Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RazerSynapseInstaller_V1.19.0.635.exe

Overview

General Information

Sample name:RazerSynapseInstaller_V1.19.0.635.exe
Analysis ID:1538470
MD5:6d6850d6a3f9cbc2d390ad748f8b36d5
SHA1:a008fca238cc18c7b6c7e6cc14cc81298117ac9d
SHA256:2fd29569403b05eaf6973b62a7c391f28006f1e35c6455d016f0047e9b2577e4
Infos:

Detection

Score:24
Range:0 - 100
Whitelisted:false
Confidence:20%

Compliance

Score:49
Range:0 - 100

Signatures

.NET source code contains potential unpacker
Drops executables to the windows directory (C:\Windows) and starts them
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • RazerSynapseInstaller_V1.19.0.635.exe (PID: 4140 cmdline: "C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exe" MD5: 6D6850D6A3F9CBC2D390AD748F8B36D5)
    • conhost.exe (PID: 3320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • RazerInstaller.exe (PID: 3800 cmdline: C:\Windows\Installer\Razer\Installer\RazerInstaller.exe MD5: 3F7BAB0F26DF356695B8C993ADD1BD6E)
      • RazerInstaller.exe (PID: 4924 cmdline: "C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe" MD5: 7046AAC6CAEE64EF664508D999DA39D3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Creates install or setup log file
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\ProgramData\Razer\Installer\Logs\RazerInstaller.logJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\ProgramData\Razer\Installer\Logs\RazerInstaller-cb19c464-e8c4-429d-93f5-55093fee4228.logJump to behavior
PE / OLE file has a valid certificate
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 99.86.4.106:443 -> 192.168.2.6:49715 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002D57000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Services\Kinesis\obj\AWSSDK.Kinesis.Net45\Release\net45\AWSSDK.Kinesis.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Kinesis.dll
Source: Binary string: concrt140.i386.pdbGCTL source: concrt140.dll
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\DetectManagerWrapper\bin\Razer.DetectManagerWrapper.pdb source: Razer.DetectManagerWrapper.dll
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C72000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C84000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll
Source: Binary string: C:\Users\shikang.neoh\Desktop\cpprestsdk-master\Binaries\Win32\Release\cpprest140_2_10.pdb source: cpprest140_2_10.dll
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll
Source: Binary string: C:\projects\msgpack-cli-x2p85\src\MsgPack\obj\Release\net46\MsgPack.pdb0w source: RazerInstaller.exe
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Services\Kinesis\obj\AWSSDK.Kinesis.Net45\Release\net45\AWSSDK.Kinesis.pdbSHA256 source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Kinesis.dll
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Core\obj\Release\Microsoft.WindowsAPICodePack.pdb source: RazerInstaller.exe
Source: Binary string: C:\Kat\source_git\synapse3_tools\BLEConnect\Release\BLEConnectWrapper.pdb source: BLEConnectWrapper.dll
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll
Source: Binary string: C:\Kat\source_git\synapse3_tools\BLEConnect\BLEConnect\obj\Release\BLEConnect.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4633981753.000000000A6C2000.00000002.00000001.01000000.0000001B.sdmp, BLEConnect.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.UnityExtensions\obj\Release\Microsoft.Practices.Prism.UnityExtensions.pdb source: RazerInstaller.exe
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\SafeExtractor\Release\SafeExtractor.pdb source: RazerSynapseInstaller_V1.19.0.635.exe
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll
Source: Binary string: vcruntime140.i386.pdbGCTL source: RazerInstaller.exe, 00000004.00000002.4679384728.00000000698D1000.00000020.00000001.01000000.00000014.sdmp, vcruntime140.dll.tmp.3.dr
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\InstallerCleaner\obj\Release\RazerInstallerCleaner.pdb source: Razer.RazerInstallerCommon.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.Interactivity\obj\Release\Microsoft.Practices.Prism.Interactivity.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll
Source: Binary string: /_/src/NLog/obj/Release/net46/NLog.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, NLog.dll
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.Interactivity\obj\Release\Microsoft.Practices.Prism.Interactivity.pdbh<~< p<_CorDllMainmscoree.dll source: RazerInstaller.exe
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\DetectManagerWrapper\bin\Razer.DetectManagerWrapper.pdb$$ source: Razer.DetectManagerWrapper.dll
Source: Binary string: C:\Dev\LightweightInstaller\3rd Party\DotNetZip\DotNetZip\Zip\obj\Release\Ionic.Zip.pdb source: RazerInstaller.exe
Source: Binary string: msvcp140.i386.pdb source: RazerInstaller.exe, 00000004.00000002.4678592386.0000000069861000.00000020.00000001.01000000.00000015.sdmp, msvcp140.dll.tmp.3.dr
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.UnityExtensions\obj\Release\Microsoft.Practices.Prism.UnityExtensions.pdb|[ source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll
Source: Binary string: c:\tfs\EL\V5-SL\UnityTemp\Compile\Unity\Unity.Configuration\Src\obj\Release\Microsoft.Practices.Unity.Configuration.pdb source: RazerInstaller.exe
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdbpZ source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\RazerInstallerApp\obj\x86\Release\RazerInstaller.pdb source: RazerInstaller.exe
Source: Binary string: C:\Kat\source_git\driver3\RzMiddleWare\Release\rzS3detmgr.pdb__/ source: RazerInstaller.exe, 00000004.00000002.4678258175.000000006926D000.00000002.00000001.01000000.00000017.sdmp, rzS3detmgr.dll.tmp.3.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\RazerInstallerCommon\obj\x86\Release\Razer.RazerInstallerCommon.pdb source: Razer.RazerInstallerCommon.dll
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: RazerInstaller.exe
Source: Binary string: C:\projects\msgpack-cli-x2p85\src\MsgPack\obj\Release\net46\MsgPack.pdb source: RazerInstaller.exe
Source: Binary string: c:\Code\Codeplex\Bootstrapper\Core\Bootstrapper\obj\Release\Bootstrapper.pdb source: RazerInstaller.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RazerInstaller.exe
Source: Binary string: c:\Code\Codeplex\Bootstrapper\Extensions\Bootstrapper.Unity\obj\Release\Bootstrapper.UnityExtension.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll
Source: Binary string: c:\Code\Codeplex\Bootstrapper\Core\Bootstrapper\obj\Release\Bootstrapper.pdbt source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism\obj\Release\Microsoft.Practices.Prism.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: api-ms-win-core-datetime-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\Natasha_Master\Updater\UpdateUtility\obj\x86\Release\UpdateUtility.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll
Source: Binary string: C:\Kat\source_git\driver3\RzMiddleWare\Release\rzS3detgmr_CWrapper.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002A62000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002A75000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Core\obj\Release\Microsoft.WindowsAPICodePack.pdb, source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll
Source: Binary string: vcruntime140.i386.pdb source: RazerInstaller.exe, 00000004.00000002.4679384728.00000000698D1000.00000020.00000001.01000000.00000014.sdmp, vcruntime140.dll.tmp.3.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll
Source: Binary string: msvcp140.i386.pdbGCTL source: RazerInstaller.exe, 00000004.00000002.4678592386.0000000069861000.00000020.00000001.01000000.00000015.sdmp, msvcp140.dll.tmp.3.dr
Source: Binary string: C:\Kat\source_git\synapse3_tools\BLEConnect\Release\BLEConnectWrapper.pdb%% source: BLEConnectWrapper.dll
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll
Source: Binary string: C:\Kat\source_git\driver3\RzMiddleWare\Release\rzS3detmgr.pdb source: RazerInstaller.exe, 00000004.00000002.4678258175.000000006926D000.00000002.00000001.01000000.00000017.sdmp, rzS3detmgr.dll.tmp.3.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\obj\AWSSDK.Core.Net45\Release\net45\AWSSDK.Core.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dll
Source: Binary string: c:\tfs\EL\V5-SL\UnityTemp\Compile\Unity\Unity\Src\obj\Release\Microsoft.Practices.Unity.pdb source: RazerInstaller.exe
Source: Binary string: c:\Projects\CommonServiceLocator\main\Microsoft.Practices.ServiceLocation.PortableClassLibrary\obj\Release\Microsoft.Practices.ServiceLocation.pdb source: RazerInstaller.exe
Source: Binary string: concrt140.i386.pdb source: concrt140.dll
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll
Source: Binary string: /_/src/NLog/obj/Release/net46/NLog.pdbSHA256OY source: RazerInstaller.exe, 00000003.00000002.4606359057.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, NLog.dll
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\obj\AWSSDK.Core.Net45\Release\net45\AWSSDK.Core.pdbSHA256 source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dll
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb( source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\RazerInstallerApp\obj\x86\Release\RazerInstaller.pdbT source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll
Source: global trafficHTTP traffic detected: POST /sts HTTP/1.1X-Api-Key: ihkodRTss344zqhvkmORG29dNmgEIgJIaCn5DvbYauthorizationToken: RZR_0000000000000000000000000000Content-Type: application/json; charset=utf-8Host: u05srooyhc.execute-api.us-east-1.amazonaws.comContent-Length: 50Expect: 100-continueConnection: Keep-Alive
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002B19000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002BA9000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002B21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/razer equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: u05srooyhc.execute-api.us-east-1.amazonaws.com
Source: global trafficDNS traffic detected: DNS query: discovery.razerapi.com
Source: global trafficDNS traffic detected: DNS query: synapse-3-webservice.razerzone.com
Source: global trafficDNS traffic detected: DNS query: manifest.razerapi.com
Source: global trafficDNS traffic detected: DNS query: cdn.razersynapse.com
Source: global trafficDNS traffic detected: DNS query: assets.razerzone.com
Source: global trafficDNS traffic detected: DNS query: assets2.razerzone.com
Source: global trafficDNS traffic detected: DNS query: deals-assets-cdn.razerzone.com
Source: unknownHTTP traffic detected: POST /sts HTTP/1.1X-Api-Key: ihkodRTss344zqhvkmORG29dNmgEIgJIaCn5DvbYauthorizationToken: RZR_0000000000000000000000000000Content-Type: application/json; charset=utf-8Host: u05srooyhc.execute-api.us-east-1.amazonaws.comContent-Length: 50Expect: 100-continueConnection: Keep-Alive
Source: RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllString found in binary or memory: http://169.254.169.254
Source: RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllString found in binary or memory: http://169.254.170.2
Source: RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllString found in binary or memory: http://169.254.170.2aUnable
Source: RazerInstaller.exe, 00000003.00000000.2132113852.0000000000552000.00000002.00000001.01000000.00000005.sdmp, RazerSynapseInstaller_V1.19.0.635.exe, RazerInstaller.exe.0.drString found in binary or memory: http://DotNetZip.codeplex.com/
Source: RazerInstaller.exe, 00000004.00000002.4652946911.000000000DD7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a1958.d.akamai.net
Source: RazerInstaller.exe, 00000004.00000002.4652946911.000000000DD7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a1958.d.akamai.netd
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://assets.razerzone.com/eeimages/categories/14594/razer-gaming-softwares-category-comms-usp.png
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://assets.razerzone.com/eeimages/categories/14594/razer-gaming-softwares-category-gamebooster-us
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://assets.razerzone.com/eeimages/products/17531/940x573-01-02.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets.razerzone.com/images/software/lwi/LWI-SophiePro-1.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets.razerzone.com/images/software/lwi/LWI-SophiePro-4.pngH
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets.razerzone.com/images/software/lwi/LWI-SophiePro-5.pngH
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets.razerzone.com/images/software/lwi/LWI-SophiePro-6.png
Source: RazerInstaller.exe, 00000004.00000002.4652946911.000000000DD7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/dark_chroma_studio.png
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/dark_macros.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/dark_macros.pnghXM
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/lifestyle_chroma_studio.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/lifestyle_macros.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/lifestyle_macros.png):
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/light_chroma_studio.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.com/images/razer-synapse/light_macros.png
Source: RazerInstaller.exe, 00000004.00000002.4652946911.000000000DD7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://assets2.razerzone.comd
Source: RazerInstaller.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: RazerInstaller.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Core.dll, AWSSDK.Kinesis.dllString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0K
Source: RazerInstaller.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: RazerInstaller.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: RazerInstaller.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: RazerInstaller.exeString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: RazerInstaller.exeString found in binary or memory: http://compositewpf.codeplex.com/
Source: RazerInstaller.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: RazerInstaller.exeString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Core.dll, AWSSDK.Kinesis.dllString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: RazerInstaller.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: RazerInstaller.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: RazerInstaller.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: RazerInstaller.exeString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002EE6000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002ECC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digice
Source: RazerInstaller.exeString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Core.dll, AWSSDK.Kinesis.dllString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: RazerInstaller.exeString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Razer.RazerInstallerCommon;component/controls/showallmodule.xaml
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/Razer.RazerInstallerCommon;component/controls/showallmodule.xamld
Source: AWSSDK.Core.dllString found in binary or memory: http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html
Source: RazerInstaller.exeString found in binary or memory: http://james.newtonking.com/projects/json
Source: RazerInstaller.exeString found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C611000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
Source: NLog.dllString found in binary or memory: http://nlog-project.org/dummynamespace/
Source: RazerInstaller.exeString found in binary or memory: http://ocsp.digicert.com0
Source: RazerInstaller.exeString found in binary or memory: http://ocsp.digicert.com0A
Source: RazerInstaller.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Core.dll, AWSSDK.Kinesis.dllString found in binary or memory: http://ocsp.digicert.com0I
Source: RazerInstaller.exeString found in binary or memory: http://ocsp.digicert.com0O
Source: RazerInstaller.exeString found in binary or memory: http://ocsp.digicert.com0X
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://razer.com/software
Source: RazerInstaller.exeString found in binary or memory: http://schemas.datacontract.org/2004/07/Razer.ActionService
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: NLog.dllString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFL
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFLCopyright
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFLRazerF5Light
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFLRazerF5LightItalic
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFLRazerF5SemiBold
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFLRazerF5SemiBoldItalic
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFLRazerF5Thin
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://scripts.sil.org/OFLRazerF5ThinItalic
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0Roboto
Source: RazerInstaller.exeString found in binary or memory: http://www.codeplex.com/CompositeWPF
Source: RazerInstaller.exeString found in binary or memory: http://www.codeplex.com/DotNetZip
Source: RazerInstaller.exeString found in binary or memory: http://www.codeplex.com/prism
Source: RazerInstaller.exeString found in binary or memory: http://www.codeplex.com/prism#Microsoft.Practices.Prism.ViewModel
Source: RazerInstaller.exeString found in binary or memory: http://www.codeplex.com/prism:Microsoft.Practices.Prism.Interactivity.InteractionRequest
Source: RazerInstaller.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: cpprest140_2_10.dllString found in binary or memory: http://www.openssl.org/support/faq.html
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.razer.com
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.razer.com/software$V
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.razer.com/sw-eula
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.razerzone.com
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.razerzone.com/comms
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.razerzone.com/cortex
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.razerzone.com/surround
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: http://www.razerzone.com/synapse
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: https://albedozero-staging.razerapi.com/password
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: https://albedozero.razerapi.com/datapipelineQhttps://albedozero.razerapi.com/passwordihttps://albedo
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-SophiePro-0.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-SophiePro-2.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-SophiePro-3.pngH
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-SophiePro-4.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-SophiePro-5.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4630661650.00000000068C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-chroma-connect.png
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000068C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-chroma-connect.png/N
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-chroma-connect.pngc
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/lwi/LWI-icon-hue.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/synapse/alexa.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/synapse/alexa.png4
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/synapse/alisha/alisha256.png
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets.razerzone.com/images/software/synapse/audio_visualizer.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com/images/razer-synapse/dark_synapse.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com/images/razer-synapse/light_synapse.png
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C7A2000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com/images/synapse/thxspatial.png
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C7A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com/images/synapse/thxspatial.pngt
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com/images/synapse/virtualringlight.png
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com/images/synapse/virtualringlight.pngC
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets2.razerzone.com/images/synapse/virtualringlight.pngQ
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1660119346OLtIZnKORazerSynapseDependenciesSetup_v3.7.0830.1.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1676531804G7ekRXhnRzGMS_Setup_V2.3.160.119.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/169267812630qZkwjhRazerPhilipsHueSetup_v3.8.0831.082206.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1697631427Qv8gmMqvRazerAudioVisualizerSetup_v3.8.1030.101819.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1700202653705F2WD7StreamerCompanionAppSetup-v2.0.1.12.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1706004329lTqnjXKVRazerMacroSetup_v3.9.0131.012317.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1706157786vdp2jgQMRazerAlexaSetup_v3.9.0131.012511.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1713509834mVPLCvYPTHXSpatialAudioSetup-v2.0.1.15.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1713511449gj1UXRTEVirtualRingLight-v2.0.0.24.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1715844274QrwQ95olRazerCentral_v7.16.0.695.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1718863664EiZeyh8ZRazerChromaStudioSetup_v3.9.0630.062001.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1718868442PNDrFGTfRazerCentral_v7.16.0.695.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/171980599876BqtfYWRazerGameManager_3.7.0.482.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1721957254i4DoSkIvRazerSynapseConfigurationDataSetup_v3.9.0806.072600.e
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1721961508TRIMuqXZRazerChromaBroadcasterSetup_v3.9.0806.072610.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/17259615938LCcFYXuRazerCortexSetup_10.15.5.0.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1727968071MLoJOfqRRazerStringTranslationsSetup_v3.9.1008.100321.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1727968071vZepIZvHRazerSynapseSetup_v3.9.1008.100321.exe
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.razersynapse.com/1728994405oIYh2UhIRazerAxonSetup_1.7.3.0.exe
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/Cortex10/RazerCortex.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4642066803.000000000C815000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/RAZERAXON/AxonLWI00.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/RAZERAXON/RAZERAXONlogo.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/RAZERAXON/RAZERAXONlogo.pngEK
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/RAZERAXON/RAZERAXONlogo.pngb8
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/RAZERAXON/RAZERAXONlogo.pngf9
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4FA000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/cortex_test_update/2018_Cortex_Booster_logo.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/cortex_test_update/cortex-white.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_CHS.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_CHT.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_FRN.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_GER.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_JPN.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_KOR.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_POB.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_RUS.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_SPN.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/880_500_US.webp
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/axon/LWI
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_CHS.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_CHT.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_FRN.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_GER.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_JPN.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_KOR.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_POB.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_RUS.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_RUS.pngIa
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_SPN.png
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_US.png
Source: RazerInstaller.exeString found in binary or memory: https://discovery.razerapi.com:https://manifest.razerapi.com
Source: RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllString found in binary or memory: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
Source: RazerInstaller.exeString found in binary or memory: https://ec.razer.com
Source: RazerInstaller.exeString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: NLog.dllString found in binary or memory: https://github.com/NLog/NLog.git
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: https://insider.razer.com
Source: RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllString found in binary or memory: https://ip-ranges.amazonaws.com/ip-ranges.json
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Kinesis.dllString found in binary or memory: https://kinesis.us-gov-east-1.amazonaws.com
Source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Kinesis.dllString found in binary or memory: https://kinesis.us-gov-west-1.amazonaws.com
Source: NLog.dllString found in binary or memory: https://nlog-project.org/
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rzr.to/chroma-studio
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rzr.to/chromahue
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rzr.to/synapse3
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/
Source: RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/7
Source: rzS3detmgr.log.4.drString found in binary or memory: https://synapse-3-webservice.razerzone.com/AllSystems.json
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C522000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/AllSystems.json)
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C522000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/AllSystems.jsonY
Source: RazerInstaller.exe, 00000004.00000002.4678258175.000000006926D000.00000002.00000001.01000000.00000017.sdmp, rzS3detmgr.dll.tmp.3.drString found in binary or memory: https://synapse-3-webservice.razerzone.com/DeleteUrlCacheEntryURLDownloadToFile
Source: rzS3detmgr.log.4.drString found in binary or memory: https://synapse-3-webservice.razerzone.com/PatchExceptionalEID.json
Source: RazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/PatchExceptionalEID.json4Ac
Source: RazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/PatchExceptionalEID.jsonPAG
Source: RazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/PatchExceptionalEID.jsonjB
