760 wrote to memory of 2680	1760	msiexec.exe	30
PID 1760 wrote to memory of 2680	1760	msiexec.exe	30
PID 1760 wrote to memory of 2496	1760	msiexec.exe	36
PID 1760 wrote to memory of 2496	1760	msiexec.exe	36
PID 1760 wrote to memory of 2496	1760	msiexec.exe	36
PID 1760 wrote to memory of 2496	1760	msiexec.exe	36
PID 1760 wrote to memory of 2124	1760	msiexec.exe	37
PID 1760 wrote to memory of 2124	1760	msiexec.exe	37
PID 1760 wrote to memory of 2124	1760	msiexec.exe	37
PID 1760 wrote to memory of 2124	1760	msiexec.exe	37
PID 1760 wrote to memory of 2124	1760	msiexec.exe	37
PID 1760 wrote to memory of 2124	1760	msiexec.exe	37
PID 1760 wrote to memory of 2124	1760	msiexec.exe	37
PID 1760 wrote to memory of 1720	1760	msiexec.exe	38
PID 1760 wrote to memory of 1720	1760	msiexec.exe	38
PID 1760 wrote to memory of 1720	1760	msiexec.exe	38
PID 1760 wrote to memory of 1720	1760	msiexec.exe	38
PID 1760 wrote to memory of 1720	1760	msiexec.exe	38
PID 1760 wrote to memory of 1720	1760	msiexec.exe	38
PID 1760 wrote to memory of 1720	1760	msiexec.exe	38
PID 1720 wrote to memory of 2568	1720	MSI2456.tmp	39
PID 1720 wrote to memory of 2568	1720	MSI2456.tmp	39
PID 1720 wrote to memory of 2568	1720	MSI2456.tmp	39
PID 1720 wrote to memory of 2568	1720	MSI2456.tmp	39
PID 1720 wrote to memory of 2568	1720	MSI2456.tmp	39
PID 1720 wrote to memory of 2568	1720	MSI2456.tmp	39
PID 1720 wrote to memory of 2568	1720	MSI2456.tmp	39
PID 1760 wrote to memory of 2844	1760	msiexec.exe	40
PID 1760 wrote to memory of 2844	1760	msiexec.exe	40
PID 1760 wrote to memory of 2844	1760	msiexec.exe	40
PID 1760 wrote to memory of 2844	1760	msiexec.exe	40
PID 2844 wrote to memory of 576	2844	MSI2689.tmp	41
PID 2844 wrote to memory of 576	2844	MSI2689.tmp	41
PID 2844 wrote to memory of 576	2844	MSI2689.tmp	41
PID 2844 wrote to memory of 576	2844	MSI2689.tmp	41
PID 576 wrote to memory of 2932	576	cmd.exe	43
PID 576 wrote to memory of 2932	576	cmd.exe	43
PID 576 wrote to memory of 2932	576	cmd.exe	43
PID 576 wrote to memory of 2932	576	cmd.exe	43
PID 2844 wrote to memory of 2776	2844	MSI2689.tmp	44
PID 2844 wrote to memory of 2776	2844	MSI2689.tmp	44
PID 2844 wrote to memory of 2776	2844	MSI2689.tmp	44
PID 2844 wrote to memory of 2776	2844	MSI2689.tmp	44
PID 1428 wrote to memory of 2460	1428	MSIEXEC.EXE	47
PID 1428 wrote to memory of 2460	1428	MSIEXEC.EXE	47
PID 1428 wrote to memory of 2460	1428	MSIEXEC.EXE	47
PID 1428 wrote to memory of 2460	1428	MSIEXEC.EXE	47

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Razer_Synapse_Framework_V1.18.17.22533.exe
"C:\Users\Admin\AppData\Local\Temp\Razer_Synapse_Framework_V1.18.17.22533.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\SysWOW64\MSIEXEC.EXE
  MSIEXEC.EXE /i "C:\Users\Admin\AppData\Local\Temp\{C8F5DEDB-CEC8-43E5-B980-F4E9E90D94AD}\Razer Synapse 2.0.msi" TRANSFORMS="C:\Users\Admin\AppData\Local\Temp\{C8F5DEDB-CEC8-43E5-B980-F4E9E90D94AD}\1033.MST" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="Razer_Synapse_Framework_V1.18.17.22533.exe"
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1428
- - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
    "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" -launch
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates system info in registry
    - Modifies system certificate store
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2460

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding C78E12C089CF745CC1B2A463A85F0338 C
  2⤵
  - Loads dropped DLL
  PID:2680
- C:\Windows\Installer\MSIF9C.tmp
  "C:\Windows\Installer\MSIF9C.tmp" -rf "C:\ProgramData\Razer\Synapse"
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\Installer\MSI19EA.tmp
  "C:\Windows\Installer\MSI19EA.tmp" -rf "C:\ProgramData\Razer\Synapse"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:2124
- C:\Windows\Installer\MSI2456.tmp
  "C:\Windows\Installer\MSI2456.tmp"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\SysWOW64\regsvr32.exe" /S rzdevinfo.dll
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:2568
- C:\Windows\Installer\MSI2689.tmp
  "C:\Windows\Installer\MSI2689.tmp" /S
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\ProgramData\Razer\Synapse\Devices\SetReg.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:576
  - - C:\Windows\SysWOW64\regini.exe
      regini SetReg.txt
      4⤵
      PID:2932
- - C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe
    "C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe"
    3⤵
    - Executes dropped EXE
    PID:2776

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2052

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000004A8" "00000000000005B0"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f76f72e.rbs