Source: RazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/PatchExceptionalEID.jsonvC
Source: rzS3detmgr.log.4.drString found in binary or memory: https://synapse-3-webservice.razerzone.com/dockEID.json
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/dockEID.json1
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/dockEID.jsonR
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C737000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/dockEID.jsont
Source: rzS3detmgr.log.4.drString found in binary or memory: https://synapse-3-webservice.razerzone.com/dongleV2.json
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C7A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/dongleV2.json$
Source: rzS3detmgr.log.4.drString found in binary or memory: https://synapse-3-webservice.razerzone.com/dummyProt.json
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/dummyProt.jsonG
Source: rzS3detmgr.log.4.drString found in binary or memory: https://synapse-3-webservice.razerzone.com/systems.json
Source: RazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/systems.json.E
Source: RazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/systems.jsonQEG
Source: RazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://synapse-3-webservice.razerzone.com/systems.jsonRD
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: https://twitter.com/intent/follow?screen_name=Razer
Source: Razer.RazerInstallerCommon.dllString found in binary or memory: https://u05srooyhc.execute-api.us-east-1.amazonaws.com/sts
Source: RazerInstaller.exeString found in binary or memory: https://www.newtonsoft.com/json
Source: RazerInstaller.exeString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: RazerInstaller.exe, 00000003.00000002.4606359057.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, NLog.dllString found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
Source: RazerInstaller.exeString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/chroma
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/chroma-workshop/connected-devices
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/chroma/alexa
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/cortex-redirect
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/sg-en/thx-spatial-audio
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/software/axon
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/software/razer-virtual-ring-light
Source: RazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/synapse
Source: RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.razer.com/synapse-redirect
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownHTTPS traffic detected: 99.86.4.106:443 -> 192.168.2.6:49715 version: TLS 1.2
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeFile created: C:\Windows\Installer\RazerJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeFile created: C:\Windows\Installer\Razer\InstallerJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeFile created: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\AppJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AllSystems.json.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\concrt140.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\dockEID.json.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\dongle.json.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\dongleV2.json.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\dummyProt.json.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\InstallerConfiguration.xml.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\msvcp140.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\NLog.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\PatchExceptionalEID.json.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.config.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\systems.json.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\de-DEJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\es-ESJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\fr-FRJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ja-JPJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ko-KRJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\pt-BRJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ru-RUJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHSJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHTJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll.tmpJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\LogJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Log\rzS3detmgr.logJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCacheJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\afd837b0edb88795d2d19e7f7741d46e_Mouse-1-customize@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\b49e947b3bd8ca45f28ff10684b85569_Mouse-2-customize@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\cd208777e3a41c4806276a90824306ac_Mouse-3-customize@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\7492f287df3f07064c6999c1a0474b96_Mouse-4-customize@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\dc3d489d95fd04ae0278c4c559287c65_Mouse-5-customize@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\1f6bb98571bb6d014a3310426e4bc40d_Mouse-6-customize@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\20deaa463cf012355d39684aeabde199_light_synapse.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\3140d624792d0f04d02efffcc88ea3ab_dark_synapse.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\c47c6f72b0eb574a9ead57257a613d44_LWI-Alisha1.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\847e43fe011694060f49ca148ebe77f3_LWI-Alisha2.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\a6a8ab87779f3b131679289a63f21a91_LWI-Alisha3.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\88cf9acec89f44de523bae98a788864c_LWI-Alisha4.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\17996a81108fcd78445459db3355ae93_alisha256.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\cb7cc25508f123af324b6fc99e28aa71_alexa-2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\90cea53a9e729f143e3f017f087f9559_alexa.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\4e9512ed0ddf959ad181958f4533bca2_audio_visualizer.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\42338f87a17534cce39b8c6b0e69eb61_ChromaConnect-2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\a2d451068c2275431e4f327476861009_LWI-chroma-connect.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\424b96b895c38a661a0707487f06489e_Dark_Hue@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\ef04b9e0ce1d81b72ccc5346252f5c6e_LWI-icon-hue.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\dc3d489d95fd04ae0278c4c559287c65_macro-dark@2x.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\05b34d432336dbcf6ea0764da372603d_light_macros.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\33e43f4e93382bf68e254b86d08362de_dark_macros.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\6aeeee0f40118daff6219b7498284665_RazerCortex.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\f8c32623ccce9d03a00257b2dd7a7312_UniversalLauncher.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\f3a246fec45b5c3e594a917cf91e1be4_BoosterPrime.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\3c10c6457b0958e8d6cc1bfd4255fd31_GameBooster.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\3eb94c6867b24b25995491da2b5b5536_SystemBooster.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\6f8f3193d4fbdf128e65edd124a89bb7_GameDeals.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\10ef167e3fc4673a19329cfe059963d9_Rewards.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\cdb5dabe83b269c79ffa33d151a866c6_2018_Cortex_Booster_logo.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\d5ca164e824fabfbcdb060c913bdef2e_cortex-white.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\5f6ca8f479fe71fd77046e5799edf7a9_LWI-Natalie-0.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\ce49f7233531adb107a6808f83ca9eca_LWI-Natalie-1.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\45c30ef5c308822699a6815023c81281_LWI-Natalie-2.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\cadb6e52441bad05d8d3cb09f850940f_virtualringlight.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\d213d4ba8f28ea5806e21e946e9cd2ec_AxonLWI00.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\d57623940cc13a0bddb2963d052a7c3f_AxonLWI01.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\f1706ee93dc7f7beccf0ac4274789d39_AxonLWI02.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\29da985a8261988461157579b673aa3d_RAZERAXONlogo.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\8e859396a7087d1d842e18f64b7edccd_LWI-SophiePro-0.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\f626abb1339220fca14dd5a9c50f16fc_LWI-SophiePro-2.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\ccb980f0b6e697452cf96f8cb749943c_LWI-SophiePro-4.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\d5192477f6eb19de78369f83dd10a76d_LWI-SophiePro-5.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\d558eb30bf6c4423cd8827c1c39fd4e9_LWI-SophiePro-3.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\233df7636041add6d59c18f6037680e6_LWI-SophiePro-1.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\5963643b12004933f6e785fec303d18c_LWI-SophiePro-6.pngJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ImageCache\d164304821b78086c309565b3124f039_thxspatial.pngJump to behavior
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Source: api-ms-win-crt-heap-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-convert-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-2-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-debug-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-localization-l1-2-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-namedpipe-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-handle-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-heap-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-stdio-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-libraryloader-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-filesystem-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-rtlsupport-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-datetime-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-errorhandling-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-runtime-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-private-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-string-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-math-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-sysinfo-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l2-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-conio-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-memory-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-timezone-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-time-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-2-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-file-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-profile-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processthreads-l1-1-1.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-multibyte-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-synch-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-console-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-environment-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-utility-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-processenvironment-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-process-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-interlocked-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-locale-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-crt-string-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: api-ms-win-core-util-l1-1-0.dll.tmp.3.drStatic PE information: No import functions for PE file found
Source: RazerSynapseInstaller_V1.19.0.635.exeBinary or memory string: OriginalFilenameIonic.Zip.dllD vs RazerSynapseInstaller_V1.19.0.635.exe
Source: RazerSynapseInstaller_V1.19.0.635.exeBinary or memory string: OriginalFilenameIonic.Zip-2024Jun14-053505-f095d781-592e-43b0-a915-a9a0a112c1ce.exe@ vs RazerSynapseInstaller_V1.19.0.635.exe
Source: RazerSynapseInstaller_V1.19.0.635.exeBinary or memory string: OriginalFilenameRazer Installer.exe@ vs RazerSynapseInstaller_V1.19.0.635.exe
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: sus24.evad.winEXE@6/236@24/1
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\systems[1].jsonJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeMutant created: NULL
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\C__ProgramData_Razer_Installer_Logs_RazerInstaller-cb19c464-e8c4-429d-93f5-55093fee4228.log_rolling
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\C__ProgramData_Razer_Installer_Logs_RazerInstaller.log_rolling
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3320:120:WilError_03
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\Users\user\AppData\Local\Temp\aheaoouz.1dc.xmlJump to behavior
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: RazerInstaller.exeString found in binary or memory: /Adding UnityBootstrapperExtension to container.
Source: RazerInstaller.exeString found in binary or memory: M{72FC5BA4-24F9-4011-9F3F-ADD27AFAD818}
Source: RazerInstaller.exeString found in binary or memory: Setting [#] additivity to [/Adding appender named [
Source: unknownProcess created: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exe "C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exe"
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeProcess created: C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe "C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe"
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeProcess created: C:\Windows\Installer\Razer\Installer\RazerInstaller.exe C:\Windows\Installer\Razer\Installer\RazerInstaller.exeJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe "C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe" Jump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: slc.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: sppc.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: msvcp140_clr0400.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: msctfui.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: rasman.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: rtutils.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: msvcp140.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: d3dcompiler_47.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: rzs3detmgr.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: hid.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: cpprest140_2_10.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: bleconnectwrapper.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: httpapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: concrt140.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: windows.applicationmodel.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: mscms.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: windowscodecsext.dllJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeSection loaded: icm32.dllJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: certificate valid
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic file information: File size 8537864 > 1048576
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x7ea200
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002D45000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002D57000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll
Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002DC9000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll
Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: api-ms-win-core-file-l1-2-0.dll
Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: api-ms-win-core-memory-l1-1-0.dll
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Services\Kinesis\obj\AWSSDK.Kinesis.Net45\Release\net45\AWSSDK.Kinesis.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Kinesis.dll
Source: Binary string: concrt140.i386.pdbGCTL source: concrt140.dll
Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: api-ms-win-core-debug-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\DetectManagerWrapper\bin\Razer.DetectManagerWrapper.pdb source: Razer.DetectManagerWrapper.dll
Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C72000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C84000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll
Source: Binary string: C:\Users\shikang.neoh\Desktop\cpprestsdk-master\Binaries\Win32\Release\cpprest140_2_10.pdb source: cpprest140_2_10.dll
Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: api-ms-win-crt-filesystem-l1-1-0.dll
Source: Binary string: C:\projects\msgpack-cli-x2p85\src\MsgPack\obj\Release\net46\MsgPack.pdb0w source: RazerInstaller.exe
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Services\Kinesis\obj\AWSSDK.Kinesis.Net45\Release\net45\AWSSDK.Kinesis.pdbSHA256 source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, AWSSDK.Kinesis.dll
Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: api-ms-win-crt-stdio-l1-1-0.dll
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Core\obj\Release\Microsoft.WindowsAPICodePack.pdb source: RazerInstaller.exe
Source: Binary string: C:\Kat\source_git\synapse3_tools\BLEConnect\Release\BLEConnectWrapper.pdb source: BLEConnectWrapper.dll
Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: api-ms-win-core-heap-l1-1-0.dll
Source: Binary string: C:\Kat\source_git\synapse3_tools\BLEConnect\BLEConnect\obj\Release\BLEConnect.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E7C000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4633981753.000000000A6C2000.00000002.00000001.01000000.0000001B.sdmp, BLEConnect.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.UnityExtensions\obj\Release\Microsoft.Practices.Prism.UnityExtensions.pdb source: RazerInstaller.exe
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\SafeExtractor\Release\SafeExtractor.pdb source: RazerSynapseInstaller_V1.19.0.635.exe
Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CB9000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CA6000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll
Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: api-ms-win-core-synch-l1-1-0.dll
Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: api-ms-win-crt-environment-l1-1-0.dll
Source: Binary string: vcruntime140.i386.pdbGCTL source: RazerInstaller.exe, 00000004.00000002.4679384728.00000000698D1000.00000020.00000001.01000000.00000014.sdmp, vcruntime140.dll.tmp.3.dr
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\InstallerCleaner\obj\Release\RazerInstallerCleaner.pdb source: Razer.RazerInstallerCommon.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.Interactivity\obj\Release\Microsoft.Practices.Prism.Interactivity.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: api-ms-win-core-errorhandling-l1-1-0.dll
Source: Binary string: /_/src/NLog/obj/Release/net46/NLog.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, NLog.dll
Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: api-ms-win-core-processthreads-l1-1-0.dll
Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: api-ms-win-core-console-l1-1-0.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.Interactivity\obj\Release\Microsoft.Practices.Prism.Interactivity.pdbh<~< p<_CorDllMainmscoree.dll source: RazerInstaller.exe
Source: Binary string: e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: api-ms-win-crt-private-l1-1-0.dll
Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: api-ms-win-core-file-l1-1-0.dll
Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: api-ms-win-crt-convert-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\DetectManagerWrapper\bin\Razer.DetectManagerWrapper.pdb$$ source: Razer.DetectManagerWrapper.dll
Source: Binary string: C:\Dev\LightweightInstaller\3rd Party\DotNetZip\DotNetZip\Zip\obj\Release\Ionic.Zip.pdb source: RazerInstaller.exe
Source: Binary string: msvcp140.i386.pdb source: RazerInstaller.exe, 00000004.00000002.4678592386.0000000069861000.00000020.00000001.01000000.00000015.sdmp, msvcp140.dll.tmp.3.dr
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism.UnityExtensions\obj\Release\Microsoft.Practices.Prism.UnityExtensions.pdb|[ source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: api-ms-win-core-profile-l1-1-0.dll
Source: Binary string: c:\tfs\EL\V5-SL\UnityTemp\Compile\Unity\Unity.Configuration\Src\obj\Release\Microsoft.Practices.Unity.Configuration.pdb source: RazerInstaller.exe
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdbpZ source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: api-ms-win-crt-time-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\RazerInstallerApp\obj\x86\Release\RazerInstaller.pdb source: RazerInstaller.exe
Source: Binary string: C:\Kat\source_git\driver3\RzMiddleWare\Release\rzS3detmgr.pdb__/ source: RazerInstaller.exe, 00000004.00000002.4678258175.000000006926D000.00000002.00000001.01000000.00000017.sdmp, rzS3detmgr.dll.tmp.3.dr
Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: api-ms-win-core-handle-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\RazerInstallerCommon\obj\x86\Release\Razer.RazerInstallerCommon.pdb source: Razer.RazerInstallerCommon.dll
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: RazerInstaller.exe
Source: Binary string: C:\projects\msgpack-cli-x2p85\src\MsgPack\obj\Release\net46\MsgPack.pdb source: RazerInstaller.exe
Source: Binary string: c:\Code\Codeplex\Bootstrapper\Core\Bootstrapper\obj\Release\Bootstrapper.pdb source: RazerInstaller.exe
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: RazerInstaller.exe
Source: Binary string: c:\Code\Codeplex\Bootstrapper\Extensions\Bootstrapper.Unity\obj\Release\Bootstrapper.UnityExtension.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: api-ms-win-core-synch-l1-2-0.dll
Source: Binary string: c:\Code\Codeplex\Bootstrapper\Core\Bootstrapper\obj\Release\Bootstrapper.pdbt source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll
Source: Binary string: c:\prj\PrismNew\Prism4\WorkingDir\PrismLibraryBuild\PrismLibrary\Desktop\Prism\obj\Release\Microsoft.Practices.Prism.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: api-ms-win-core-datetime-l1-1-0.dll
Source: Binary string: C:\jenkins\workspace\CommonTools\Natasha_Master\Updater\UpdateUtility\obj\x86\Release\UpdateUtility.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CC1000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002CD3000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll
Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: api-ms-win-crt-math-l1-1-0.dll
Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll
Source: Binary string: C:\Kat\source_git\driver3\RzMiddleWare\Release\rzS3detgmr_CWrapper.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002A62000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002A75000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Core\obj\Release\Microsoft.WindowsAPICodePack.pdb, source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: api-ms-win-core-processthreads-l1-1-1.dll
Source: Binary string: c:\Users\Aybe\Documents\GitHub\Windows API Code Pack 1.1\source\WindowsAPICodePack\Shell\obj\Release\Microsoft.WindowsAPICodePack.Shell.pdb source: RazerInstaller.exe
Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: api-ms-win-core-namedpipe-l1-1-0.dll
Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: api-ms-win-crt-multibyte-l1-1-0.dll
Source: Binary string: vcruntime140.i386.pdb source: RazerInstaller.exe, 00000004.00000002.4679384728.00000000698D1000.00000020.00000001.01000000.00000014.sdmp, vcruntime140.dll.tmp.3.dr
Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: api-ms-win-crt-utility-l1-1-0.dll
Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: api-ms-win-core-rtlsupport-l1-1-0.dll
Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002C8C000.00000004.00000800.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll
Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: api-ms-win-core-string-l1-1-0.dll
Source: Binary string: msvcp140.i386.pdbGCTL source: RazerInstaller.exe, 00000004.00000002.4678592386.0000000069861000.00000020.00000001.01000000.00000015.sdmp, msvcp140.dll.tmp.3.dr
Source: Binary string: C:\Kat\source_git\synapse3_tools\BLEConnect\Release\BLEConnectWrapper.pdb%% source: BLEConnectWrapper.dll
Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: api-ms-win-core-file-l2-1-0.dll
Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: api-ms-win-crt-process-l1-1-0.dll
Source: Binary string: C:\Kat\source_git\driver3\RzMiddleWare\Release\rzS3detmgr.pdb source: RazerInstaller.exe, 00000004.00000002.4678258175.000000006926D000.00000002.00000001.01000000.00000017.sdmp, rzS3detmgr.dll.tmp.3.dr
Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: api-ms-win-core-libraryloader-l1-1-0.dll
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\obj\AWSSDK.Core.Net45\Release\net45\AWSSDK.Core.pdb source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dll
Source: Binary string: c:\tfs\EL\V5-SL\UnityTemp\Compile\Unity\Unity\Src\obj\Release\Microsoft.Practices.Unity.pdb source: RazerInstaller.exe
Source: Binary string: c:\Projects\CommonServiceLocator\main\Microsoft.Practices.ServiceLocation.PortableClassLibrary\obj\Release\Microsoft.Practices.ServiceLocation.pdb source: RazerInstaller.exe
Source: Binary string: concrt140.i386.pdb source: concrt140.dll
Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: api-ms-win-core-interlocked-l1-1-0.dll
Source: Binary string: /_/src/NLog/obj/Release/net46/NLog.pdbSHA256OY source: RazerInstaller.exe, 00000003.00000002.4606359057.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, NLog.dll
Source: Binary string: D:\JenkinsWorkspaces\trebuchet-stage-release\AWSDotNetPublic\sdk\src\Core\obj\AWSSDK.Core.Net45\Release\net45\AWSSDK.Core.pdbSHA256 source: RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E60000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.0000000002E4D000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dll
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb( source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4FA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins\workspace\CommonTools\RazerInstaller_Master\RazerInstallerApp\obj\x86\Release\RazerInstaller.pdbT source: RazerInstaller.exe
Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: api-ms-win-crt-heap-l1-1-0.dll
Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: api-ms-win-crt-string-l1-1-0.dll
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: RazerSynapseInstaller_V1.19.0.635.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

barindex
.NET source code contains potential unpacker
Source: RazerInstaller.exe.0.dr, CommandLineSelfExtractor.cs.Net Code: Resolver System.Reflection.Assembly.Load(byte[])
Source: AWSSDK.Core.dll.tmp.3.drStatic PE information: 0xCACE5C57 [Wed Oct 27 00:54:47 2077 UTC]
Source: msvcp140.dll.tmp.3.drStatic PE information: section name: .didat
Source: RazerInstaller.exe.0.drStatic PE information: section name: .text entropy: 6.810903694263103

Persistence and Installation Behavior

barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeExecutable created and started: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeJump to behavior
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeExecutable created and started: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\concrt140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\NLog.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\concrt140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\msvcp140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeFile created: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\NLog.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\msvcp140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\concrt140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\NLog.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\concrt140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\msvcp140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exeFile created: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\NLog.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\msvcp140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeFile created: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\ProgramData\Razer\Installer\Logs\RazerInstaller.logJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile created: C:\ProgramData\Razer\Installer\Logs\RazerInstaller-cb19c464-e8c4-429d-93f5-55093fee4228.logJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeMemory allocated: D30000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeMemory allocated: 1A930000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeMemory allocated: E10000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeMemory allocated: 49E0000 memory reserve | memory write watchJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeWindow / User API: threadDelayed 3286Jump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeWindow / User API: threadDelayed 6480Jump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\NLog.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\NLog.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll.tmpJump to dropped file
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeDropped PE file which has not been started: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll (copy)Jump to dropped file
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe TID: 5756Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe TID: 6432Thread sleep time: -14757395258967632s >= -30000sJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe TID: 6432Thread sleep time: -100000s >= -30000sJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystemProduct
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeThread delayed: delay time: 100000Jump to behavior
Source: RazerInstaller.exe, 00000003.00000002.4603588893.0000000000BB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: RazerInstaller.exe, 00000004.00000002.4642066803.000000000C506000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4FA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: RazerInstaller.exe, 00000004.00000002.4603500780.0000000000B6B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeProcess token adjusted: Debug
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeProcess created: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe "C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe" Jump to behavior
Source: C:\Windows\Installer\Razer\Installer\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\RazerInstaller.exe VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\System32\WinMetadata\Windows.Devices.winmd VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\System32\WinMetadata\Windows.Foundation.winmd VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8DBD.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E1F.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E0D.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E1E.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E30.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8DFC.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E20.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E41.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E43.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E42.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E45.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E44.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF9810.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFEF37.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\6aeeee0f40118daff6219b7498284665_RazerCortex.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8EA3.tmp VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\d213d4ba8f28ea5806e21e946e9cd2ec_AxonLWI00.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\d213d4ba8f28ea5806e21e946e9cd2ec_AxonLWI00.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeQueries volume information: C:\Windows\Installer\Razer\Installer\App\ImageCache\d213d4ba8f28ea5806e21e946e9cd2ec_AxonLWI00.png VolumeInformationJump to behavior
Source: C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		121
Masquerading		OS Credential Dumping11
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
Virtualization/Sandbox Evasion		Security Account Manager41
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
Software Packing		Cached Domain Credentials23
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
RazerSynapseInstaller_V1.19.0.635.exe0%ReversingLabs
RazerSynapseInstaller_V1.19.0.635.exe0%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\NLog.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\NLog.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll (copy)4%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll.tmp4%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmp0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll (copy)0%ReversingLabs
C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
discovery.razerapi.com0%VirustotalBrowse
manifest.razerapi.com0%VirustotalBrowse
u05srooyhc.execute-api.us-east-1.amazonaws.com0%VirustotalBrowse
assets2.razerzone.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://schemas.xmlsoap.org/soap/encoding/0%URL Reputationsafe
http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
https://www.newtonsoft.com/jsonschema0%URL Reputationsafe
http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
u05srooyhc.execute-api.us-east-1.amazonaws.com
99.86.4.106
truefalseunknown
discovery.razerapi.com
unknown
unknownfalseunknown
manifest.razerapi.com
unknown
unknownfalseunknown
assets2.razerzone.com
unknown
unknownfalseunknown
synapse-3-webservice.razerzone.com
unknown
unknownfalse
    		unknown
    cdn.razersynapse.com
    		unknown
    		unknownfalse
      		unknown
      deals-assets-cdn.razerzone.com
      		unknown
      		unknownfalse
        		unknown
        assets.razerzone.com
        		unknown
        		unknownfalse
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://DotNetZip.codeplex.com/RazerInstaller.exe, 00000003.00000000.2132113852.0000000000552000.00000002.00000001.01000000.00000005.sdmp, RazerSynapseInstaller_V1.19.0.635.exe, RazerInstaller.exe.0.drfalse
            		unknown
            https://deals-assets-cdn.razerzone.com/download/lwi/880_500_GER.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
              		unknown
              https://cdn.razersynapse.com/1718868442PNDrFGTfRazerCentral_v7.16.0.695.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                https://deals-assets-cdn.razerzone.com/download/lwi/880_500_US.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                  		unknown
                  https://cdn.razersynapse.com/1713509834mVPLCvYPTHXSpatialAudioSetup-v2.0.1.15.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                    		unknown
                    https://deals-assets-cdn.razerzone.com/download/RAZERAXON/RAZERAXONlogo.pngb8RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://synapse-3-webservice.razerzone.com/dongleV2.json$RazerInstaller.exe, 00000004.00000002.4642066803.000000000C7A2000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        https://deals-assets-cdn.razerzone.com/download/Cortex10/RazerCortex.pngRazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          https://synapse-3-webservice.razerzone.com/PatchExceptionalEID.jsonrzS3detmgr.log.4.drfalse
                            		unknown
                            http://assets2.razerzone.comdRazerInstaller.exe, 00000004.00000002.4652946911.000000000DD7D000.00000004.00000800.00020000.00000000.sdmpfalse
                              		unknown
                              http://www.razer.com/sw-eulaRazer.RazerInstallerCommon.dllfalse
                                		unknown
                                https://assets.razerzone.com/images/software/synapse/alexa.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4642066803.000000000C4DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://deals-assets-cdn.razerzone.com/download/lwi/880_500_FRN.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://assets.razerzone.com/images/software/lwi/LWI-SophiePro-6.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://logging.apache.org/log4net/release/faq.html#trouble-EventLogRazerInstaller.exefalse
                                        		unknown
                                        http://www.razerzone.com/synapseRazer.RazerInstallerCommon.dllfalse
                                          		unknown
                                          https://nlog-project.org/NLog.dllfalse
                                            		unknown
                                            https://www.razer.com/chroma-workshop/connected-devicesRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://cdn.razersynapse.com/1727968071MLoJOfqRRazerStringTranslationsSetup_v3.9.1008.100321.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://deals-assets-cdn.razerzone.com/download/cortex_test_update/cortex-white.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://twitter.com/intent/follow?screen_name=RazerRazer.RazerInstallerCommon.dllfalse
                                                    		unknown
                                                    http://169.254.170.2aUnableRazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllfalse
                                                      		unknown
                                                      http://scripts.sil.org/OFLRazerF5ThinItalicRazer.RazerInstallerCommon.dllfalse
                                                        		unknown
                                                        https://cdn.razersynapse.com/1700202653705F2WD7StreamerCompanionAppSetup-v2.0.1.12.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://synapse-3-webservice.razerzone.com/AllSystems.jsonrzS3detmgr.log.4.drfalse
                                                            		unknown
                                                            https://synapse-3-webservice.razerzone.com/dummyProt.jsonGRazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://razer.com/softwareRazer.RazerInstallerCommon.dllfalse
                                                                		unknown
                                                                https://assets2.razerzone.com/images/razer-synapse/light_synapse.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://deals-assets-cdn.razerzone.com/download/lwi/880_500_SPN.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    http://www.codeplex.com/CompositeWPFRazerInstaller.exefalse
                                                                      		unknown
                                                                      https://cdn.razersynapse.com/1706157786vdp2jgQMRazerAlexaSetup_v3.9.0131.012511.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://assets2.razerzone.com/images/razer-synapse/lifestyle_chroma_studio.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://assets2.razerzone.com/images/synapse/virtualringlight.pngCRazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://defaultcontainer/Razer.RazerInstallerCommon;component/controls/showallmodule.xamldRazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://assets.razerzone.com/images/software/synapse/alexa.png4RazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://assets.razerzone.comRazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_RUS.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_CHT.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://assets.razerzone.com/images/software/lwi/LWI-chroma-connect.png/NRazerInstaller.exe, 00000004.00000002.4630661650.00000000068C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://deals-assets-cdn.razerzone.com/download/RAZERAXON/AxonLWI00.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4642066803.000000000C815000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://cdn.razersynapse.com/1721957254i4DoSkIvRazerSynapseConfigurationDataSetup_v3.9.0806.072600.eRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_GER.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://rzr.to/synapse3RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://ip-ranges.amazonaws.com/ip-ranges.jsonRazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllfalse
                                                                                                  		unknown
                                                                                                  https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-jsonRazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllfalse
                                                                                                    		unknown
                                                                                                    https://cdn.razersynapse.com/1713511449gj1UXRTEVirtualRingLight-v2.0.0.24.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://assets2.razerzone.comRazerInstaller.exe, 00000004.00000002.4652946911.000000000DD7D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://scripts.sil.org/OFLRazerF5SemiBoldRazer.RazerInstallerCommon.dllfalse
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          https://synapse-3-webservice.razerzone.com/RazerInstaller.exe, 00000004.00000002.4630661650.00000000069C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://www.codeplex.com/prism#Microsoft.Practices.Prism.ViewModelRazerInstaller.exefalse
                                                                                                              		unknown
                                                                                                              https://assets.razerzone.com/images/software/lwi/LWI-SophiePro-5.pngRazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://deals-assets-cdn.razerzone.com/download/lwi/880_500_CHS.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.htmlAWSSDK.Core.dllfalse
                                                                                                                    		unknown
                                                                                                                    https://www.razer.com/sg-en/thx-spatial-audioRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_JPN.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://schemas.xmlsoap.org/soap/encoding/RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://microsoft.coRazerInstaller.exe, 00000004.00000002.4642066803.000000000C611000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://discovery.razerapi.com:https://manifest.razerapi.comRazerInstaller.exefalse
                                                                                                                            		unknown
                                                                                                                            https://www.razer.com/synapse-redirectRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://assets.razerzone.com/eeimages/categories/14594/razer-gaming-softwares-category-comms-usp.pngRazer.RazerInstallerCommon.dllfalse
                                                                                                                                		unknown
                                                                                                                                https://synapse-3-webservice.razerzone.com/AllSystems.jsonYRazerInstaller.exe, 00000004.00000002.4642066803.000000000C522000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  https://cdn.razersynapse.com/1660119346OLtIZnKORazerSynapseDependenciesSetup_v3.7.0830.1.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_FRN.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://assets.razerzone.com/images/software/lwi/LWI-SophiePro-1.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://assets2.razerzone.com/images/synapse/virtualringlight.pngQRazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_CHS.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://synapse-3-webservice.razerzone.com/PatchExceptionalEID.jsonvCRazerInstaller.exe, 00000004.00000002.4630661650.000000000685F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://www.nuget.org/packages/NLog.Web.AspNetCoreRazerInstaller.exe, 00000003.00000002.4606359057.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000003.00000002.4606359057.00000000029B1000.00000004.00000800.00020000.00000000.sdmp, NLog.dllfalse
                                                                                                                                                		unknown
                                                                                                                                                http://assets2.razerzone.com/images/razer-synapse/dark_macros.pngRazerInstaller.exe, 00000004.00000002.4642066803.000000000C708000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://synapse-3-webservice.razerzone.com/dockEID.json1RazerInstaller.exe, 00000004.00000002.4642066803.000000000C737000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://cdn.razersynapse.com/1721961508TRIMuqXZRazerChromaBroadcasterSetup_v3.9.0806.072610.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://cdn.razersynapse.com/1676531804G7ekRXhnRzGMS_Setup_V2.3.160.119.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_POB.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://assets.razerzone.com/images/software/lwi/LWI-SophiePro-5.pngHRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://deals-assets-cdn.razerzone.com/download/lwi/880_500_CHT.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://deals-assets-cdn.razerzone.com/download/lwi/axon/LWIRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                http://schemas.xmlsoap.org/wsdl/RazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://www.newtonsoft.com/jsonschemaRazerInstaller.exefalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.apache.org/licenses/LICENSE-2.0RobotoRazer.RazerInstallerCommon.dllfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://deals-assets-cdn.razerzone.com/download/lwi/880_500_POB.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    https://cdn.razersynapse.com/1718863664EiZeyh8ZRazerChromaStudioSetup_v3.9.0630.062001.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://assets2.razerzone.comRazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://www.razerzone.com/cortexRazer.RazerInstallerCommon.dllfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://deals-assets-cdn.razerzone.com/download/lwi/880_500_RUS.webpRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://deals-assets-cdn.razerzone.com/download/RAZERAXON/RAZERAXONlogo.pngEKRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://synapse-3-webservice.razerzone.com/AllSystems.json)RazerInstaller.exe, 00000004.00000002.4642066803.000000000C522000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://synapse-3-webservice.razerzone.com/dockEID.jsonRRazerInstaller.exe, 00000004.00000002.4642066803.000000000C737000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://www.razer.com/chromaRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://www.codeplex.com/prism:Microsoft.Practices.Prism.Interactivity.InteractionRequestRazerInstaller.exefalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://cdn.razersynapse.com/1697631427Qv8gmMqvRazerAudioVisualizerSetup_v3.8.1030.101819.exeRazerInstaller.exe, 00000004.00000002.4607937158.0000000002E89000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_KOR.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_US.pngRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://169.254.170.2RazerInstaller.exe, 00000004.00000002.4637824810.000000000BA32000.00000002.00000001.01000000.00000012.sdmp, AWSSDK.Core.dllfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://scripts.sil.org/OFLRazerF5LightItalicRazer.RazerInstallerCommon.dllfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://deals-assets-cdn.razerzone.com/download/lwi/cortex/880_500_RUS.pngIaRazerInstaller.exe, 00000004.00000002.4607937158.0000000002ECF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://www.razer.com/synapseRazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://scripts.sil.org/OFLRazerF5SemiBoldItalicRazer.RazerInstallerCommon.dllfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://assets.razerzone.com/images/software/lwi/LWI-SophiePro-4.pngRazerInstaller.exe, 00000004.00000002.4607937158.00000000033B0000.00000004.00000800.00020000.00000000.sdmp, RazerInstaller.exe, 00000004.00000002.4607937158.00000000029E1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://schemas.xmlsoap.org/soap/envelope/NLog.dllfalse
                                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                        99.86.4.106
                                                                                                                                                                                                        		u05srooyhc.execute-api.us-east-1.amazonaws.comUnited States
                                                                                                                                                                                                        		16509AMAZON-02USfalse