Filesize
59KB

MD5
ab1c987bc06bc75e96e31519142e3ddb

SHA1
69f30dfdeeb886a83e0e3321311230b5d04b8d8d

SHA256
c3d5e39475e1d2af1f7edbafd8f7f34777fd8814bc754e568c6141cdd7c36751

SHA512
5ca4c01f238ae42a1b0db990c5d9f2c3dfac0d4202788a06434e6795a42faef5d178edeea747f9f77ca419c15a79d6380cc02dbfa3668fcf4739c9dab8337049

Download Submit
C:\Program Files (x86)\Razer\Synapse\Ionic.Zip.dll

Filesize
451KB

MD5
6ded8fcbf5f1d9e422b327ca51625e24

SHA1
8a1140cebc39f6994eef7e8de4627fb7b72a2dd9

SHA256
3b3e541682e48f3fd2872f85a06278da2f3e7877ee956da89b90d732a1eaa0bd

SHA512
bda3a65133b7b1e2765c7d07c7da5103292b3c4c2f0673640428b3e7e8637b11539f06c330ab5d0ba6e2274bd2dcd2c50312be6579e75c4008ff5ae7dae34ce4

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
110KB

MD5
1619e5994e2c0a8bf6c03700e782f69b

SHA1
fa5978b94ec8a44807e0cfd59248cc45e3281c63

SHA256
b58575cd4fc9e45bfbfcba4d8051e50fb51f8446ab7e1e57206558da7a80c334

SHA512
98814869b593ea1046bb7c459d30618672d1d87ac3764293e247df1507d854bac236cc041d74850b30588b0fdcf31af4be09b94f76c0cc9b0127175b316e8329

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzStorage.dll

Filesize
308KB

MD5
430f8e6430db594ddd848a85462148d6

SHA1
d8daf565a401778361e9824501aca695d125bb9a

SHA256
572fc9f351df9521f9247c220ec231c903a024e665a4a7891cc151c933c8b450

SHA512
877f3f21ff7bc675b780a2abcce7b9dc4f41b6bcca4276dd168e7496b957bdcbb7b5c460f54f1649f41a0e1bdf81329813b046ae30ea52c556545baf521374f5

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
571KB

MD5
03e281a271d1dc3ff2ddd9a9c8e33c88

SHA1
2c4b15d597eedb79ec2cb31481ddc452c33df7a3

SHA256
878e281ce439ccacf4ca9bd8b273b6a9671c46c67469580e4437ae8a9287ab23

SHA512
2daade35c33aa3500f1fddc2e3dba93cb10a6367f76b4170226a454da3e95f7a184942501914eda4e94a691eca3dfdcac144ef3e3ac3c2344b5ee4bb54f71318

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
571KB

MD5
03e281a271d1dc3ff2ddd9a9c8e33c88

SHA1
2c4b15d597eedb79ec2cb31481ddc452c33df7a3

SHA256
878e281ce439ccacf4ca9bd8b273b6a9671c46c67469580e4437ae8a9287ab23

SHA512
2daade35c33aa3500f1fddc2e3dba93cb10a6367f76b4170226a454da3e95f7a184942501914eda4e94a691eca3dfdcac144ef3e3ac3c2344b5ee4bb54f71318

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe.config

Filesize
3KB

MD5
5945e6ac5d0003638a9ef0fee06edad8

SHA1
d6ba9ded6e2a49c5bb0953c0e223ed765dd7187e

SHA256
8bfda28dac43f224dd060334ac42c1f17c523967c58f3a7a789387af2873afef

SHA512
18edc35029bd5b90252704d43bd7fa5cd4ce89a1e8d1f6ac2c337e4a39ca57a8bbb6144e6f1dc171e275e2169bdae13eb5878973137de8528b570ae179fdc806

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzSynapseLoginUI.dll

Filesize
2.5MB

MD5
643726156ad8800849e0905a813f7516

SHA1
b7ccc40788116a3f8e2b5c84897966da1fefcfe6

SHA256
e6b614c037cdb88e6ce606c6bb40556a09cbd274f59af5730eaddbcadb0315c0

SHA512
9b4a22b2d6c15f5427420a77f3bd749eb239bf33c157ce828171dba3ae76567c29b144c1bad276731d68ca079855e683d12a481461b64e441afa03ea023f1277

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzTrayMgr.dll

Filesize
44KB

MD5
44aab7590a0e76379c50a1f6ae4b16f8

SHA1
0094e3c7f68009f213d18d5ac86bb79f300597b8

SHA256
dbfa085e880f3bb3c202f3895c242bcbe355edbd20f20651b1bdc48f43c981eb

SHA512
401c7357f491ba3c4815d8576432ebcc9ff05cd126c22cb958706005d99b5cc84168bea944afd0f6a988d30468b7daaf19704c7ad0ca2df26517386c89cff919

Download Submit
C:\Program Files (x86)\Razer\Synapse\RzUpdate.dll

Filesize
79KB

MD5
3f5159095c9f3bfc67e54c0857282067

SHA1
275fe9a08a3549088b49c673b6aa80329dc903a4

SHA256
910528664cef416cdb59bb5e040debef3b069fea625a84c8ba0fe150272cfda2

SHA512
21dd0c22ca5efa1557a424da1e238710afb63df726f715c9ef4833c9cf236702c366fa180f8bbe1f005964f4ef4b0a9ace0ef61bf17ba473bba851dae865b2c2

Download Submit
C:\Program Files (x86)\Razer\Synapse\config.log4net

Filesize
869B

MD5
4deb7380efea18de30b0cb2d0dd2669e

SHA1
5dc4999720bb8cabb36561348fd8db88d14afa33

SHA256
29e05e5e9b52d9108fca9a4a2686b8637f61b9ed1785d01dee7edd4606c40211

SHA512
6f22ad5eab6e6df8747b31793f8db4dd4ec93188466bd27c25d72ecaaa270a9cd4a084df496c98f94149b1d7148a8b8613d45cadcb6438c00d0756315b3b9f86