                                                                                                                                                                                                        General Information

                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                        Analysis ID:1538470
                                                                                                                                                                                                        Start date and time:2024-10-21 11:20:41 +02:00
                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                        Overall analysis duration:0h 9m 12s
                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                        Number of analysed new started processes analysed:10
                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                        Sample name:RazerSynapseInstaller_V1.19.0.635.exe
                                                                                                                                                                                                        Detection:SUS
                                                                                                                                                                                                        Classification:sus24.evad.winEXE@6/236@24/1
                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 2.19.126.159, 2.19.126.154, 2.19.126.156, 2.19.126.137, 2.19.126.132, 2.19.126.158, 104.18.34.121, 172.64.153.135, 2.19.126.146, 2.19.126.148, 2.19.126.142, 2.19.126.151, 2.19.126.136
                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): discovery.razerapi.com.edgesuite.net.globalredir.akadns.net, slscr.update.microsoft.com, cdn.razersynapse.com.cdn.cloudflare.net, manifest.razerapi.com.edgesuite.net, a1936.d.akamai.net, a1958.d.akamai.net, a1825.d.akamai.net, ocsp.digicert.com, assets.razerzone.com.edgesuite.net, synapse-3-webservice.razerzone.com.edgesuite.net, a1811.dscd.akamai.net, client.wns.windows.com, fs.microsoft.com, assets2.razerzone.com.edgesuite.net, otelrules.azureedge.net, assets.razerzone.com.edgesuite.net.globalredir.akadns.net, ctldl.windowsupdate.com, assets2.razerzone.com.edgesuite.net.globalredir.akadns.net, a1944.d.akamai.net, fe3cr.delivery.mp.microsoft.com, a1831.d.akamai.net, manifest.razerapi.com.edgesuite.net.globalredir.akadns.net, deals-assets-cdn.razerzone.com.edgesuite.net, discovery.razerapi.com.edgesuite.net, deals-assets-cdn.razerzone.com.edgesuite.net.globalredir.akadns.net
                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                        05:21:40API Interceptor11551290x Sleep call for process: RazerInstaller.exe modified

                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                        IPs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        99.86.4.106ea12a39b.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          Media24.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            https://8sxi.icablian.com/18hWIb/Get hashmaliciousHTMLPhisherBrowse

                                                                                                                                                                                                              Domains

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              AMAZON-02UShttps://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 3.5.132.70
                                                                                                                                                                                                              https://s3.us-east-2.amazonaws.com/revealedgceconomies/vdiq197yvi/ImgBurn_822881.exe?Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 52.219.179.49
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                              • 52.222.236.23
                                                                                                                                                                                                              http://www.5movierulz.momGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.245.46.34
                                                                                                                                                                                                              http://google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.238.171.108
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                              • 52.222.236.80
                                                                                                                                                                                                              https://cambridge.pl/testy-poziomujaceGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 18.244.18.53
                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                              • 52.222.236.23
                                                                                                                                                                                                              https://app.creatopy.com/share/d/qvnqyxdo8o7mGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 13.224.189.111
                                                                                                                                                                                                              rDebitadvice22_10_2024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                              • 76.223.105.230

                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eSpedizione.vbsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              FACTURA DE PAGO.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              PAGO FRAS. AGOSTO 2024..exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              https://weiderergmbh-my.sharepoint.de/:o:/g/personal/s_kreuzer_luxapark_de/En8ihQEtXF1HtuEzkWTEmvQBXZUe8GC_guY4c0qSMi2Czg?e=5%3aJCIXIb&at=9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              rIMG465244247443GULFORDEROpmagasinering.cmdGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              Documenti di spedizione.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              RFQ-KTE-07102024.pdf.scrGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              rRFQ24201007_pdf.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              http://heks.egrowbrands.com/lopsa/67057a2256a25_SwiftKey.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 99.86.4.106
                                                                                                                                                                                                              http://lide.omernisar.com/lopsa/66daf6d8ac980_PeakSports.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              • 99.86.4.106

                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                              No context

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\ProgramData\Razer\Installer\Logs\RazerInstaller-cb19c464-e8c4-429d-93f5-55093fee4228.log

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:CSV text
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13094
                                                                                                                                                                                                              Entropy (8bit):5.290693133851503
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:xzcvWR/Kn3Iwvxg6SCWOxNGmJea9m0vkPmzmqNGe6W+NGe6WQeNGe6WYGe6WS:xc3eRCpJe56ke6ifCfDfcfG
                                                                                                                                                                                                              MD5:26C6C96B075431F144670111BB1ED699
                                                                                                                                                                                                              SHA1:C7DC24CF8ED9B040677549DC1ACE6D216D82E90A
                                                                                                                                                                                                              SHA-256:719C45B33BF0C475BC0ECEF91395C639AFF1C8F583546800B34CE0CA8146D474
                                                                                                                                                                                                              SHA-512:EBABBC3A876BED0EFA59983B741A6F6D7B82A21D76D71BB5ABB8E200B2EDB8B46F120324BF1A178EC4BFAA741F70176171221D757C5C46E4F29E2F53D800562D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:2024-10-21 05:21:40,340 [1] INFO RazerInstaller [(null)] - Razer Installer (Install Mode) Version: 1.19.0.635..2024-10-21 05:21:40,356 [1] INFO RazerInstaller [(null)] - Culture: en-CH..2024-10-21 05:21:40,372 [1] INFO RazerInstaller [(null)] - Working directory: C:\Windows\Installer\Razer\Installer\App..2024-10-21 05:21:40,372 [1] INFO RazerInstaller [(null)] - Files in directory:..2024-10-21 05:21:40,372 [1] INFO RazerInstaller [(null)] - C:\Windows\Installer\Razer\Installer\App\AllSystems.json..2024-10-21 05:21:40,372 [1] INFO RazerInstaller [(null)] - C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll..2024-10-21 05:21:40,372 [1] INFO RazerInstaller [(null)] - C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll..2024-10-21 05:21:40,418 [1] INFO RazerInstaller [(null)] - C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll..2024-10-21 05:21:40,418 [1] INFO RazerInstaller [(null)] - C:\Windows\Installer\R

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\6ATIQPJI\PatchExceptionalEID[1].json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):131
                                                                                                                                                                                                              Entropy (8bit):3.3536071292473113
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:6eovX1MBHtcTY/FCshN/NSN7co/X1MBHtUStshN/NIFtFtkn:6eovXGB8Y/YAN/NSN7Z/XGBbAN/NaFtk
                                                                                                                                                                                                              MD5:1A102291D5EB3146FFD0BE2969EE0EAE
                                                                                                                                                                                                              SHA1:F35B9158D851D1FFE1A5DFDE74CFECD2EC2BAD94
                                                                                                                                                                                                              SHA-256:0F667D54883D3BA72A8A0CFA864431F79D74905E92976BE0611706B1191C3C45
                                                                                                                                                                                                              SHA-512:56A987B077F88F0806B7DAF1EDA464FC393279A48859ABED0B6ED942056E0D8F3BACDAC7FBDCC40362FD1ADD47D6D81C7B9559083A567D37365C1B275C44E017
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:[ {.. "pid": 96,.. "EID": [.. 145.. ].. },.. {.. "pid": 178,.. "EID": [.. 145,.. 146.. ].. }]..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\dongleV2[1].json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):295
                                                                                                                                                                                                              Entropy (8bit):4.396580116389276
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:C/y//2z+g//2vHg//24y//23an//2cBG8y/H0H2cLBy/H0H2t/aF66j:C/G/M/Q8/fG/h//fjGH0HfL0H0Hsa1
                                                                                                                                                                                                              MD5:60D1685C219502B67F777E6322E39DA6
                                                                                                                                                                                                              SHA1:07FCA7B5A4D379E7EB244E4578C132D2C285546B
                                                                                                                                                                                                              SHA-256:FE8BE471FA6BBD88D62B4C9C1305DCCAD43FEEF8C7E6E303F7A06EA7A383C073
                                                                                                                                                                                                              SHA-512:07E3CD2A29E65ED4CBC575A5424BD92075F2E2FC2D6049D50631B4A66AC6472305DCBA3FF3018501E5B5E5677DBF563BA16C8A072AF3773AB2E074FC0E63DECC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:[{"pid":604, "cmdSteer":128},.. {"pid":625, "cmdSteer":128},.. {"pid":635, "cmdSteer":128},.. {"pid":656, "cmdSteer":128},.. {"pid":662, "cmdSteer":128},.. {"pid":164, "cmdSteer":224},.. {"pid":179, "cmdSteer":224},.. {"pid":698, "cmdSteer":128}].......................... .. .. .. ....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\systems[1].json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):495
                                                                                                                                                                                                              Entropy (8bit):3.99753712005902
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:F9b+bVH4NIjbfJo2b9bHoYbu8HkIQHbkbRICZHbEbp9y1bwHc5CHYqHz+J1:cC7kJ1q01
                                                                                                                                                                                                              MD5:775C312110D971862864B91A2379794A
                                                                                                                                                                                                              SHA1:B5A7A80EBD352FD45493F3968EBB2C7735FECB11
                                                                                                                                                                                                              SHA-256:2F2541706F13FD6D3EAAD2628F7B4FA35F0648822EDACB8B92D04CEA42FC5537
                                                                                                                                                                                                              SHA-512:3C3428222FEEF08D3BE3896CCFA72A1AE6EE0CB06E9C11F005439041E3F8AB9263A07F04A6C054E0D82EDABD48AEF9A68ECC45E3FAD8803DDE365E668F9B58FF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:[{"pid":569},.. {"pid":586},.. {"pid":594},.. {"pid":601},.. .. {"pid":570},.. {"pid":581},.. {"pid":587},.. {"pid":589},.. {"pid":595},.. {"pid":612},.. {"pid":630},.. .. {"pid":582},.. {"pid":597},.. {"pid":613},.. .. {"pid":564},.. {"pid":588},.. {"pid":598},.. {"pid":611}, .. .. {"pid":616}, .. {"pid":618},.. {"pid":652},.. {"pid":650},.. {"pid":671},.. {"pid":672},.. {"pid":669},.. {"pid":694},.. {"pid":695},.. {"pid":696}]........................................ .. .. .. ....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\AllSystems[1].json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):707
                                                                                                                                                                                                              Entropy (8bit):4.058719365589285
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:F9b+bVH4NIjbfJo2b9bHoYbu8HkIQHbkbRICZHbEbp9y1bwHc5CH0Tmcy2T9DIHN:cC7kJ1NmcyKUoh4Ga
                                                                                                                                                                                                              MD5:60174D20C177137F40F105103494955D
                                                                                                                                                                                                              SHA1:9F416A3648838B6B22A51F6B77EBB4A40AF282CF
                                                                                                                                                                                                              SHA-256:AE1FDC5F37E9A8382DC4E114F633612DBEE04ECBB46AB86C0D1A39BDD8C3E527
                                                                                                                                                                                                              SHA-512:477378DD6533B32A5AE3B069B3EBA9C097D53F5C5AA827BA2111F52F38EADA730000DF6E14F0D4C1950798D4BBD66946CFCFF76468E4EDAB3ECC553E29AAB161
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:[{"pid":569},.. {"pid":586},.. {"pid":594},.. {"pid":601},.. .. {"pid":570},.. {"pid":581},.. {"pid":587},.. {"pid":589},.. {"pid":595},.. {"pid":612},.. {"pid":630},.. .. {"pid":582},.. {"pid":597},.. {"pid":613},.. .. {"pid":564},.. {"pid":588},.. {"pid":598},.. {"pid":611}, .. .. {"pid":616}, .. {"pid":618},.. {"pid":652},.. {"pid":650},.. {"pid":671},.. {"pid":672},.. {"pid":669},.... { "pid": 527 },.. { "pid": 548 },.. { "pid": 549 },.. { "pid": 576 },.. { "pid": 596 },.. { "pid": 645 },.. { "pid": 670 },.. .. {"pid":563},.. {"pid":571},.. {"pid":621},.. {"pid":622},.. {"pid":623},.. {"pid":624},.. {"pid":633},.. {"pid":634},.. {"pid":651},.. {"pid":694},.. {"pid":695},.. {"pid":696}]..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BLNS00AZ\dockEID[1].json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):108
                                                                                                                                                                                                              Entropy (8bit):3.2006807004351225
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:EcfmBcnhvOmBcB4o0F66jn:Bf2chvO2cBmF66j
                                                                                                                                                                                                              MD5:0BA7699B22971832FB281493DB7C4545
                                                                                                                                                                                                              SHA1:84E905AA566BAA398CD42B62670E438986559F84
                                                                                                                                                                                                              SHA-256:9C27C8E8AF9DB9C93BDEC5981E8348758B8DE6D21F7DA7FD196F88E440C89561
                                                                                                                                                                                                              SHA-512:7DBB7C75AEC1FAC2C83F9084368291508CFFA5B6A8217C258C90B01B2908881B5F226AB4229F2C87A30529208FED2A344397F7843DE010BB2553B38A477E7A3D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:[{"pid":185},.. {"pid":171},.. {"pid":183}].......................................... .. .. .. ....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\dummyProt[1].json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):77
                                                                                                                                                                                                              Entropy (8bit):2.5388201338542005
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Ee0JvAF66jn:D0JvAF66j
                                                                                                                                                                                                              MD5:32A494AA96AEB6A5DE217B3DCE460C3A
                                                                                                                                                                                                              SHA1:6F25AF72B649C174CF8357FC24B727D11EDCF875
                                                                                                                                                                                                              SHA-256:731B66B46AE9477920E21E26F4E30FBB9E2E24BC135A0811568254D23598CE9B
                                                                                                                                                                                                              SHA-512:EB0C39951B79A8684153881881089AF50D7FBB7A423E8CBEFDA226D895420ADEF80A9166D11111F74F4FF520416A2A1E918D842456AE4D6C160BB49AA6F56491
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview:[{"pid":3337}]........................................ .. .. .. ....

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF1093.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26472
                                                                                                                                                                                                              Entropy (8bit):7.919001815936157
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c+uRfNk88R30MEAbRrBmVfiikffpbrFMvlg0fMez0BgVPhPTUGY6CY2:cXs0DGgfi1VB0iAMez0eVFUGY11
                                                                                                                                                                                                              MD5:D213D4BA8F28EA5806E21E946E9CD2EC
                                                                                                                                                                                                              SHA1:EDCAE15D0B9833CF2AED26FFDAC2B5CF90B869AD
                                                                                                                                                                                                              SHA-256:4E29C0D3FABE8FE0481EA7B5E2F8E3B19397C16C1B05B1AA81382857B5E797D3
                                                                                                                                                                                                              SHA-512:9F1A22A259F1FC63D4042DE6A7584FECDA996A252EC3F767553EB1675335C09E778FECFA2E8C265E93B771533117B449DFD706E48C7BC09529688AFCEC7F3E11
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........pHYs.................sRGB.........gAMA......a...f.IDATx....$.Y...we.GW..==.=...iF=.H.O.!...%.,k...`.....5.]..Z...Y.gm|..#.. ...H.IT...z..3===}Vu]Y..wfD|../"2#.2......f.#2......_.........................................................>2==............gQ.....pg.......=KP.t.8.z. ........@<.KD.@......vB...O.)..4.Jxl'.yz.....]^+..........D..[.... 0.bGn.L.t............L.)Tv"z...NP...@.u..P'..M.f;..b............%..-.P.P.'_(t....;]..5...s5m........m9?...... .:]..)...`...M]...8......*.6.|..o]P.../.Z.NP..... f6..6....~.....?...p....)zj.........).. ..M..&!."% x..m.A.qXP..s.\..Z/..].sO.:..w..V...m...>.Q.o...s.?K.g#$U........0..!..y...we......z<..Y.u:.....6./$X\..+L....(..tU.9f.#..U.-..Z>.. ..G..b..k....M..4S.7.V.......6. .....w./.uavJg.s.>.....bX......R..o_..T.T......S4....=...A....|a2....?......!4f...{_l.}..g.1..|.&.'...9..a5%..68?.r.ZDGP...bDMB.~.Yic.S.PZ.....F..Qtp.....;.....).....X.]R"...2..s_..../?...".."..:..T.._...Pn>

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF246D.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26472
                                                                                                                                                                                                              Entropy (8bit):7.919001815936157
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c+uRfNk88R30MEAbRrBmVfiikffpbrFMvlg0fMez0BgVPhPTUGY6CY2:cXs0DGgfi1VB0iAMez0eVFUGY11
                                                                                                                                                                                                              MD5:D213D4BA8F28EA5806E21E946E9CD2EC
                                                                                                                                                                                                              SHA1:EDCAE15D0B9833CF2AED26FFDAC2B5CF90B869AD
                                                                                                                                                                                                              SHA-256:4E29C0D3FABE8FE0481EA7B5E2F8E3B19397C16C1B05B1AA81382857B5E797D3
                                                                                                                                                                                                              SHA-512:9F1A22A259F1FC63D4042DE6A7584FECDA996A252EC3F767553EB1675335C09E778FECFA2E8C265E93B771533117B449DFD706E48C7BC09529688AFCEC7F3E11
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........pHYs.................sRGB.........gAMA......a...f.IDATx....$.Y...we.GW..==.=...iF=.H.O.!...%.,k...`.....5.]..Z...Y.gm|..#.. ...H.IT...z..3===}Vu]Y..wfD|../"2#.2......f.#2......_.........................................................>2==............gQ.....pg.......=KP.t.8.z. ........@<.KD.@......vB...O.)..4.Jxl'.yz.....]^+..........D..[.... 0.bGn.L.t............L.)Tv"z...NP...@.u..P'..M.f;..b............%..-.P.P.'_(t....;]..5...s5m........m9?...... .:]..)...`...M]...8......*.6.|..o]P.../.Z.NP..... f6..6....~.....?...p....)zj.........).. ..M..&!."% x..m.A.qXP..s.\..Z/..].sO.:..w..V...m...>.Q.o...s.?K.g#$U........0..!..y...we......z<..Y.u:.....6./$X\..+L....(..tU.9f.#..U.-..Z>.. ..G..b..k....M..4S.7.V.......6. .....w./.uavJg.s.>.....bX......R..o_..T.T......S4....=...A....|a2....?......!4f...{_l.}..g.1..|.&.'...9..a5%..68?.r.ZDGP...bDMB.~.Yic.S.PZ.....F..Qtp.....;.....).....X.]R"...2..s_..../?...".."..:..T.._...Pn>