Download Submit
C:\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
264KB

MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe

Filesize
29KB

MD5
78426e40cd34ff3de3c01009e3310d4c

SHA1
da8168dfa49824a1020585f54d7c470aac96d7e1

SHA256
2382450b16823f4099b85370586b0b1df06b711b3840292e9e3276bb550eb236

SHA512
479a22950613498247e1e46c2cd0a45305a8878fcaf3eb9c6ced9835add48caf0816926cba358d75dd16cdd4b97cf0597ec2119ae921e7044103cfb5423dec8b

Download Submit
C:\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe

Filesize
29KB

MD5
78426e40cd34ff3de3c01009e3310d4c

SHA1
da8168dfa49824a1020585f54d7c470aac96d7e1

SHA256
2382450b16823f4099b85370586b0b1df06b711b3840292e9e3276bb550eb236

SHA512
479a22950613498247e1e46c2cd0a45305a8878fcaf3eb9c6ced9835add48caf0816926cba358d75dd16cdd4b97cf0597ec2119ae921e7044103cfb5423dec8b

Download Submit
C:\ProgramData\Razer\Synapse\Devices\SetReg.bat

Filesize
51B

MD5
febaf310f2e4dc139090aab42b8cd922

SHA1
f51dda3b309e28fd72a8c87f0f7a7bf81187a36d

SHA256
e2f8ab5ac87828d8a841185ad3c632d13588a3cb7c8fe6a0fb5d6fa81b8b7a65

SHA512
ae025128d940df57d1a3ed64886707e562ef46bbac81eac0b898fa35b8c86aecbc687b58afc32615031c45977ff6966cd0d95da9486946536ade00af5a9b2834

Download Submit
C:\ProgramData\Razer\Synapse\Devices\SetReg.bat

Filesize
51B

MD5
febaf310f2e4dc139090aab42b8cd922

SHA1
f51dda3b309e28fd72a8c87f0f7a7bf81187a36d

SHA256
e2f8ab5ac87828d8a841185ad3c632d13588a3cb7c8fe6a0fb5d6fa81b8b7a65

SHA512
ae025128d940df57d1a3ed64886707e562ef46bbac81eac0b898fa35b8c86aecbc687b58afc32615031c45977ff6966cd0d95da9486946536ade00af5a9b2834

Download Submit
C:\ProgramData\Razer\Synapse\Devices\SetReg.txt

Filesize
96B

MD5
394b528b2fec22f1d4dc7657e0b038cb

SHA1
a9580e5e642845c640b6b37415a92eaf30885b72

SHA256
be5e6258c44a29ab8015f3f92b4103f6566e5d5cfb27da7a3bf4e1aa6604ba20

SHA512
5499dd82807ddfe77d3868f29f95a81cbf22b8b38a96d5e1b8eef228d3b729b4d2347f15433c58585cc215c1b1e09ed9b998f05cb5add6a7bc1f1c1eb19e2911

Download Submit
C:\ProgramData\Razer\Synapse\Devices\skins\RAZER11_BW2_Selector.png

Filesize
171KB

MD5
f2e5520c0d36b4861a6843608908d0e6

SHA1
1b81fe40734e54b9ed54ae27691d7c27a1f97319

SHA256
2c2ff837a416895be1d97f204a0f5048210b38a4c03122b1889ba0e1cc503c3f

SHA512
23c50a0eea31ea8c5dcf5be3504b770f151a6ecd32bcb862326ad4c662b262450f778f952d5a9068f9e158232b7217c2db2f0e04c100f26d5503243a85f5d7b5

Download Submit
C:\ProgramData\Razer\Synapse\Devices\skins\RAZER11_NOSTROMO_Selector.png

Filesize
171KB

MD5
7590146fe05b8cfb0d400fcc297606b6

SHA1
8551aac517611c8e1d2bdd124ee54cece8aefcd9

SHA256
0aa28f6f7f3c74c7ccafce1f3d5db82ccacc11dd92c502c28e7cb6dc6ac4758a

SHA512
52b8541ef810888bead43a4f40abb77df5f1b4e725ded015a3af2ed354786422a64dfddfa7f2b30d57581a20be6c9beca1447a9f50d5cfd8e0d982eb5151b89d

Download Submit
C:\ProgramData\Razer\Synapse\Devices\skins\VAD_speaker_F_mask.png

Filesize
201B

MD5
ec2c19f2b6294cf78f7d9267b6c8ea4a

SHA1
d3e97d2c4407ec3e4fb4d96ac9c3c5c7c06a0bff

SHA256
ebfc709058e98ac7c7a322ac7cbdbbd4a3b6abbda81d0551410970b354431891

SHA512
401196da85651c20965dc49046752a2d411203b8d7c300eb3189322420d0aa7322fbf1696cab187f26cf07b53073a5767a7aee70d37db5596f3ac2ce85cd2abb

Download Submit
C:\ProgramData\Razer\Synapse\Logs\Synapse_Admin.log

Filesize
2KB

MD5
03e35fcea069098be9d8cb92bac23da4

SHA1
508bb7f1f3b1aa614046ab50ef0cc2eaef6e2d9f

SHA256
826f905d09f482259e9c9ed8a0937dc205e2f5656f74049bb80a7e47ce1ed16a

SHA512
b84ed78195f169c112dea5f0d225eaf3e7ffecb831aa9a4c3be45a0a359b9d7855404b79559abe5ef20502197b4c6924c0b0d8ec66d313db708a11f0839a4154

Download Submit
C:\ProgramData\Razer\Synapse\Logs\Synapse_Admin.log

Filesize
4KB

MD5
f03c8dfc88f0fef446051c74df468737

SHA1
109768145e6e05b43f02b64f3c30bb8dbb77b632

SHA256
f9a3dfcb3f0e8075cfadb73980444b67106158726ef4e9ae2a2a70ddc8047f22

SHA512
f6e634182d8cdb2eabca1ec3ec971eacb0f6e90e46be71d516bb1b164bd36cb2985f871a45ce803e2d10d1746bc34f10a28d2ea4bece5fb1de1fb9fa17d77f81

Download Submit
C:\ProgramData\Razer\Synapse\Modules\SystemInfo\ModuleInfo.xml

Filesize
433B

MD5
9f693b81eb90f38fbc1e343178916471

SHA1
574c7c68491c7315bf72b4c094a6d419a8586e32

SHA256
dbca02960bdc4a23104a6ae174855fa0719afe517e6aad011cd3929aa22561ce

SHA512
6dd6c68466caee92da76e5077600a37458f76e19edff5544ebe3e87ccb49c2ce91d36350bb00cb6d54f966bc0a52828a1d72e1ac656831c8724227d3f34ea2c0

Download Submit
C:\ProgramData\Razer\Synapse\Modules\SystemInfo\RzSystemInfo.dll

Filesize
24KB

MD5
980a514a7927a5d97b49f66ae30d6b18

SHA1
a5a942a6dc2beecaa59ba041038b8a2de3163c3a

SHA256
73c0df65852a4de20ed2d9d6b123ae24f731b861b283bd0b3dc9056ce0d1ed0f

SHA512
0f14c28c7a2ed7fe870897f03dde39dacf3675d858bec4a7f6fc96115a76dab9c71033d3e83e6e259b4898a4999be9bc8fe216e20a31d9a2a46a71bf1ada4ea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Razer\Synapse\Accounts\RazerLoginData.xml

Filesize
294B

MD5
f914beb4b2cbbb0a24772d4294f2d3f9

SHA1
8e4d0d6a4ba8681d5c2d339bb8dcbae7783748f2

SHA256
ac8c75148aed1737774aa2b8b5421ee2a0274f614ea4997986e587727d0f4332

SHA512
0ba2bff2b3b755cc0a1d409b76653fcd236a622bfaa4bfb7a4f6c82fd7a0c7baeec235edc13635f156809ce8abf2f05e99abaf3162694f9637e8caab503d8921

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI79C2.tmp

Filesize
122KB

MD5
2c65cc2f1516e8eed2f01ee5efa60c93

SHA1
fa8ace92bdf6cb522357384b352389d08b0464de

SHA256
1af4d7548834c516d02c04e13f446dfb528e01f3352eabe8a6c7528e4caffeca

SHA512
f5a55023883795a0c27020ffcf6b4a33c37faefa808e45afbeea1f1b8eb07c4b6a82ef4dfc729d66d8cf93f8f7ffaf3f36e0c7c1cd7cddd76934b23380567f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8750.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\_is55CC.tmp

Filesize
1KB

MD5
b0840974c25813bb9c98fe6303fda3d7

SHA1
174cd7001937313af45c9e9530cf61248ef85d68

SHA256
2afa2c4ad2773aaec0c801afcb8a389446c027aa6ad5e4a0f1a2e450265ac1e5

SHA512
559c20b4e20160c40990fa501543531a4716534ef81a36d9f8cf8a39c3557f202e2abc889e8a27866121e92e56c6033bf42e388f19def24e7f0de4ede858bd05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_is562D..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj2888.tmp\nsExec.dll

Filesize
6KB

MD5
052a077ee8b519aadbcf29e6b5e710a4

SHA1
b3ab29d0ebdbdca63e4dffd2fd2e6b9188ffae4b

SHA256
9a1a5c6f598247bfa52624cd793b9ef4fb85863cc9dfd69eb7ef671cacc906c9

SHA512
cb11cba331b85122dcc2d57171ce20382af0a9fdf0a85a30155404d975901a313c9285eb9445e51979c6ec8416ccdf97fdeaf1bd2203c9395ad046a385a90009

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso259B.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8F5DEDB-CEC8-43E5-B980-F4E9E90D94AD}\0x0409.ini

Filesize
21KB

MD5
be345d0260ae12c5f2f337b17e07c217

SHA1
0976ba0982fe34f1c35a0974f6178e15c238ed7b

SHA256
e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

SHA512
77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8F5DEDB-CEC8-43E5-B980-F4E9E90D94AD}\1033.MST

Filesize
20KB

MD5
bc91daf38334b54269c35e81feec97e5

SHA1
4ceece5e8c59e79327bd8108927c21285657de1f

SHA256
d40ebee64c6d32a1facbf79c2f2490fd24cf9910258a5de340bd056ef940687f

SHA512
8c9f27dc2d1881e5819ba70549f0221115dc28c6fa0248b09d25f72f1713030e9f3f445ba0bee95260d228522210116b82a51dace90f6b9c477e5902dfbd30f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8F5DEDB-CEC8-43E5-B980-F4E9E90D94AD}\Razer Synapse 2.0.msi

Filesize
52.6MB

MD5
0df259c64db38c32020796c76e233abf

SHA1
c828fef27b052f89a43ef8ee2d1bc1adc5ba4fed

SHA256
1565f8e9d3542419c1655a07057593639b4f909d7ed26db4ef5de08dce139518

SHA512
e8eae9d4b76cb809b616a08f936fd25b130837472f81313c032aceefc68e74db25d9b3c874d00bba83f696996a0ab8dba3f40653dba9e9cd7fb3af490b41d37a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C8F5DEDB-CEC8-43E5-B980-F4E9E90D94AD}\_ISMSIDEL.INI