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8DBD.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10968
                                                                                                                                                                                                              Entropy (8bit):7.932872060413357
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:9dgz7O5VoBAy+xi7cqAgCZzU9qEikcH6PDK732V8RuLS2+snt7E96:9diO5Vmci7JAZziqEk6g3YLS2+286
                                                                                                                                                                                                              MD5:3140D624792D0F04D02EFFFCC88EA3AB
                                                                                                                                                                                                              SHA1:26FE5FF7822E3A5A4DD8EF46DB17F6FEE684D1FD
                                                                                                                                                                                                              SHA-256:D35AD28BC1165EF7286B862DA0EC19EF65E3FC0C8759C7249066508E2AAFA917
                                                                                                                                                                                                              SHA-512:6B3CC510307F4F1E344B750AFE10265D673B93A5EE34A5F46DCC005E8B885FA818BC25FE7C358412B8B5E5068C2BF06AE00C3FE654D34352474862FEE696C674
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:52F638337BDA11E78B63C153456C03E4" xmpMM:DocumentID="xmp.did:52F638347BDA11E78B63C153456C03E4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:52F638317BDA11E78B63C153456C03E4" stRef:documentID="xmp.did:52F638327BDA11E78B63C153456C03E4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.9n...'LIDATx..}...U......U..T..$.B.I.2.P@|*,P..u38v. *.z..A.j..^.Q...~..n......c...H.L .$d"s.$..x...x.;.T.B%..u.....^.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8DFC.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 236 x 236, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11337
                                                                                                                                                                                                              Entropy (8bit):7.964853997823352
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:a7oSgGrecqvNzb+B1TBtfJEB++KvBHW/9+O3tz5lZXeV+O6f694DGm05Wy1D57M9:SRrLCBmTbJW1iBHWl+aF5O+O6f67mA9M
                                                                                                                                                                                                              MD5:29DA985A8261988461157579B673AA3D
                                                                                                                                                                                                              SHA1:6965548D6DEFB9A42B988C47976E02765479FF9E
                                                                                                                                                                                                              SHA-256:2DD68FA85A42371E62C013C7419F5F7A0F0007B530233B24520D26FD37298698
                                                                                                                                                                                                              SHA-512:8765999BDB3F5BC0EEA823826FB44D893ACDD518EAC4C22B87C08A2646D8313799FDA70C831EBB57C474375A54EF1857F3C8CC3A56A1B8C4A598CE119AE72AAC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............w.J.....iCCPsRGB IEC61966-2.1..(.u..+.a.._....H..K.d...8l1...2\..~.m.}....rU...u./.."Rr.L\X_...=O...z.....y>.XCi%..{ ..i....^t.^i.......3s.!j...,..s..j..;.cq].K..j9.I....j.p......4...GK.fr..?&k.......d.G.XIi.ay9.LzM)..|.=.....-... .|8.b.?..0*v.7^.eG.|O1..U.U...X!I..}..I.....q.i.f...UO.zK..>hx1.....@a.0....p.u.p..........u..M...h.=...'5.E.R.,k"..g....[hZ*..|..#.6.n`..z%...k.g.......pHYs............... .IDATx...y|\gy...s..h.[.-Y.c[.Hv..p. ......%m.J.[ ..p...i......m...M.(...B.5..dsbid.m..E...r.s..%.lk...93......fytt.s....+...k..]""j#"...$..E.,.Y!....Z...Z.Z..(G5..B..."U..D...C4..Gd....@{Q..zq.^.9.....bG.........8.......d.........J0V.r..-!......n...V.K'.k...\........P....t.X.@.U..L$JG.;.w.$.C&a...]+.p T"X.T.h..D..B.&..,.......&E8..W.S.)......C.;<...=...u...$l.\.m..UkA.Qm.a5.:`..$".^...:.t..Aw....n......#.q.c.7&a3.......,EX!.z...5"R.u|sAU..=.O..4.....v..X.9.u|..$.,ll[..).@,..e...d...9}..9JB..h..4.nu.v..gv.tMx.._..M.em.`1,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E0D.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14190
                                                                                                                                                                                                              Entropy (8bit):7.964181788393821
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:uwqlJPWpmleymauFNnyFnYQnsNfriyBwPqd:uwqbWBfauF8tnm8Py
                                                                                                                                                                                                              MD5:CDB5DABE83B269C79FFA33D151A866C6
                                                                                                                                                                                                              SHA1:4572AE468EC8D103C91F6367F27FF764F64B8A58
                                                                                                                                                                                                              SHA-256:FC84BA49474C1102278EC7E5E76E84B5A1A988AF694DD6633FC395BE50F0110D
                                                                                                                                                                                                              SHA-512:95B21398FD7D9FE6A054A2D16D63C0D798FB6B95502E855AAE206F2C041A18A6104181CE699CCDD238746DFACB3435D7AA984B3F69B4ECF183169AB61C6F5011
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....sBIT....|.d... .IDATx^.}.x\.......[..di......\(.|.....?z....)..BIH(!.$......I..J .....%ll...Mu....gm...m..;W3..G..9...sg....T.....K]a....F....E.D#m.iT..FT.A.....K..C...:...u...uj.u.N..i....:Q.Fz.*..N.9..".5J.uaWx.{....o...kC.......#Bn...(J.!..L...r..R.F.....?5}%......*._.%..7q...H.+.5..rzQf..vD......./.._f..C..\;..N+....Q4Bi.uG8.....K6s.J5.2.J..........9z.ga.=.-..|......v.. .8.....^T_...5%..R).`.<{....Nm6....=3....}/..M.5..k......7...\CC.........D......V~...y.t+_.:u.$Y.]....F.'.R.A.%.R......1.h.)h.T,..WX'.5..t.}........*.rc....."..e.@%R...##..3.K..Z....9..'^pdv.U).d....R.iby.N..F..4].......+.&..!..!l...n.x....E."....P. E...A...E=. .M...X..@.....Q.>.......@...n..."t%.y.s}......^..x*._.n...-.U. .i..T...u..8W..V...*&!.e....ef.^\X..c...t... S.|.3CY.....T+.fV..,....<...[..........T..r4z.v..._rm.E...[#n.....%..w....),zs.}'....S..m.i.....(rC.'..4!,.R.;'ev.w.C.......'%./.t...C.......&eng.+..`.$...@. .D*..G

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E1E.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18572
                                                                                                                                                                                                              Entropy (8bit):7.966553012505821
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:+aFcSacLMCtrjnAswDNQ0UuV8vjuP9B4AkMRk5mHMcy0WHEV/DxEpCPPj:+aWEICtrjnhwDNQWrr47YK0HNxEpoPj
                                                                                                                                                                                                              MD5:CADB6E52441BAD05D8D3CB09F850940F
                                                                                                                                                                                                              SHA1:C2FB748A15B85B5832207496802C3FACDE2550BF
                                                                                                                                                                                                              SHA-256:F9F29ADCFFDB63B8DF6D447D46675F95B22ED9535EB0394D898B38429ABBECF0
                                                                                                                                                                                                              SHA-512:F62B06D5C486923B246B9C56A2B6681D6E674021B1D45BAB6B3267AF5D239016F98DB85CC8CD614755EE9B4C639BEA2E5EED51472BD6162B8CCE37B2A7FA90AB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............+u......sRGB........DeXIfMM.*.......i........................................................g..I..@.IDATx..}.|.U......to."..IH...R..%i......bAA.Q..=.?._}.....C@...,j.$J.....6I.t.-]h.4m.l7....nzn.Nf9g...7s~.d....9..;..........$-T..jmI...x.U4.*..kK..`[f..3w......6..!...p.E..mD.!.".Sb..%...FD.".M.zD$...|..(L..7'.J..ES.v....T...O.I_...J............>.....fH........Hi~^"....P .'+r,gF....MT.6..Vs...5..`.....&.....zyh^...F..>)......6.$;^....|2~R....D..s...=>...e...s.\:.(r...?..O9...0..#.}.yI.2)....I..5...Iy.?d..|R..~.W;I.3..Lc_..Q../.I....X6&...V#....D.......s7DDj..w=.M7..G..0.....(.z..q.|..:'.u...'.~.i...J..].\]N...#^.*@`.8}...qV.i.D.XI....-.....c...XMD.5JN..&f...3z..4V.f#@<.{,3...t..5rC.."B....D.!.$.3`pR%F.. .....}..b....m.4..Y.\~..(w.E.d.....7f........VOmq..P....:lZU.!.U;./.......;..]..r.G!.=.)...M.D...)R@.WS.4BI|.1SEc..8.B.|..3{YSY.(\.5T4..1....o:.3.M.r.H2..a.|.....HH>.."..]..r`.........a.9^.X~C..h..e..[."2N. ..,..y.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E1F.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4594
                                                                                                                                                                                                              Entropy (8bit):7.806645778474855
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:SXXj3QTa3ayIsiiUSGBu2ePW1L35dOOHylDULjOZCMg8bjfUinTNk:Sj3tZIsiiUPu20W3dOOS7CMVS
                                                                                                                                                                                                              MD5:17996A81108FCD78445459DB3355AE93
                                                                                                                                                                                                              SHA1:705730AA0535D5E5AA85DE863CAF3CF66F1F3E7D
                                                                                                                                                                                                              SHA-256:E52C8E6146A6A74B81CAA42B4D71BC3F4FFF424071E3DF4CEAE9E831D18DC902
                                                                                                                                                                                                              SHA-512:69238BF9E967CE02330FDCB42C40276B25082C933A3632C91BE7F3E68362BCABDAD103CDCE0DCEA0061D1F4EBC6F1BE4356551A6C32A46BC1551B75D16EBC149
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..o.G..gi.. P@5...L_.$..30r.i@....T}...w....Y*R....r...#4`(A..>.6...D.#.%.n.5....]....X.-....w.{.v.SPZV.W..K]..._..GM.y.......s.?^.?w......>g..x.A).^....Z....fG..sm.=....=.....^O..^4]}.1t0........e.]=.h.@.B....p....!.G1..D.....o.;|S}(.A8=....7.}...(...h.W..D...<..0......}.f.C....$z.zK...>.4a.?.. `.E.......h......@^...or.72*...P`.Y...:.'.7.V ..6...0..k.nOQ..F ...{....D.......0.. j...hX.....@.Oj@...8..KQ.w..b..]..]{....N.?..].9(....op....:".c..._..v..aJ}`...<G._..'..i......./..w..b ..w..!.(q....C..........\...CJ.......Jp...Ya.L.g..e^_.}u.S....X..o..D.L.A.X3]X.@......C......#.(0...E.Q%.%..T...?E.`.r.>..$.@..o..u...-NZ)..[......S}.b.....:......VI.R......%B6-Y...?`.....L...*.AAE...v m.M....?..&`.,.....6.).`z...Z...8).9.oq....S...?..&P1@...?8H..A.`..i...Y/r{2.@.7..UQ...].S.^A..N..T.....Xg.+@."z...y.8..F."....?..u..e...E...k.P.y/4..(.f...PB..Zr..I......[Q..A.<....\..y..6.?@l.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E20.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8498
                                                                                                                                                                                                              Entropy (8bit):7.922930230120092
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:PerUqsi9z8qYmtfzsoiLjD9/eb5MeTCPsesIsxP7BIvgE3MLRK:PZfi9z8OtLsoiLvIbOPWPSvOLRK
                                                                                                                                                                                                              MD5:D164304821B78086C309565B3124F039
                                                                                                                                                                                                              SHA1:CBCC391ABF5DFD1EB65766BEE9CD8B18BFE727EC
                                                                                                                                                                                                              SHA-256:13FF29F314A00399A7AF12CE210F3A06D5BDFEEE8954D48070091874C6E6AF1E
                                                                                                                                                                                                              SHA-512:94D16913D12D3543B66BCE49C57AA2AEC018D07E3F6F6277C311D5FA997D2592C21FEFA497A48E6AE6671D84F6C6614626D5C179D38B1FE6B7964560F89DB6A7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<.. .IDATx..]M.....nl.w.&0m7!r;.G.E.lf..%K.lhDDfG..A........MV..M...2(.f....GP....3"!~...-L.w.......nS]..{...U.'==c..^U...{.9=.p........o._..2S.+..?........>......8a.S..Th.;.?.....3A.K..=....O..>=...o.0..C#.q...!!...$........?.......BRx;$.....@.=.c.1....:.....^....yG2....)...@..~.[K.....8C2 ..$........$.&..xh..(.+..N..|2X.. ..%......K.U....P...y.%......y+H.6d.\....7?Wp....@.....O..^x.<.q.....O" ...h.$.... .....;C.G.,$.(..6.K..{].....z?.^...:4...B....`@..N..B........z.3~.........".....,.8Q.gB"h.....C.....Z9.*F*..c..4|.j.c..X......6..z-3|f........@3..:..l.A..B...m.....?$..h.D...;...P....{......k.tx~.!@..>.....N....5..................P......~.H`.1...}4~..y....%.X0....6.A4.'..s........".....$.........O..H.E....V..mAck.z4~.......4.h...i.?.B..j.. ;..Z!Z..p.3.H1.9....hLb.G.'..@...........|.}......].x.F.x...c>...,..u.,.5....xK.z.g........`.......6On....S...g...>. ......J!./B.w>z.7...

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E30.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):9572
                                                                                                                                                                                                              Entropy (8bit):7.92037484191708
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:g35c/z91EoSB9ijbW6rxIyejrdVLviGSaJN3EXIrPCmV+HYBwT:uc/7SqnWAxIyCrdpviqPrP1I4Bk
                                                                                                                                                                                                              MD5:90CEA53A9E729F143E3F017F087F9559
                                                                                                                                                                                                              SHA1:85FBF5B76BFCF03C68F2E80025075D99E5B3E97E
                                                                                                                                                                                                              SHA-256:039C4A7108985E4BE4D393C9261C844F20E50551DC958B5D8B5C42D0F62AEF5C
                                                                                                                                                                                                              SHA-512:FA7D0DA6C2CA67D227EDFC679B39D27CD6B9330CC1F573C861619641377B378A8BCB03E46090AFE03EAF385A70D668E46029666990005BB9FEAE911FF5FAD305
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....sBIT....|.d... .IDATx...{.$ea6...K., ..U ....L7..2..U$.../..o...b.....~.7..h...K4.@.....Ff..Ev...Ap# ..w..g..]....f.Y.......w<.#...9.O.U]..`Y.eY.eY.eY.eY.eY.eY.eYV.....2ILm.9....R7........T.....h...;.=... M...U....4.".i.E.."..9...S...)...V.l.D.....K.o...........@..T.....Cp...$......d. ..w.5..t....yk.....d..l........`......s..9g:..7[.!..).".g.:U.$..ZL..9Hy.w{@..0..|.t.fg....la.#.....'...[...{@l..i|0..t.f.T..b.1w.....F./6.)\.0.o..\."..3.......Q.j.O.2..kE...A.3E.....y.}g.....<...#5*[......t..A....t.(.T...n....5.........%;.^(....?.Y>.........&.X4.....X.......>Ho...tQ'...5.......M.2[...b}.......^n:N...'...`.V.e.a...@.R9..b...^....y...GD.....i>c:NT.....-.(.*..!...e:......p.........y......V<..S.U.^h:.U..7.q..|.....8ae.`?...y....G..b-....s..M'.#[..H.L.....\g:..'m..K........-.=z.N.y...sLg...[=.^6>....$a....jL..{.u..."f:.U.BY..O8...BaS.@jdj.....Q..X.'.!x...O....v...~.....1\ko...sO0.f..4._~..o-.Yg.MS..;...GE]F.1.......kbm..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E41.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):23781
                                                                                                                                                                                                              Entropy (8bit):7.951830901432337
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:n8AzjlZTHl4imkY/79U8128DZd0zd9Gdd2xHSbSa2osxjeTw8FQ2:nTzC7z9Y8wWExHMjeyBFd
                                                                                                                                                                                                              MD5:A2D451068C2275431E4F327476861009
                                                                                                                                                                                                              SHA1:4F047F1C68E8CEDE3F3ED2AAE15A6AB411F7D9AA
                                                                                                                                                                                                              SHA-256:AE7095A6DEB76BA628585CB84AF5C6A82546B3786426B574871946DD759C8121
                                                                                                                                                                                                              SHA-512:56BFEE0BAA3BAE1BD93948E3FAB9E42987AC7D5C1A6BE9AC42FF8631E7DCBB2C5BA8273ED9333BC5F500BF0761AD44248E01795F4C82134CE15E687580E60469
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmpMM:InstanceID="xmp.iid:CF199F6EC5E611E88B2B9A7C6A06548A" xmpMM:DocumentID="xmp.did:CF199F6FC5E611E88B2B9A7C6A06548A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CF199F6CC5E611E88B2B9A7C6A06548A" stRef:documentID="xmp.did:CF199F6DC5E611E88B2B9A7C6A06548A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>p.5...YUIDATx..}..$U...U.....( I.F@@..."..3.5..#.]WW.....g.5.U\3......0.(..8.u....U}....{.^W..............