Filesize
20B

MD5
db9af7503f195df96593ac42d5519075

SHA1
1b487531bad10f77750b8a50aca48593379e5f56

SHA256
0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13

SHA512
6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\~55B9.tmp

Filesize
6KB

MD5
41c2c4d683f4ce58713b58f038e6ebb9

SHA1
5465d0eb5cceedadabbf2ef2cafad0278e29dbed

SHA256
896996f4b38e883c29e1f81e12ba7594460de61f95a69443687cce6e9c8acc08

SHA512
573afb5011b68426aa43a89e83d4f62846eb196d8712b568a99b4d06aa0cb513eab2d0f96dad6d1757240ce684c95a9162052185f8e813dc13cd33fd8161fa15

Download Submit
C:\Windows\Installer\MSI19EA.tmp

Filesize
31KB

MD5
ef7a73791d063c577cc9cd6e584bcd96

SHA1
280134bfc5e19ab7d1b848818a4a466660dace20

SHA256
555904db79954127733fb69f2dfd2d016911bef20ce7d7615320c864fb7b7d65

SHA512
f96ed3cc1f6fa8351eec4eb8f09706a2aef51c00f17a3a3b64db98b760498d768750f38761ec09647f7232ee4599aced65c22cd1ad1a56ed95ff5eaf418d0fb4

Download Submit
C:\Windows\Installer\MSI19EA.tmp

Filesize
31KB

MD5
ef7a73791d063c577cc9cd6e584bcd96

SHA1
280134bfc5e19ab7d1b848818a4a466660dace20

SHA256
555904db79954127733fb69f2dfd2d016911bef20ce7d7615320c864fb7b7d65

SHA512
f96ed3cc1f6fa8351eec4eb8f09706a2aef51c00f17a3a3b64db98b760498d768750f38761ec09647f7232ee4599aced65c22cd1ad1a56ed95ff5eaf418d0fb4

Download Submit
C:\Windows\Installer\MSI2456.tmp

Filesize
80KB

MD5
d7da13c220b21eaad543d90bbd1d1b9c

SHA1
dec99fadf104968bd3d61c185478dad8cab26bfd

SHA256
9211377dac845cba6d9271d2a4b4adac1d5c9bcf036b7c1ebc227039234df8f9

SHA512
fefdac9e91d388348d67705fe2a5782b9eb3e35a01b0a00edbe2a0f54fece30db855e08f396098faeceb068e29e3de3adeefb3bd53fc2d47ce51d06703981687

Download Submit
C:\Windows\Installer\MSI2456.tmp

Filesize
80KB

MD5
d7da13c220b21eaad543d90bbd1d1b9c

SHA1
dec99fadf104968bd3d61c185478dad8cab26bfd

SHA256
9211377dac845cba6d9271d2a4b4adac1d5c9bcf036b7c1ebc227039234df8f9

SHA512
fefdac9e91d388348d67705fe2a5782b9eb3e35a01b0a00edbe2a0f54fece30db855e08f396098faeceb068e29e3de3adeefb3bd53fc2d47ce51d06703981687

Download Submit
C:\Windows\Installer\MSI2689.tmp

Filesize
43.5MB

MD5
e232ea9e638ad97c631513acec01f977

SHA1
0807435e2df7deb722d12ef40d50b19f805d1ec0

SHA256
5a6ccf2ce051cfca593a0d60269b6c820eaf843965909b8b9b607c04d8ebc44c

SHA512
9784c855ea191581368a89a98630f050fcc1029e734c392012c7227cb435bbbbd14a5f2de53ed2314c45cda1400e9ae9b27174915028ac0e0009a2e9f4afba58

Download Submit
C:\Windows\Installer\MSI2689.tmp

Filesize
43.5MB

MD5
e232ea9e638ad97c631513acec01f977

SHA1
0807435e2df7deb722d12ef40d50b19f805d1ec0

SHA256
5a6ccf2ce051cfca593a0d60269b6c820eaf843965909b8b9b607c04d8ebc44c

SHA512
9784c855ea191581368a89a98630f050fcc1029e734c392012c7227cb435bbbbd14a5f2de53ed2314c45cda1400e9ae9b27174915028ac0e0009a2e9f4afba58

Download Submit
C:\Windows\Installer\MSIF9C.tmp

Filesize
5KB

MD5
4a0b41588e26516f010f8de08966823b

SHA1
796adfc2bd1d8b8fd978b2a7171649bdba1f4dc4

SHA256
b7185f8a715772237806ba3d7b0996eb3ceb86066172dee7fcc277aeb77158f3

SHA512
86fe4911293aa13a65d5989c00afea5f91cab2390521baf53d8f3f1fa9149f49f81351082f880ae5fdc734169ae7b37d42dd6e971e24dc28bf4f3a51e7c1b8fc

Download Submit
C:\Windows\Installer\MSIF9C.tmp

Filesize
5KB

MD5
4a0b41588e26516f010f8de08966823b

SHA1
796adfc2bd1d8b8fd978b2a7171649bdba1f4dc4

SHA256
b7185f8a715772237806ba3d7b0996eb3ceb86066172dee7fcc277aeb77158f3

SHA512
86fe4911293aa13a65d5989c00afea5f91cab2390521baf53d8f3f1fa9149f49f81351082f880ae5fdc734169ae7b37d42dd6e971e24dc28bf4f3a51e7c1b8fc

Download Submit
C:\Windows\Installer\f76f72b.msi

Filesize
52.6MB

MD5
0df259c64db38c32020796c76e233abf

SHA1
c828fef27b052f89a43ef8ee2d1bc1adc5ba4fed

SHA256
1565f8e9d3542419c1655a07057593639b4f909d7ed26db4ef5de08dce139518

SHA512
e8eae9d4b76cb809b616a08f936fd25b130837472f81313c032aceefc68e74db25d9b3c874d00bba83f696996a0ab8dba3f40653dba9e9cd7fb3af490b41d37a