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E42.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):30399
                                                                                                                                                                                                              Entropy (8bit):7.97200667677446
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:HD0Sq2Dx1hedjs8WMIiFyjk38RyqydjCodRUWLRCC1hMkW+bvZKCxJtYItx:AUhIBvFyjC8+vdRUWEASqDJRv
                                                                                                                                                                                                              MD5:C6CA05C84BA361F9C119D64E0E42F2B3
                                                                                                                                                                                                              SHA1:7463E2E9ACBC813E9BEC4E85F7CEA30B253309E7
                                                                                                                                                                                                              SHA-256:3A9D235BBE8F19DEB53249331CA66BAB32F546BD03152DDFEA77B7677FE62BC8
                                                                                                                                                                                                              SHA-512:549E811BD2A8BB4154F0DE16B2EFCB31BE2419B2BD9177E732F147B91D41FFECCCA3A39FAE6D03857767280D53BB423DC1FED462D3B1FFA7F0430154C061BF99
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............+u......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:ACB53B0778EB11E792E7B0977E97371F" xmpMM:DocumentID="xmp.did:ACB53B0878EB11E792E7B0977E97371F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ACB53B0578EB11E792E7B0977E97371F" stRef:documentID="xmp.did:ACB53B0678EB11E792E7B0977E97371F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Y....s/IDATx.WM..E....{7...M6......!~.Ap...p.q.G ...\A..q....=\....(!(.k...z.)^uW..x...K..z.g.........l....Pon..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E43.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11356
                                                                                                                                                                                                              Entropy (8bit):7.920375384672537
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:A0vhUAQou0PBf5u/jT2J/5eLN3DiIBryJxAXdJI1M4gk0yQSqcF+zFnKo:AmXQ30PBf5u/jT0WiIBryJxMjLkLQSRu
                                                                                                                                                                                                              MD5:4E9512ED0DDF959AD181958F4533BCA2
                                                                                                                                                                                                              SHA1:2760A54343EF743E8027B19A06100C97B88753AB
                                                                                                                                                                                                              SHA-256:D3F96FD64667EB39297F17C7F630172CE448080BA730DDA7575D813BB20484AC
                                                                                                                                                                                                              SHA-512:0DAE7A92B6FFCC4F14A0F2AA413F8AE77C36544557579C2A4A51CCAE8A211F5977ADB0F62D4159A378CAA9611581028B4B893D0D4B5E2CF0EEA4E2B6F721B6D3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<..+.IDATx..}..,Wu.3..pl.......A.H#.....<...!.k......R.P`..I..So..)....&N..*)'.2~#.ecc..D...~+.HB.5(`,.h.*..o.O....o...3;=..}......;..}..s...`T..=.=E.u*-.........=.T.....!.3.i...G.W...d..O....1..Fi..w.....mxO]$.........4......@-?b....G-./(N.3.h.c.`,;./..*..m$.H.0.....c.`,;FpSHt..1.@.....CM..,..e....i..!....+|....H..c.....n.0.B.p..0*B|.....`.`T... 0l.,............".....E.......0.-`..0JN|4...../....l.3.-8..QH..Q"..p......d'..pH.{....1.g...#.X.|..j.i...$g.4......m..#..v....0J..z..G..`..}....."...(...w.........Qk@.......X.....7.Bx..P.;....1s.}..f....%.n....cB+.c.....g..e.....M............+....C.....fkl&..`...\.[..%3.....V..}....v..-......`.k.........b3.k.._........#..J~}.,B0wl....,..u..4...(.Z...?..O:...vF...l.@...A..0Lpt..,.......{&a..7x..>?...A.j...^...@.....mj..sK.........0&......,.~.E........P`.uV.6....n..!mo....o..b=' .|..._M.............,.E$....=.k..7...E.7..>..X.....}..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E44.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14706
                                                                                                                                                                                                              Entropy (8bit):7.938813405123902
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:szJAez/IGUqLeCWvyw5misVxyDwmtTTCBPSglu:szJzgGVe16wKyDvTC9SR
                                                                                                                                                                                                              MD5:EF04B9E0CE1D81B72CCC5346252F5C6E
                                                                                                                                                                                                              SHA1:B43C8D9594F01E7A961A00402676CB33C1D8AD88
                                                                                                                                                                                                              SHA-256:7DC346787B540C408D4E350DA38A68B5CEC30BEC953951F20BC47BF0C2929E00
                                                                                                                                                                                                              SHA-512:D71677BDEDC88EFE57D6470505AD8F62FCF9F1B5EE253311FF658554C9922EE0ADE1FCC399EB67AC195F8C566295F88A5D55088310FCEC4D916CB6F1E7BCFFC2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:e87e97d2-b854-914f-a526-587e00e9e1cb" xmpMM:DocumentID="xmp.did:3D1A5D09DFEA11E7A0EC9673C7AAE90C" xmpMM:InstanceID="xmp.iid:3D1A5D08DFEA11E7A0EC9673C7AAE90C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1a18e2a2-c1ac-434b-b9f6-7ea66ba8f1ab" stRef:documentID="xmp.did:e87e97d2-b854-914f-a526-587e00e9e1cb"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.$.B..5.IDATx...|\...oz.F.K..".........

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8E45.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12867
                                                                                                                                                                                                              Entropy (8bit):7.947510849054734
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:Teqh34o8rPtcPU05nnH1xO4Gmrn1zgWLgJKtmefDBy:TovwnnH1xO4hvAK/g
                                                                                                                                                                                                              MD5:33E43F4E93382BF68E254B86D08362DE
                                                                                                                                                                                                              SHA1:C5649B994D4444DE8C6C119A0883E7E4AF3CD37C
                                                                                                                                                                                                              SHA-256:07DFA9AA5352DBC42FC7D5CF2E3C658B7ACD22B8DA7C5457507A3C1381C27765
                                                                                                                                                                                                              SHA-512:054666C486A8A7B0C0D08B8C794EC88B47DE882B1A3086C46C1DEFB5A064ACA57AD96F0998030C139B9E4FB631E182F701D2921DD2A86C473F495CA97F4BBE22
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............+u......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:A26E5FAB78EB11E7A40ADD318F0298DB" xmpMM:DocumentID="xmp.did:A26E5FAC78EB11E7A40ADD318F0298DB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A26E5FA978EB11E7A40ADD318F0298DB" stRef:documentID="xmp.did:A26E5FAA78EB11E7A40ADD318F0298DB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>`.2y....IDATx..W.J.@...IM.....j.....x........7.BE.`(.D...$...u..$....@Hv...L....Ek3.0.0.f~...R.X[a.......

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF8EA3.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26472
                                                                                                                                                                                                              Entropy (8bit):7.919001815936157
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c+uRfNk88R30MEAbRrBmVfiikffpbrFMvlg0fMez0BgVPhPTUGY6CY2:cXs0DGgfi1VB0iAMez0eVFUGY11
                                                                                                                                                                                                              MD5:D213D4BA8F28EA5806E21E946E9CD2EC
                                                                                                                                                                                                              SHA1:EDCAE15D0B9833CF2AED26FFDAC2B5CF90B869AD
                                                                                                                                                                                                              SHA-256:4E29C0D3FABE8FE0481EA7B5E2F8E3B19397C16C1B05B1AA81382857B5E797D3
                                                                                                                                                                                                              SHA-512:9F1A22A259F1FC63D4042DE6A7584FECDA996A252EC3F767553EB1675335C09E778FECFA2E8C265E93B771533117B449DFD706E48C7BC09529688AFCEC7F3E11
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........pHYs.................sRGB.........gAMA......a...f.IDATx....$.Y...we.GW..==.=...iF=.H.O.!...%.,k...`.....5.]..Z...Y.gm|..#.. ...H.IT...z..3===}Vu]Y..wfD|../"2#.2......f.#2......_.........................................................>2==............gQ.....pg.......=KP.t.8.z. ........@<.KD.@......vB...O.)..4.Jxl'.yz.....]^+..........D..[.... 0.bGn.L.t............L.)Tv"z...NP...@.u..P'..M.f;..b............%..-.P.P.'_(t....;]..5...s5m........m9?...... .:]..)...`...M]...8......*.6.|..o]P.../.Z.NP..... f6..6....~.....?...p....)zj.........).. ..M..&!."% x..m.A.qXP..s.\..Z/..].sO.:..w..V...m...>.Q.o...s.?K.g#$U........0..!..y...we......z<..Y.u:.....6./$X\..+L....(..tU.9f.#..U.-..Z>.. ..G..b..k....M..4S.7.V.......6. .....w./.uavJg.s.>.....bX......R..o_..T.T......S4....=...A....|a2....?......!4f...{_l.}..g.1..|.&.'...9..a5%..68?.r.ZDGP...bDMB.~.Yic.S.PZ.....F..Qtp.....;.....).....X.]R"...2..s_..../?...".."..:..T.._...Pn>

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF96E1.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10968
                                                                                                                                                                                                              Entropy (8bit):7.932872060413357
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:9dgz7O5VoBAy+xi7cqAgCZzU9qEikcH6PDK732V8RuLS2+snt7E96:9diO5Vmci7JAZziqEk6g3YLS2+286
                                                                                                                                                                                                              MD5:3140D624792D0F04D02EFFFCC88EA3AB
                                                                                                                                                                                                              SHA1:26FE5FF7822E3A5A4DD8EF46DB17F6FEE684D1FD
                                                                                                                                                                                                              SHA-256:D35AD28BC1165EF7286B862DA0EC19EF65E3FC0C8759C7249066508E2AAFA917
                                                                                                                                                                                                              SHA-512:6B3CC510307F4F1E344B750AFE10265D673B93A5EE34A5F46DCC005E8B885FA818BC25FE7C358412B8B5E5068C2BF06AE00C3FE654D34352474862FEE696C674
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:52F638337BDA11E78B63C153456C03E4" xmpMM:DocumentID="xmp.did:52F638347BDA11E78B63C153456C03E4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:52F638317BDA11E78B63C153456C03E4" stRef:documentID="xmp.did:52F638327BDA11E78B63C153456C03E4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.9n...'LIDATx..}...U......U..T..$.B.I.2.P@|*,P..u38v. *.z..A.j..^.Q...~..n......c...H.L .$d"s.$..x...x.;.T.B%..u.....^.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF96E2.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 236 x 236, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11337
                                                                                                                                                                                                              Entropy (8bit):7.964853997823352
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:a7oSgGrecqvNzb+B1TBtfJEB++KvBHW/9+O3tz5lZXeV+O6f694DGm05Wy1D57M9:SRrLCBmTbJW1iBHWl+aF5O+O6f67mA9M
                                                                                                                                                                                                              MD5:29DA985A8261988461157579B673AA3D
                                                                                                                                                                                                              SHA1:6965548D6DEFB9A42B988C47976E02765479FF9E
                                                                                                                                                                                                              SHA-256:2DD68FA85A42371E62C013C7419F5F7A0F0007B530233B24520D26FD37298698
                                                                                                                                                                                                              SHA-512:8765999BDB3F5BC0EEA823826FB44D893ACDD518EAC4C22B87C08A2646D8313799FDA70C831EBB57C474375A54EF1857F3C8CC3A56A1B8C4A598CE119AE72AAC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............w.J.....iCCPsRGB IEC61966-2.1..(.u..+.a.._....H..K.d...8l1...2\..~.m.}....rU...u./.."Rr.L\X_...=O...z.....y>.XCi%..{ ..i....^t.^i.......3s.!j...,..s..j..;.cq].K..j9.I....j.p......4...GK.fr..?&k.......d.G.XIi.ay9.LzM)..|.=.....-... .|8.b.?..0*v.7^.eG.|O1..U.U...X!I..}..I.....q.i.f...UO.zK..>hx1.....@a.0....p.u.p..........u..M...h.=...'5.E.R.,k"..g....[hZ*..|..#.6.n`..z%...k.g.......pHYs............... .IDATx...y|\gy...s..h.[.-Y.c[.Hv..p. ......%m.J.[ ..p...i......m...M.(...B.5..dsbid.m..E...r.s..%.lk...93......fytt.s....+...k..]""j#"...$..E.,.Y!....Z...Z.Z..(G5..B..."U..D...C4..Gd....@{Q..zq.^.9.....bG.........8.......d.........J0V.r..-!......n...V.K'.k...\........P....t.X.@.U..L$JG.;.w.$.C&a...]+.p T"X.T.h..D..B.&..,.......&E8..W.S.)......C.;<...=...u...$l.\.m..UkA.Qm.a5.:`..$".^...:.t..Aw....n......#.q.c.7&a3.......,EX!.z...5"R.u|sAU..=.O..4.....v..X.9.u|..$.,ll[..).@,..e...d...9}..9JB..h..4.nu.v..gv.tMx.._..M.em.`1,

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF96E3.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14190
                                                                                                                                                                                                              Entropy (8bit):7.964181788393821
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:uwqlJPWpmleymauFNnyFnYQnsNfriyBwPqd:uwqbWBfauF8tnm8Py
                                                                                                                                                                                                              MD5:CDB5DABE83B269C79FFA33D151A866C6
                                                                                                                                                                                                              SHA1:4572AE468EC8D103C91F6367F27FF764F64B8A58
                                                                                                                                                                                                              SHA-256:FC84BA49474C1102278EC7E5E76E84B5A1A988AF694DD6633FC395BE50F0110D
                                                                                                                                                                                                              SHA-512:95B21398FD7D9FE6A054A2D16D63C0D798FB6B95502E855AAE206F2C041A18A6104181CE699CCDD238746DFACB3435D7AA984B3F69B4ECF183169AB61C6F5011
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....sBIT....|.d... .IDATx^.}.x\.......[..di......\(.|.....?z....)..BIH(!.$......I..J .....%ll...Mu....gm...m..;W3..G..9...sg....T.....K]a....F....E.D#m.iT..FT.A.....K..C...:...u...uj.u.N..i....:Q.Fz.*..N.9..".5J.uaWx.{....o...kC.......#Bn...(J.!..L...r..R.F.....?5}%......*._.%..7q...H.+.5..rzQf..vD......./.._f..C..\;..N+....Q4Bi.uG8.....K6s.J5.2.J..........9z.ga.=.-..|......v.. .8.....^T_...5%..R).`.<{....Nm6....=3....}/..M.5..k......7...\CC.........D......V~...y.t+_.:u.$Y.]....F.'.R.A.%.R......1.h.)h.T,..WX'.5..t.}........*.rc....."..e.@%R...##..3.K..Z....9..'^pdv.U).d....R.iby.N..F..4].......+.&..!..!l...n.x....E."....P. E...A...E=. .M...X..@.....Q.>.......@...n..."t%.y.s}......^..x*._.n...-.U. .i..T...u..8W..V...*&!.e....ef.^\X..c...t... S.|.3CY.....T+.fV..,....<...[..........T..r4z.v..._rm.E...[#n.....%..w....),zs.}'....S..m.i.....(rC.'..4!,.R.;'ev.w.C.......'%./.t...C.......&eng.+..`.$...@. .D*..G

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF96E4.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18572
                                                                                                                                                                                                              Entropy (8bit):7.966553012505821
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:+aFcSacLMCtrjnAswDNQ0UuV8vjuP9B4AkMRk5mHMcy0WHEV/DxEpCPPj:+aWEICtrjnhwDNQWrr47YK0HNxEpoPj
                                                                                                                                                                                                              MD5:CADB6E52441BAD05D8D3CB09F850940F
                                                                                                                                                                                                              SHA1:C2FB748A15B85B5832207496802C3FACDE2550BF
                                                                                                                                                                                                              SHA-256:F9F29ADCFFDB63B8DF6D447D46675F95B22ED9535EB0394D898B38429ABBECF0
                                                                                                                                                                                                              SHA-512:F62B06D5C486923B246B9C56A2B6681D6E674021B1D45BAB6B3267AF5D239016F98DB85CC8CD614755EE9B4C639BEA2E5EED51472BD6162B8CCE37B2A7FA90AB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............+u......sRGB........DeXIfMM.*.......i........................................................g..I..@.IDATx..}.|.U......to."..IH...R..%i......bAA.Q..=.?._}.....C@...,j.$J.....6I.t.-]h.4m.l7....nzn.Nf9g...7s~.d....9..;..........$-T..jmI...x.U4.*..kK..`[f..3w......6..!...p.E..mD.!.".Sb..%...FD.".M.zD$...|..(L..7'.J..ES.v....T...O.I_...J............>.....fH........Hi~^"....P .'+r,gF....MT.6..Vs...5..`.....&.....zyh^...F..>)......6.$;^....|2~R....D..s...=>...e...s.\:.(r...?..O9...0..#.}.yI.2)....I..5...Iy.?d..|R..~.W;I.3..Lc_..Q../.I....X6&...V#....D.......s7DDj..w=.M7..G..0.....(.z..q.|..:'.u...'.~.i...J..].\]N...#^.*@`.8}...qV.i.D.XI....-.....c...XMD.5JN..&f...3z..4V.f#@<.{,3...t..5rC.."B....D.!.$.3`pR%F.. .....}..b....m.4..Y.\~..(w.E.d.....7f........VOmq..P....:lZU.!.U;./.......;..]..r.G!.=.)...M.D...)R@.WS.4BI|.1SEc..8.B.|..3{YSY.(\.5T4..1....o:.3.M.r.H2..a.|.....HH>.."..]..r`.........a.9^.X~C..h..e..[."2N. ..,..y.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF96E5.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4594
                                                                                                                                                                                                              Entropy (8bit):7.806645778474855
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:SXXj3QTa3ayIsiiUSGBu2ePW1L35dOOHylDULjOZCMg8bjfUinTNk:Sj3tZIsiiUPu20W3dOOS7CMVS
                                                                                                                                                                                                              MD5:17996A81108FCD78445459DB3355AE93
                                                                                                                                                                                                              SHA1:705730AA0535D5E5AA85DE863CAF3CF66F1F3E7D
                                                                                                                                                                                                              SHA-256:E52C8E6146A6A74B81CAA42B4D71BC3F4FFF424071E3DF4CEAE9E831D18DC902
                                                                                                                                                                                                              SHA-512:69238BF9E967CE02330FDCB42C40276B25082C933A3632C91BE7F3E68362BCABDAD103CDCE0DCEA0061D1F4EBC6F1BE4356551A6C32A46BC1551B75D16EBC149
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..o.G..gi.. P@5...L_.$..30r.i@....T}...w....Y*R....r...#4`(A..>.6...D.#.%.n.5....]....X.-....w.{.v.SPZV.W..K]..._..GM.y.......s.?^.?w......>g..x.A).^....Z....fG..sm.=....=.....^O..^4]}.1t0........e.]=.h.@.B....p....!.G1..D.....o.;|S}(.A8=....7.}...(...h.W..D...<..0......}.f.C....$z.zK...>.4a.?.. `.E.......h......@^...or.72*...P`.Y...:.'.7.V ..6...0..k.nOQ..F ...{....D.......0.. j...hX.....@.Oj@...8..KQ.w..b..]..]{....N.?..].9(....op....:".c..._..v..aJ}`...<G._..'..i......./..w..b ..w..!.(q....C..........\...CJ.......Jp...Ya.L.g..e^_.}u.S....X..o..D.L.A.X3]X.@......C......#.(0...E.Q%.%..T...?E.`.r.>..$.@..o..u...-NZ)..[......S}.b.....:......VI.R......%B6-Y...?`.....L...*.AAE...v m.M....?..&`.,.....6.).`z...Z...8).9.oq....S...?..&P1@...?8H..A.`..i...Y/r{2.@.7..UQ...].S.^A..N..T.....Xg.+@."z...y.8..F."....?..u..e...E...k.P.y/4..(.f...PB..Zr..I......[Q..A.<....\..y..6.?@l.