Download Submit
C:\Windows\Installer\f76f72c.mst

Filesize
20KB

MD5
bc91daf38334b54269c35e81feec97e5

SHA1
4ceece5e8c59e79327bd8108927c21285657de1f

SHA256
d40ebee64c6d32a1facbf79c2f2490fd24cf9910258a5de340bd056ef940687f

SHA512
8c9f27dc2d1881e5819ba70549f0221115dc28c6fa0248b09d25f72f1713030e9f3f445ba0bee95260d228522210116b82a51dace90f6b9c477e5902dfbd30f5

Download Submit
C:\Windows\SysWOW64\rzdevinfo.dll

Filesize
87KB

MD5
45ccb1638a429c3cb4ce43f5b11a9816

SHA1
b19ead5a8c402154e4ec6ec02630881c2b383fc7

SHA256
ed4b28e637c7ad4574fe968c879f9eb38e8b8765724fd8cac81b6f8803735b93

SHA512
393d8cc78aa81128e4d017189752ecf6ce599c3e233290851846d7474bde137434d6a6dda88a06793965007a9d4f1c8c1d7ed303b5993f4c672af5078448cebc

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
110KB

MD5
1619e5994e2c0a8bf6c03700e782f69b

SHA1
fa5978b94ec8a44807e0cfd59248cc45e3281c63

SHA256
b58575cd4fc9e45bfbfcba4d8051e50fb51f8446ab7e1e57206558da7a80c334

SHA512
98814869b593ea1046bb7c459d30618672d1d87ac3764293e247df1507d854bac236cc041d74850b30588b0fdcf31af4be09b94f76c0cc9b0127175b316e8329

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
110KB

MD5
1619e5994e2c0a8bf6c03700e782f69b

SHA1
fa5978b94ec8a44807e0cfd59248cc45e3281c63

SHA256
b58575cd4fc9e45bfbfcba4d8051e50fb51f8446ab7e1e57206558da7a80c334

SHA512
98814869b593ea1046bb7c459d30618672d1d87ac3764293e247df1507d854bac236cc041d74850b30588b0fdcf31af4be09b94f76c0cc9b0127175b316e8329

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
110KB

MD5
1619e5994e2c0a8bf6c03700e782f69b

SHA1
fa5978b94ec8a44807e0cfd59248cc45e3281c63

SHA256
b58575cd4fc9e45bfbfcba4d8051e50fb51f8446ab7e1e57206558da7a80c334

SHA512
98814869b593ea1046bb7c459d30618672d1d87ac3764293e247df1507d854bac236cc041d74850b30588b0fdcf31af4be09b94f76c0cc9b0127175b316e8329

Download Submit
\Program Files (x86)\Razer\Synapse\RzCommon.dll

Filesize
110KB

MD5
1619e5994e2c0a8bf6c03700e782f69b

SHA1
fa5978b94ec8a44807e0cfd59248cc45e3281c63

SHA256
b58575cd4fc9e45bfbfcba4d8051e50fb51f8446ab7e1e57206558da7a80c334

SHA512
98814869b593ea1046bb7c459d30618672d1d87ac3764293e247df1507d854bac236cc041d74850b30588b0fdcf31af4be09b94f76c0cc9b0127175b316e8329

Download Submit
\Program Files (x86)\Razer\Synapse\RzStorage.dll

Filesize
308KB

MD5
430f8e6430db594ddd848a85462148d6

SHA1
d8daf565a401778361e9824501aca695d125bb9a

SHA256
572fc9f351df9521f9247c220ec231c903a024e665a4a7891cc151c933c8b450

SHA512
877f3f21ff7bc675b780a2abcce7b9dc4f41b6bcca4276dd168e7496b957bdcbb7b5c460f54f1649f41a0e1bdf81329813b046ae30ea52c556545baf521374f5

Download Submit
\Program Files (x86)\Razer\Synapse\RzStorage.dll

Filesize
308KB

MD5
430f8e6430db594ddd848a85462148d6

SHA1
d8daf565a401778361e9824501aca695d125bb9a

SHA256
572fc9f351df9521f9247c220ec231c903a024e665a4a7891cc151c933c8b450

SHA512
877f3f21ff7bc675b780a2abcce7b9dc4f41b6bcca4276dd168e7496b957bdcbb7b5c460f54f1649f41a0e1bdf81329813b046ae30ea52c556545baf521374f5

Download Submit
\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
571KB

MD5
03e281a271d1dc3ff2ddd9a9c8e33c88

SHA1
2c4b15d597eedb79ec2cb31481ddc452c33df7a3

SHA256
878e281ce439ccacf4ca9bd8b273b6a9671c46c67469580e4437ae8a9287ab23

SHA512
2daade35c33aa3500f1fddc2e3dba93cb10a6367f76b4170226a454da3e95f7a184942501914eda4e94a691eca3dfdcac144ef3e3ac3c2344b5ee4bb54f71318

Download Submit
\Program Files (x86)\Razer\Synapse\RzSynapse.exe

Filesize
571KB

MD5
03e281a271d1dc3ff2ddd9a9c8e33c88

SHA1
2c4b15d597eedb79ec2cb31481ddc452c33df7a3

SHA256
878e281ce439ccacf4ca9bd8b273b6a9671c46c67469580e4437ae8a9287ab23

SHA512
2daade35c33aa3500f1fddc2e3dba93cb10a6367f76b4170226a454da3e95f7a184942501914eda4e94a691eca3dfdcac144ef3e3ac3c2344b5ee4bb54f71318