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF9773.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):9572
                                                                                                                                                                                                              Entropy (8bit):7.92037484191708
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:g35c/z91EoSB9ijbW6rxIyejrdVLviGSaJN3EXIrPCmV+HYBwT:uc/7SqnWAxIyCrdpviqPrP1I4Bk
                                                                                                                                                                                                              MD5:90CEA53A9E729F143E3F017F087F9559
                                                                                                                                                                                                              SHA1:85FBF5B76BFCF03C68F2E80025075D99E5B3E97E
                                                                                                                                                                                                              SHA-256:039C4A7108985E4BE4D393C9261C844F20E50551DC958B5D8B5C42D0F62AEF5C
                                                                                                                                                                                                              SHA-512:FA7D0DA6C2CA67D227EDFC679B39D27CD6B9330CC1F573C861619641377B378A8BCB03E46090AFE03EAF385A70D668E46029666990005BB9FEAE911FF5FAD305
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....sBIT....|.d... .IDATx...{.$ea6...K., ..U ....L7..2..U$.../..o...b.....~.7..h...K4.@.....Ff..Ev...Ap# ..w..g..]....f.Y.......w<.#...9.O.U]..`Y.eY.eY.eY.eY.eY.eY.eYV.....2ILm.9....R7........T.....h...;.=... M...U....4.".i.E.."..9...S...)...V.l.D.....K.o...........@..T.....Cp...$......d. ..w.5..t....yk.....d..l........`......s..9g:..7[.!..).".g.:U.$..ZL..9Hy.w{@..0..|.t.fg....la.#.....'...[...{@l..i|0..t.f.T..b.1w.....F./6.)\.0.o..\."..3.......Q.j.O.2..kE...A.3E.....y.}g.....<...#5*[......t..A....t.(.T...n....5.........%;.^(....?.Y>.........&.X4.....X.......>Ho...tQ'...5.......M.2[...b}.......^n:N...'...`.V.e.a...@.R9..b...^....y...GD.....i>c:NT.....-.(.*..!...e:......p.........y......V<..S.U.^h:.U..7.q..|.....8ae.`?...y....G..b-....s..M'.#[..H.L.....\g:..'m..K........-.=z.N.y...sLg...[=.^6>....$a....jL..{.u..."f:.U.BY..O8...BaS.@jdj.....Q..X.'.!x...O....v...~.....1\ko...sO0.f..4._~..o-.Yg.MS..;...GE]F.1.......kbm..

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPF9810.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):106657
                                                                                                                                                                                                              Entropy (8bit):7.990200894826057
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:3072:cnu+0msPrn3uQohcaIlomoiVhkyHh+Q2IN7gZ:cnx0marRTlomoxTQ2INcZ
                                                                                                                                                                                                              MD5:6AEEEE0F40118DAFF6219B7498284665
                                                                                                                                                                                                              SHA1:0A8A4B4F4ACCD0404D271D9A921E8DA5CBDBE5E6
                                                                                                                                                                                                              SHA-256:E06BA63343085B0E0371A702D9076EBC05241D941FFA6751CA1C04D5B3DC1C3C
                                                                                                                                                                                                              SHA-512:8E31A4F0541E2B37A67474B7F3672E15CC304EA9E7985BAB43EEA6D82D9BDEC52DE77C835B50D436F917BD2FA071CE05DCA2446D27C62DF7E9F55B5F691D9366
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...AiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.a8d475349, 2023/03/23-13:05:45 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.7 (20230628.m.2223 0770f83) (Windows)" xmpMM:InstanceID="xmp.iid:A0575C2C1EEF11EE95E6F985377EC5D1" xmpMM:DocumentID="xmp.did:A0575C2D1EEF11EE95E6F985377EC5D1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A0575C2A1EEF11EE95E6F985377EC5D1" stRef:documentID="xmp.did:A0575C2B1EEF11EE95E6F985377EC5D1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.?A$....IDATx....,Ir&f...w....t..$w...V.b.A....).C`.......B. @+..........=..^...3...

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WPFEF37.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26472
                                                                                                                                                                                                              Entropy (8bit):7.919001815936157
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c+uRfNk88R30MEAbRrBmVfiikffpbrFMvlg0fMez0BgVPhPTUGY6CY2:cXs0DGgfi1VB0iAMez0eVFUGY11
                                                                                                                                                                                                              MD5:D213D4BA8F28EA5806E21E946E9CD2EC
                                                                                                                                                                                                              SHA1:EDCAE15D0B9833CF2AED26FFDAC2B5CF90B869AD
                                                                                                                                                                                                              SHA-256:4E29C0D3FABE8FE0481EA7B5E2F8E3B19397C16C1B05B1AA81382857B5E797D3
                                                                                                                                                                                                              SHA-512:9F1A22A259F1FC63D4042DE6A7584FECDA996A252EC3F767553EB1675335C09E778FECFA2E8C265E93B771533117B449DFD706E48C7BC09529688AFCEC7F3E11
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........pHYs.................sRGB.........gAMA......a...f.IDATx....$.Y...we.GW..==.=...iF=.H.O.!...%.,k...`.....5.]..Z...Y.gm|..#.. ...H.IT...z..3===}Vu]Y..wfD|../"2#.2......f.#2......_.........................................................>2==............gQ.....pg.......=KP.t.8.z. ........@<.KD.@......vB...O.)..4.Jxl'.yz.....]^+..........D..[.... 0.bGn.L.t............L.)Tv"z...NP...@.u..P'..M.f;..b............%..-.P.P.'_(t....;]..5...s5m........m9?...... .:]..)...`...M]...8......*.6.|..o]P.../.Z.NP..... f6..6....~.....?...p....)zj.........).. ..M..&!."% x..m.A.qXP..s.\..Z/..].sO.:..w..V...m...>.Q.o...s.?K.g#$U........0..!..y...we......z<..Y.u:.....6./$X\..+L....(..tU.9f.#..U.-..Z>.. ..G..b..k....M..4S.7.V.......6. .....w./.uavJg.s.>.....bX......R..o_..T.T......S4....=...A....|a2....?......!4f...{_l.}..g.1..|.&.'...9..a5%..68?.r.ZDGP...bDMB.~.Yic.S.PZ.....F..Qtp.....;.....).....X.]R"...2..s_..../?...".."..:..T.._...Pn>

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\aheaoouz.1dc.xml

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 text, with very long lines (462)
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):441421
                                                                                                                                                                                                              Entropy (8bit):5.872959856193929
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:hOM2MvMJMOMtMKM3MHMlM0MOaVUxmNIqeKfehB5H9xMHaFUrmwIeetf1hQ559KMw:hvmcHqiUfB+d1OLZ3Jipd8QwR
                                                                                                                                                                                                              MD5:2BD5F20A97D80702F5D10C8CA0CC1199
                                                                                                                                                                                                              SHA1:07B4B6EB48B38E44210BF225DB6C821E9508F5AA
                                                                                                                                                                                                              SHA-256:46D66FED31A84DE3FE931323DE7F5966EDFC686047FCB424BA5922D5D219485A
                                                                                                                                                                                                              SHA-512:69085FF8101DAE79B8A68C6236BB77514025F6DC26878662BB9F2E635D9329FF48F24850B9A508A57CC7EEDEB653981CE2B137131C8BFAE2AE6631FE2D853F12
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<COP>. <Platform>. <OS>WINDOWS</OS>. <OSVer>10</OSVer>. <Locale>EN</Locale>. <Arch>64</Arch>. <Mfr>GIGABYTE TECHNOLOGY </Mfr>. <Model>B660 GAMING X</Model>. <SKU>DEFAULT STRING</SKU>. </Platform>. <ProductList>. <Product>. <Name>Alisha</Name>. <ModuleList>. <Module>. <Name>Streamer Companion App</Name>. <Version>2.0.1.12</Version>. <AdminPrivilegeRequired>false</AdminPrivilegeRequired>. <RebootRequired>false</RebootRequired>. <PostProcessRequired>false</PostProcessRequired>. <FileName>1700202653705F2WD7StreamerCompanionAppSetup-v2.0.1.12.exe</FileName>. <OriginalFileName>StreamerCompanionAppSetup-v2.0.1.12.exe</OriginalFileName>. <FileSize>102428736</FileSize>. <Checksum>aea40ddc97bbdce041f50f2c2b380959</Checksum>. <ChecksumSHA256>96e907d03638d2a01d301be0fe99b89c861026d7e3a5f80b6f36288af066192c</ChecksumSHA256>.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1876128
                                                                                                                                                                                                              Entropy (8bit):5.363908993977671
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:fNCox7rt4YZIrvS92QEkvZ0sJqmvjC0eEL8P5PbNFkEkEkE3kauRp+HpD88vJZPy:fNCoZt/WvSIQEW0WqmfqbNYL+JDhK
                                                                                                                                                                                                              MD5:0A540D4D964BE671E0B359A6DF1BDDA3
                                                                                                                                                                                                              SHA1:35A3A95EE3CE802328EA0334ABCDA110CBD4A7C9
                                                                                                                                                                                                              SHA-256:8F0CD4EE8B8B590DD3E9A0AF236B4CBA2E99016603FFA8897F12BBBFEB36FB08
                                                                                                                                                                                                              SHA-512:B3E15FDA68B63D9604049799F23E54B5362851CFCDE6915870059BD9C75AC8C5330A3312A07C92B23FCF7D474F8E4A05CDA2FC21E60D65AB5CCB3C5B02CFD9D5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W\............" ..0..h............... ........... ....................................`.....................................O....................r..................T............................................ ............... ..H............text....f... ...h.................. ..`.rsrc................j..............@..@.reloc...............p..............@..B.......................H........H.. +...........t...... .........................................(W...*..-.r...pr...psX...z.-.ri..pr{..psX...z..oY...(....*2.sZ...(....*..-.r...pr...psX...z.(....([...r...pr...po\...*..-.r...pr...psX...z.-.ri..pr...psX...z..oY...(....*2.sZ...(....*....0..{........-.r...pr...psX...z.......... .#Eg}...... ....}...... ...}...... vT2.}......+.....(......@X....i.@Y1.....i.Y...ij.jZ(....*..0...........@........(].........(^..... .......8/.....8.(^.......(....+%....(.....@

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\AWSSDK.Core.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):1876128
                                                                                                                                                                                                              Entropy (8bit):5.363908993977671
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:fNCox7rt4YZIrvS92QEkvZ0sJqmvjC0eEL8P5PbNFkEkEkE3kauRp+HpD88vJZPy:fNCoZt/WvSIQEW0WqmfqbNYL+JDhK
                                                                                                                                                                                                              MD5:0A540D4D964BE671E0B359A6DF1BDDA3
                                                                                                                                                                                                              SHA1:35A3A95EE3CE802328EA0334ABCDA110CBD4A7C9
                                                                                                                                                                                                              SHA-256:8F0CD4EE8B8B590DD3E9A0AF236B4CBA2E99016603FFA8897F12BBBFEB36FB08
                                                                                                                                                                                                              SHA-512:B3E15FDA68B63D9604049799F23E54B5362851CFCDE6915870059BD9C75AC8C5330A3312A07C92B23FCF7D474F8E4A05CDA2FC21E60D65AB5CCB3C5B02CFD9D5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...W\............" ..0..h............... ........... ....................................`.....................................O....................r..................T............................................ ............... ..H............text....f... ...h.................. ..`.rsrc................j..............@..@.reloc...............p..............@..B.......................H........H.. +...........t...... .........................................(W...*..-.r...pr...psX...z.-.ri..pr{..psX...z..oY...(....*2.sZ...(....*..-.r...pr...psX...z.(....([...r...pr...po\...*..-.r...pr...psX...z.-.ri..pr...psX...z..oY...(....*2.sZ...(....*....0..{........-.r...pr...psX...z.......... .#Eg}...... ....}...... ...}...... vT2.}......+.....(......@X....i.@Y1.....i.Y...ij.jZ(....*..0...........@........(].........(^..... .......8/.....8.(^.......(....+%....(.....@

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):154784
                                                                                                                                                                                                              Entropy (8bit):6.025902483561444
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:sdrhwPOU4cnnnUWcrcENVo33c4YgIJJf/hCakBKhyXKOc47xuuwKc9W3blCWFk2M:JZ0aGtke41DQW3BkrR/VYojPM9/g/xH
                                                                                                                                                                                                              MD5:76E80582372E4F00586D51E5F4410A27
                                                                                                                                                                                                              SHA1:648B54C8C5269F8CD59524A97108E6288AFDB412
                                                                                                                                                                                                              SHA-256:C069151BC437F06025142A78B5DD7477CA6A847D1BBA7323CD962F4496F2CA84
                                                                                                                                                                                                              SHA-512:95B271D2173EAA94FFC0B62894EFB7B8F971BD6C013D65BED6A0B5FF1877BAE346B66CB4D80913C37EAB03C4CD0DB644A888B0B76178D691B1175B2AF32A5E9E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..$...........B... ...`....... ....................................`..................................B..O....`...............................A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H.......H....W...................A........................................~....}.....(....s2...(3....r...p(4....s....(5...*.r...p*.r...p*..{....*Br'..p(6........*...0..M.......s7...%(....o8...%(....o8...%(....o8...%(....o8...%(....o8...%(....o8...s9...*.~....*.~....*.~....*.~....*.~....*.~....*..0..........s:...%.o;...%.o<...%.o=...%.o>...%#.....8.@(?...s@...oA...%#.....8.@(?...s@...oB...%....c....oC...%....c....oD........s:...%.o;...%.o<...%.o=...%.o>...%#.....0.@(?...s@...o

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\AWSSDK.Kinesis.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):154784
                                                                                                                                                                                                              Entropy (8bit):6.025902483561444
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:sdrhwPOU4cnnnUWcrcENVo33c4YgIJJf/hCakBKhyXKOc47xuuwKc9W3blCWFk2M:JZ0aGtke41DQW3BkrR/VYojPM9/g/xH
                                                                                                                                                                                                              MD5:76E80582372E4F00586D51E5F4410A27
                                                                                                                                                                                                              SHA1:648B54C8C5269F8CD59524A97108E6288AFDB412
                                                                                                                                                                                                              SHA-256:C069151BC437F06025142A78B5DD7477CA6A847D1BBA7323CD962F4496F2CA84
                                                                                                                                                                                                              SHA-512:95B271D2173EAA94FFC0B62894EFB7B8F971BD6C013D65BED6A0B5FF1877BAE346B66CB4D80913C37EAB03C4CD0DB644A888B0B76178D691B1175B2AF32A5E9E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..$...........B... ...`....... ....................................`..................................B..O....`...............................A..T............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H.......H....W...................A........................................~....}.....(....s2...(3....r...p(4....s....(5...*.r...p*.r...p*..{....*Br'..p(6........*...0..M.......s7...%(....o8...%(....o8...%(....o8...%(....o8...%(....o8...%(....o8...s9...*.~....*.~....*.~....*.~....*.~....*.~....*..0..........s:...%.o;...%.o<...%.o=...%.o>...%#.....8.@(?...s@...oA...%#.....8.@(?...s@...oB...%....c....oC...%....c....oD........s:...%.o;...%.o<...%.o=...%.o>...%#.....0.@(?...s@...o