Download Submit
\Program Files (x86)\Razer\Synapse\RzSynapseLoginUI.dll

Filesize
2.5MB

MD5
643726156ad8800849e0905a813f7516

SHA1
b7ccc40788116a3f8e2b5c84897966da1fefcfe6

SHA256
e6b614c037cdb88e6ce606c6bb40556a09cbd274f59af5730eaddbcadb0315c0

SHA512
9b4a22b2d6c15f5427420a77f3bd749eb239bf33c157ce828171dba3ae76567c29b144c1bad276731d68ca079855e683d12a481461b64e441afa03ea023f1277

Download Submit
\Program Files (x86)\Razer\Synapse\RzSynapseLoginUI.dll

Filesize
2.5MB

MD5
643726156ad8800849e0905a813f7516

SHA1
b7ccc40788116a3f8e2b5c84897966da1fefcfe6

SHA256
e6b614c037cdb88e6ce606c6bb40556a09cbd274f59af5730eaddbcadb0315c0

SHA512
9b4a22b2d6c15f5427420a77f3bd749eb239bf33c157ce828171dba3ae76567c29b144c1bad276731d68ca079855e683d12a481461b64e441afa03ea023f1277

Download Submit
\Program Files (x86)\Razer\Synapse\RzTrayMgr.dll

Filesize
44KB

MD5
44aab7590a0e76379c50a1f6ae4b16f8

SHA1
0094e3c7f68009f213d18d5ac86bb79f300597b8

SHA256
dbfa085e880f3bb3c202f3895c242bcbe355edbd20f20651b1bdc48f43c981eb

SHA512
401c7357f491ba3c4815d8576432ebcc9ff05cd126c22cb958706005d99b5cc84168bea944afd0f6a988d30468b7daaf19704c7ad0ca2df26517386c89cff919

Download Submit
\Program Files (x86)\Razer\Synapse\RzTrayMgr.dll

Filesize
44KB

MD5
44aab7590a0e76379c50a1f6ae4b16f8

SHA1
0094e3c7f68009f213d18d5ac86bb79f300597b8

SHA256
dbfa085e880f3bb3c202f3895c242bcbe355edbd20f20651b1bdc48f43c981eb

SHA512
401c7357f491ba3c4815d8576432ebcc9ff05cd126c22cb958706005d99b5cc84168bea944afd0f6a988d30468b7daaf19704c7ad0ca2df26517386c89cff919

Download Submit
\Program Files (x86)\Razer\Synapse\RzUpdate.dll

Filesize
79KB

MD5
3f5159095c9f3bfc67e54c0857282067

SHA1
275fe9a08a3549088b49c673b6aa80329dc903a4

SHA256
910528664cef416cdb59bb5e040debef3b069fea625a84c8ba0fe150272cfda2

SHA512
21dd0c22ca5efa1557a424da1e238710afb63df726f715c9ef4833c9cf236702c366fa180f8bbe1f005964f4ef4b0a9ace0ef61bf17ba473bba851dae865b2c2

Download Submit
\Program Files (x86)\Razer\Synapse\RzUpdate.dll

Filesize
79KB

MD5
3f5159095c9f3bfc67e54c0857282067

SHA1
275fe9a08a3549088b49c673b6aa80329dc903a4

SHA256
910528664cef416cdb59bb5e040debef3b069fea625a84c8ba0fe150272cfda2

SHA512
21dd0c22ca5efa1557a424da1e238710afb63df726f715c9ef4833c9cf236702c366fa180f8bbe1f005964f4ef4b0a9ace0ef61bf17ba473bba851dae865b2c2

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
264KB

MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
264KB

MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
264KB

MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
\Program Files (x86)\Razer\Synapse\log4net.dll

Filesize
264KB

MD5
b89cb7f3f1a1e2807e708f5435deb13d

SHA1
82cde65a7514c0e465ee0d505be56c56639ff0b1

SHA256
27d26aab42f7cab35bf51d0536c67ed553fc97b670226b868805e7c6927e5c87

SHA512
0bd0da0cc01eb62ba1dea21666bccf76db6c7dcb2ddfa608bea61da0ffa230a60a66e91449b2664de006066eb63d26daafb3bf7b932c8a22ccd347dbd707e68b

Download Submit
\ProgramData\Razer\Synapse\Devices\Merger\RazerMerger.exe

Filesize
29KB

MD5
78426e40cd34ff3de3c01009e3310d4c

SHA1
da8168dfa49824a1020585f54d7c470aac96d7e1

SHA256
2382450b16823f4099b85370586b0b1df06b711b3840292e9e3276bb550eb236

SHA512
479a22950613498247e1e46c2cd0a45305a8878fcaf3eb9c6ced9835add48caf0816926cba358d75dd16cdd4b97cf0597ec2119ae921e7044103cfb5423dec8b

Download Submit
\Users\Admin\AppData\Local\Temp\MSI79C2.tmp

Filesize
122KB

MD5
2c65cc2f1516e8eed2f01ee5efa60c93

SHA1
fa8ace92bdf6cb522357384b352389d08b0464de

SHA256
1af4d7548834c516d02c04e13f446dfb528e01f3352eabe8a6c7528e4caffeca

SHA512
f5a55023883795a0c27020ffcf6b4a33c37faefa808e45afbeea1f1b8eb07c4b6a82ef4dfc729d66d8cf93f8f7ffaf3f36e0c7c1cd7cddd76934b23380567f03

Download Submit
\Users\Admin\AppData\Local\Temp\_is562D..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is562D..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is5739..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is5739..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is5874..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is5874..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is5960..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is5960..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is59FE..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\_is59FE..dll

Filesize
2.2MB

MD5
0ce4d3bd306da6d1f6f233c403f5b667

SHA1
15dd2e31c5e9dc223befc5cfb6ca01737b262412

SHA256
6428ad0bd3732a2038cd372a06563e84f33dcdab4e2b203b3f75be678690dcad

SHA512
4275103c2148945e0ea7afc666402c3fa37b6443fb298fb40d668269694057b394fc23e1aeac99236e3ffee1a05ecb3ae2d394df9ad219bc7b6bd67412670ae9

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2888.tmp\nsExec.dll

Filesize
6KB

MD5
052a077ee8b519aadbcf29e6b5e710a4

SHA1
b3ab29d0ebdbdca63e4dffd2fd2e6b9188ffae4b

SHA256
9a1a5c6f598247bfa52624cd793b9ef4fb85863cc9dfd69eb7ef671cacc906c9

SHA512
cb11cba331b85122dcc2d57171ce20382af0a9fdf0a85a30155404d975901a313c9285eb9445e51979c6ec8416ccdf97fdeaf1bd2203c9395ad046a385a90009

Download Submit
\Users\Admin\AppData\Local\Temp\nsj2888.tmp\nsExec.dll

Filesize
6KB

MD5
052a077ee8b519aadbcf29e6b5e710a4

SHA1
b3ab29d0ebdbdca63e4dffd2fd2e6b9188ffae4b

SHA256
9a1a5c6f598247bfa52624cd793b9ef4fb85863cc9dfd69eb7ef671cacc906c9

SHA512
cb11cba331b85122dcc2d57171ce20382af0a9fdf0a85a30155404d975901a313c9285eb9445e51979c6ec8416ccdf97fdeaf1bd2203c9395ad046a385a90009

Download Submit
\Users\Admin\AppData\Local\Temp\nso259B.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Windows\SysWOW64\rzdevinfo.dll

Filesize
87KB

MD5
45ccb1638a429c3cb4ce43f5b11a9816

SHA1
b19ead5a8c402154e4ec6ec02630881c2b383fc7

SHA256
ed4b28e637c7ad4574fe968c879f9eb38e8b8765724fd8cac81b6f8803735b93

SHA512
393d8cc78aa81128e4d017189752ecf6ce599c3e233290851846d7474bde137434d6a6dda88a06793965007a9d4f1c8c1d7ed303b5993f4c672af5078448cebc

Download Submit
memory/2124-342-0x0000000000E90000-0x0000000000E9E000-memory.dmp

Filesize
56KB

Download
memory/2124-343-0x0000000072580000-0x0000000072C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2124-371-0x0000000072580000-0x0000000072C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-1239-0x00000000005E0000-0x00000000005FA000-memory.dmp

Filesize
104KB

Download
memory/2460-1229-0x0000000004840000-0x0000000004880000-memory.dmp

Filesize
256KB

Download
memory/2460-1243-0x0000000004300000-0x0000000004354000-memory.dmp

Filesize
336KB

Download
memory/2460-1534-0x0000000004190000-0x000000000419A000-memory.dmp

Filesize
40KB

Download
memory/2460-1421-0x0000000004840000-0x0000000004880000-memory.dmp

Filesize
256KB

Download
memory/2460-1226-0x0000000000460000-0x00000000004A6000-memory.dmp

Filesize
280KB

Download
memory/2460-1221-0x00000000002A0000-0x00000000002C2000-memory.dmp

Filesize
136KB

Download
memory/2460-1217-0x0000000000C40000-0x0000000000CD2000-memory.dmp

Filesize
584KB

Download
memory/2460-1425-0x0000000000AF0000-0x0000000000B02000-memory.dmp

Filesize
72KB

Download
memory/2460-1533-0x0000000004840000-0x0000000004880000-memory.dmp

Filesize
256KB

Download
memory/2460-1429-0x0000000006AD0000-0x0000000006D4C000-memory.dmp

Filesize
2.5MB

Download
memory/2460-1532-0x0000000072580000-0x0000000072C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-1463-0x0000000000C10000-0x0000000000C1C000-memory.dmp

Filesize
48KB

Download
memory/2460-1460-0x0000000004190000-0x000000000419A000-memory.dmp

Filesize
40KB

Download
memory/2460-1433-0x0000000006090000-0x0000000006108000-memory.dmp

Filesize
480KB

Download
memory/2460-1443-0x0000000004190000-0x000000000419A000-memory.dmp

Filesize
40KB

Download
memory/2460-1444-0x0000000004190000-0x000000000419A000-memory.dmp

Filesize
40KB

Download
memory/2460-1222-0x0000000072580000-0x0000000072C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-1455-0x0000000004840000-0x0000000004880000-memory.dmp

Filesize
256KB

Download
memory/2460-1458-0x0000000072580000-0x0000000072C6E000-memory.dmp

Filesize
6.9MB

Download
memory/2460-1459-0x0000000004190000-0x000000000419A000-memory.dmp

Filesize
40KB

Download
memory/2496-336-0x0000000072C70000-0x000000007335E000-memory.dmp

Filesize
6.9MB

Download
memory/2496-335-0x0000000072C70000-0x000000007335E000-memory.dmp

Filesize
6.9MB

Download
memory/2496-334-0x0000000001230000-0x0000000001238000-memory.dmp

Filesize
32KB

Download
memory/2776-1194-0x0000000072C70000-0x000000007335E000-memory.dmp

Filesize
6.9MB

Download
memory/2776-1192-0x0000000000D00000-0x0000000000D0E000-memory.dmp

Filesize
56KB

Download
memory/2776-1193-0x0000000072C70000-0x000000007335E000-memory.dmp

Filesize
6.9MB

Download