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\AllSystems.json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):707
                                                                                                                                                                                                              Entropy (8bit):4.058719365589285
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:F9b+bVH4NIjbfJo2b9bHoYbu8HkIQHbkbRICZHbEbp9y1bwHc5CH0Tmcy2T9DIHN:cC7kJ1NmcyKUoh4Ga
                                                                                                                                                                                                              MD5:60174D20C177137F40F105103494955D
                                                                                                                                                                                                              SHA1:9F416A3648838B6B22A51F6B77EBB4A40AF282CF
                                                                                                                                                                                                              SHA-256:AE1FDC5F37E9A8382DC4E114F633612DBEE04ECBB46AB86C0D1A39BDD8C3E527
                                                                                                                                                                                                              SHA-512:477378DD6533B32A5AE3B069B3EBA9C097D53F5C5AA827BA2111F52F38EADA730000DF6E14F0D4C1950798D4BBD66946CFCFF76468E4EDAB3ECC553E29AAB161
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":569},.. {"pid":586},.. {"pid":594},.. {"pid":601},.. .. {"pid":570},.. {"pid":581},.. {"pid":587},.. {"pid":589},.. {"pid":595},.. {"pid":612},.. {"pid":630},.. .. {"pid":582},.. {"pid":597},.. {"pid":613},.. .. {"pid":564},.. {"pid":588},.. {"pid":598},.. {"pid":611}, .. .. {"pid":616}, .. {"pid":618},.. {"pid":652},.. {"pid":650},.. {"pid":671},.. {"pid":672},.. {"pid":669},.... { "pid": 527 },.. { "pid": 548 },.. { "pid": 549 },.. { "pid": 576 },.. { "pid": 596 },.. { "pid": 645 },.. { "pid": 670 },.. .. {"pid":563},.. {"pid":571},.. {"pid":621},.. {"pid":622},.. {"pid":623},.. {"pid":624},.. {"pid":633},.. {"pid":634},.. {"pid":651},.. {"pid":694},.. {"pid":695},.. {"pid":696}]..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\AllSystems.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):707
                                                                                                                                                                                                              Entropy (8bit):4.058719365589285
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:F9b+bVH4NIjbfJo2b9bHoYbu8HkIQHbkbRICZHbEbp9y1bwHc5CH0Tmcy2T9DIHN:cC7kJ1NmcyKUoh4Ga
                                                                                                                                                                                                              MD5:60174D20C177137F40F105103494955D
                                                                                                                                                                                                              SHA1:9F416A3648838B6B22A51F6B77EBB4A40AF282CF
                                                                                                                                                                                                              SHA-256:AE1FDC5F37E9A8382DC4E114F633612DBEE04ECBB46AB86C0D1A39BDD8C3E527
                                                                                                                                                                                                              SHA-512:477378DD6533B32A5AE3B069B3EBA9C097D53F5C5AA827BA2111F52F38EADA730000DF6E14F0D4C1950798D4BBD66946CFCFF76468E4EDAB3ECC553E29AAB161
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":569},.. {"pid":586},.. {"pid":594},.. {"pid":601},.. .. {"pid":570},.. {"pid":581},.. {"pid":587},.. {"pid":589},.. {"pid":595},.. {"pid":612},.. {"pid":630},.. .. {"pid":582},.. {"pid":597},.. {"pid":613},.. .. {"pid":564},.. {"pid":588},.. {"pid":598},.. {"pid":611}, .. .. {"pid":616}, .. {"pid":618},.. {"pid":652},.. {"pid":650},.. {"pid":671},.. {"pid":672},.. {"pid":669},.... { "pid": 527 },.. { "pid": 548 },.. { "pid": 549 },.. { "pid": 576 },.. { "pid": 596 },.. { "pid": 645 },.. { "pid": 670 },.. .. {"pid":563},.. {"pid":571},.. {"pid":621},.. {"pid":622},.. {"pid":623},.. {"pid":624},.. {"pid":633},.. {"pid":634},.. {"pid":651},.. {"pid":694},.. {"pid":695},.. {"pid":696}]..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):46880
                                                                                                                                                                                                              Entropy (8bit):6.317638048318189
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:vBYtgSk8JJUmLIPLriCfdz3BB2CEpYinAMxsMu5ktX:vutH1JczriaJRBW7HxsCtX
                                                                                                                                                                                                              MD5:BA549837ECA0CE18E7C0B3BBE0CB2292
                                                                                                                                                                                                              SHA1:D48A8FD14467FB211F52735E5E92AD4F12F07CEE
                                                                                                                                                                                                              SHA-256:BD882B04E425FF50F6B95AE0A7C3C621063CB31C202AF38DA8B13AC4E17C19F2
                                                                                                                                                                                                              SHA-512:21F6F6B01A00C592FFBF1C4E5A05609ABDF9A0A91AE1A55D648F76C206A6D35F18D4ACD66E4D00BC186DE825402A102B630505091341BFBFB17E4273BA7E693E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-./..........." ..0.................. ........... ....................................`....................................O....................... '..........(...8............................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......HO...U............................................................{....*"..}....*:.(......}....*b..{"....(....t....}"...*b..{"....(....t....}"...*"..}....*J.|..........o....*6..s....}....*J.|..........o....*6..s....}....*J.|..........o....*6..s....}....*..{....*z.|......i(...+..{......i(....*..{....*"..}....*..{....*"..}....*..{....*:..}.....(....*..{....*N..}.....{.....%...*...0...........{ ...,..{ ...o.....{....,..{....o.....3..{....o.....{....,..{....o ....3..{....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\BLEConnect.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):46880
                                                                                                                                                                                                              Entropy (8bit):6.317638048318189
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:vBYtgSk8JJUmLIPLriCfdz3BB2CEpYinAMxsMu5ktX:vutH1JczriaJRBW7HxsCtX
                                                                                                                                                                                                              MD5:BA549837ECA0CE18E7C0B3BBE0CB2292
                                                                                                                                                                                                              SHA1:D48A8FD14467FB211F52735E5E92AD4F12F07CEE
                                                                                                                                                                                                              SHA-256:BD882B04E425FF50F6B95AE0A7C3C621063CB31C202AF38DA8B13AC4E17C19F2
                                                                                                                                                                                                              SHA-512:21F6F6B01A00C592FFBF1C4E5A05609ABDF9A0A91AE1A55D648F76C206A6D35F18D4ACD66E4D00BC186DE825402A102B630505091341BFBFB17E4273BA7E693E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-./..........." ..0.................. ........... ....................................`....................................O....................... '..........(...8............................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......HO...U............................................................{....*"..}....*:.(......}....*b..{"....(....t....}"...*b..{"....(....t....}"...*"..}....*J.|..........o....*6..s....}....*J.|..........o....*6..s....}....*J.|..........o....*6..s....}....*..{....*z.|......i(...+..{......i(....*..{....*"..}....*..{....*"..}....*..{....*:..}.....(....*..{....*N..}.....{.....%...*...0...........{ ...,..{ ...o.....{....,..{....o.....3..{....o.....{....,..{....o ....3..{....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):188208
                                                                                                                                                                                                              Entropy (8bit):6.146379559258962
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:Gp4bHP7pBO2xKIr6/uSGSar8RNUhtDhEfiHvm24zowbqc8QIt5i9RoelLwm2AM2:Gp4bHP7W2emSbC8RNUhBhEfiHvm24zoI
                                                                                                                                                                                                              MD5:65611ED7CE210777BA8AE786A5D1A886
                                                                                                                                                                                                              SHA1:CB685859D0C4B616FBFDA578D3AF8369CA2E3EF4
                                                                                                                                                                                                              SHA-256:315014358C49304953E4D50009B3295DD1350FA995477B3F17163282CFB7D807
                                                                                                                                                                                                              SHA-512:F36256071F9A47CEB15DC57004F2A74BDC377582FE20317175181060CCC2D49F58EF71627EAACDD775946E40E531ED8941A2FEC56A5C45323002FD216F7DDCD5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._9qG.X...X...X... ...X..I0...X.......X..I0...X..I0...X..I0...X..~>...X...X..-X...1...X...1...X...1...X...X...X...1...X..Rich.X..........................PE..L.../.Ke...........!.....Z...^.......h.......p............................................@.........................p................0..................0'...........r..T...........................Hs..@............p..............Pq..H............text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...4.... ......................@....rsrc........0......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\BLEConnectWrapper.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):188208
                                                                                                                                                                                                              Entropy (8bit):6.146379559258962
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:Gp4bHP7pBO2xKIr6/uSGSar8RNUhtDhEfiHvm24zowbqc8QIt5i9RoelLwm2AM2:Gp4bHP7W2emSbC8RNUhBhEfiHvm24zoI
                                                                                                                                                                                                              MD5:65611ED7CE210777BA8AE786A5D1A886
                                                                                                                                                                                                              SHA1:CB685859D0C4B616FBFDA578D3AF8369CA2E3EF4
                                                                                                                                                                                                              SHA-256:315014358C49304953E4D50009B3295DD1350FA995477B3F17163282CFB7D807
                                                                                                                                                                                                              SHA-512:F36256071F9A47CEB15DC57004F2A74BDC377582FE20317175181060CCC2D49F58EF71627EAACDD775946E40E531ED8941A2FEC56A5C45323002FD216F7DDCD5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._9qG.X...X...X... ...X..I0...X.......X..I0...X..I0...X..I0...X..~>...X...X..-X...1...X...1...X...1...X...X...X...1...X..Rich.X..........................PE..L.../.Ke...........!.....Z...^.......h.......p............................................@.........................p................0..................0'...........r..T...........................Hs..@............p..............Pq..H............text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data...4.... ......................@....rsrc........0......................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\05b34d432336dbcf6ea0764da372603d_light_macros.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4229
                                                                                                                                                                                                              Entropy (8bit):7.734637703257958
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:NgMvCWB7s9aJQoPPKgoNnbXH2SotxFe9BhKueIXEBVgkwS0RDY:RvTB7s9WPPKjhzHLotxYYuEzfHB
                                                                                                                                                                                                              MD5:05B34D432336DBCF6EA0764DA372603D
                                                                                                                                                                                                              SHA1:58E812A73933E8C1916DAD2029695A6D4CBDB4E8
                                                                                                                                                                                                              SHA-256:16C517DBF2D9851D9E120B2993F23F4C33064D7B1D3C9935AD0E74D44A59062F
                                                                                                                                                                                                              SHA-512:BEFD9E01EC5F78128EA72DEA3087E197796AE5C435A212D8A4AF8BC51BEABC3CD6503856180C5A14851014F58630A8B9DF1A60459AA8D623C404C3976B587A3E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<...'IDATx..Oh....g&..b..Z...R...C/.A.b....W..$.z,.un....r..m..L.:....cr..C.RZ.....t...^.+i....>.XV..Z.f~......<.`...\.~...,.....?O.y[F.k,....S..p....>.s4.$g..(..,j.~^.v..9.B.+E...a..C.@..KY.=.3.kF.%.a.( ..f.....<..M...).C... ..~)..o"..8.. ._.3.r..A........j1..p .!...,..#....m......R.F.`.....T........b.f..b........,~p.V...j..`..E....t...l1......&m>...^.......`.....S.A..p..iX1...j....Q..........0.Q.N4@...D.z......gt.S..X5HW..k....~]Iuwa.`.w...SlHG0F..-~.G.:9......t.Q.H.we.c..i,XIa.H.....H...\y(...@.Y.6......X{.E../.....4..'....0....SD.R.GT.b]_4.z..`.._`%.}.y$.....$...".....nS.`....<.p...>]~p.0.x.....E.gm.|@....9...P.%..<..\...E`...jK.}....E.....l....3..J..X.....[...%+.......@.."..4-...J.^...mx...9........@.C...!.Gg~.....y....).>..$.7.....HW.....*.....a.`..E..Rf....r.._f.vE.....*..Q.O.D...`.R.E......?.}....F!.M...?.[.dmd.....b...Ii.F...._v.p..r..-.sK.O...9..................P.'

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\10ef167e3fc4673a19329cfe059963d9_Rewards.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):50636
                                                                                                                                                                                                              Entropy (8bit):7.976173088021026
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:c51aTAo+rR27Et1Mf1Vb/hSYnguhwTE0lYW2kp7/7tMAa:c540og2IHCLjfCE0eW2kp7/hMAa
                                                                                                                                                                                                              MD5:10EF167E3FC4673A19329CFE059963D9
                                                                                                                                                                                                              SHA1:9F671A7079E88627E44D72963D5109E8BBFF39A3
                                                                                                                                                                                                              SHA-256:2940858FB600C831D7E73CCED2C1D454775351DC24CC95897F9A95DC9F71D922
                                                                                                                                                                                                              SHA-512:0F42FD9C1E8C2D01CBFEB4768B2991647A737FE11F69257758424DCC8E5152429BFEA2C07107354191C2B0D7C1DFEDA9F408EC536B2F0A0705524EDFE7C23F3F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........sBIT....|.d... .IDATx^...$Gu...M...N..PF`ar..B$.....d0...-.. .a0.D..6 ..1&....&...N.;...m.<.._uUoMM.tO.....hRuu......#.9.8.8..t..(&N!F..~*n.N.N....w.p.......J....f.. i%....@.%...."u.:.8..U.:..s`.5jGjn.'../..@+~...8..q.t.@.........Z.....2..<..V......u..$.S.8..x].N.N.=.@....4@=.2....H.........I........ 5..v..v}..8..p.8.Z....$.Y.Q"...0..$0..kd.4i8H...q}8.8...8.r....Z.@7Aa..@........@.t.k.Zu..$.'.8...a.....nB.9.A...#.>.VA(.<....."r.t.X..p..z...j.@..~...%....+j......G.tE......W.e...I...p..Oi.c9.t*. .Q.s..cjP..u........~......7... .@......B...s.....I.I`I......$.R$...h0..o]..+bT]n.).2..Q. . h.g...I........!.#8.8..Ffi"R..^..;A..iO.g..k..{..wmy.g....=............oU#d. ..Z.iw.w.....uM..#'..K.E.O..c...:f...9q...*......'7o9Z.@..n.j....<G.J...|=....L....lB.p....Z.....0.E.J...<..gs.........;..%....yq..z.../.5B..@..).A.i..\J..........3Un.kF...S.Q..:&....b.}b.^.+_....ls..=........!.9.r...bZ.f.b`3.H.!.C... .@.6...N......^H

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\17996a81108fcd78445459db3355ae93_alisha256.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4594
                                                                                                                                                                                                              Entropy (8bit):7.806645778474855
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:SXXj3QTa3ayIsiiUSGBu2ePW1L35dOOHylDULjOZCMg8bjfUinTNk:Sj3tZIsiiUPu20W3dOOS7CMVS
                                                                                                                                                                                                              MD5:17996A81108FCD78445459DB3355AE93
                                                                                                                                                                                                              SHA1:705730AA0535D5E5AA85DE863CAF3CF66F1F3E7D
                                                                                                                                                                                                              SHA-256:E52C8E6146A6A74B81CAA42B4D71BC3F4FFF424071E3DF4CEAE9E831D18DC902
                                                                                                                                                                                                              SHA-512:69238BF9E967CE02330FDCB42C40276B25082C933A3632C91BE7F3E68362BCABDAD103CDCE0DCEA0061D1F4EBC6F1BE4356551A6C32A46BC1551B75D16EBC149
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..o.G..gi.. P@5...L_.$..30r.i@....T}...w....Y*R....r...#4`(A..>.6...D.#.%.n.5....]....X.-....w.{.v.SPZV.W..K]..._..GM.y.......s.?^.?w......>g..x.A).^....Z....fG..sm.=....=.....^O..^4]}.1t0........e.]=.h.@.B....p....!.G1..D.....o.;|S}(.A8=....7.}...(...h.W..D...<..0......}.f.C....$z.zK...>.4a.?.. `.E.......h......@^...or.72*...P`.Y...:.'.7.V ..6...0..k.nOQ..F ...{....D.......0.. j...hX.....@.Oj@...8..KQ.w..b..]..]{....N.?..].9(....op....:".c..._..v..aJ}`...<G._..'..i......./..w..b ..w..!.(q....C..........\...CJ.......Jp...Ya.L.g..e^_.}u.S....X..o..D.L.A.X3]X.@......C......#.(0...E.Q%.%..T...?E.`.r.>..$.@..o..u...-NZ)..[......S}.b.....:......VI.R......%B6-Y...?`.....L...*.AAE...v m.M....?..&`.,.....6.).`z...Z...8).9.oq....S...?..&P1@...?8H..A.`..i...Y/r{2.@.7..UQ...].S.^A..N..T.....Xg.+@."z...y.8..F."....?..u..e...E...k.P.y/4..(.f...PB..Zr..I......[Q..A.<....\..y..6.?@l.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\1f6bb98571bb6d014a3310426e4bc40d_Mouse-6-customize@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):41360
                                                                                                                                                                                                              Entropy (8bit):7.976828332036948
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:c5aImmDvAXYm/QPI8S/tVicQ+CutcOwHn2Pq8aJMx8VE0yEgZxGw+xA:cstoFI8UeuyOA2jaZVEJhrl
                                                                                                                                                                                                              MD5:1F6BB98571BB6D014A3310426E4BC40D
                                                                                                                                                                                                              SHA1:588F08AFEAB69B2D275A85C2DBD501426A584AC2
                                                                                                                                                                                                              SHA-256:6851A89BD1E538B0649DF43B778C024D8A7C19B84040B3ED5E0138B7C819AB2F
                                                                                                                                                                                                              SHA-512:D1F4D45F4AEB855B28A2003A58DCDEEC54B348AB2B5484CA26A868C72E5B06356ECF01A6B67ADA6C4F66E90300DA76E8D04BBEE954772C85992374A398B3DE97
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.1 (Windows)" xmpMM:InstanceID="xmp.iid:599CB3F15EBC11EAA4F8D65D97529997" xmpMM:DocumentID="xmp.did:599CB3F25EBC11EAA4F8D65D97529997"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:599CB3EF5EBC11EAA4F8D65D97529997" stRef:documentID="xmp.did:599CB3F05EBC11EAA4F8D65D97529997"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>~.......IDATx..]...E..=3..,9.( A..DEL.....9....xg8<#..(b...P.* .x..vaa.6.yg...3.S]..zvgw._1..c....(.....@ ..M....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\20deaa463cf012355d39684aeabde199_light_synapse.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6002
                                                                                                                                                                                                              Entropy (8bit):7.822012369404443
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:9Y2cBCutlBGCJ7oOTAUyxGa/y2kcaKr4MMxB2qbInwElP3NP:9iICJEOUU2ttkcJEM0B2rPlP
                                                                                                                                                                                                              MD5:20DEAA463CF012355D39684AEABDE199
                                                                                                                                                                                                              SHA1:F6A07ABDE03CF5594C133D239982A21AB78BAF49
                                                                                                                                                                                                              SHA-256:D4B94B948C3930E286F450C5B8363EE158F695985ADC71E800EFCA40C8C225CE
                                                                                                                                                                                                              SHA-512:C16E3654370ECE5C28F707308E702B496E3BA1BE6F30F814AC7933EA7A4678876C3BF42A57C7E05F1356C88C9A79B9C6C1CDDB4E017DAA4BB7AC87EEFF1F2F6F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:4B8B4C4C7BDA11E7BC10D59B070A5BD4" xmpMM:DocumentID="xmp.did:4B8B4C4D7BDA11E7BC10D59B070A5BD4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:4B8B4C4A7BDA11E7BC10D59B070A5BD4" stRef:documentID="xmp.did:4B8B4C4B7BDA11E7BC10D59B070A5BD4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.))....IDATx.._.T.....P,b....Z.%...k.I.&.6.4.%.O .<.>.....B......./U.^.....F..x..]j,m..FQ*.1 .m..w...03;3..{.9..I&...

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\233df7636041add6d59c18f6037680e6_LWI-SophiePro-1.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):170300
                                                                                                                                                                                                              Entropy (8bit):7.997394106556343
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:3072:+a687NHdjGNeUZ91qX/k76gV6ARUUgwwQu7GtnMY1c4N7sXa5hJVm0:+KNHdj0e80gV6ARUp5Y1xh3J7
                                                                                                                                                                                                              MD5:233DF7636041ADD6D59C18F6037680E6
                                                                                                                                                                                                              SHA1:233C28D95EAE07A84082F75B90274F928EBECE50
                                                                                                                                                                                                              SHA-256:1E36A93502034A7972FA37EBB842792BC6603C3897268127D991DF5388E6D3B9
                                                                                                                                                                                                              SHA-512:11BA59BBD49CF9FF1C49C6ABE74D9C08A2AC4C118B2D5BAFE272FD1638831A91C19C271092D0DA53D4E99D2E04C7C94F6F4250334AC4A723EB20FD3665445ECF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.....@.......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:8553130853B311EA8998FFBF21A5B49C" xmpMM:InstanceID="xmp.iid:8553130753B311EA8998FFBF21A5B49C" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:84eeaffb-6c10-7049-b2da-28b78e89f8bc" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>rb.T...NIDATx..i.d.u&

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\29da985a8261988461157579b673aa3d_RAZERAXONlogo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 236 x 236, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11337
                                                                                                                                                                                                              Entropy (8bit):7.964853997823352
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:a7oSgGrecqvNzb+B1TBtfJEB++KvBHW/9+O3tz5lZXeV+O6f694DGm05Wy1D57M9:SRrLCBmTbJW1iBHWl+aF5O+O6f67mA9M
                                                                                                                                                                                                              MD5:29DA985A8261988461157579B673AA3D
                                                                                                                                                                                                              SHA1:6965548D6DEFB9A42B988C47976E02765479FF9E
                                                                                                                                                                                                              SHA-256:2DD68FA85A42371E62C013C7419F5F7A0F0007B530233B24520D26FD37298698
                                                                                                                                                                                                              SHA-512:8765999BDB3F5BC0EEA823826FB44D893ACDD518EAC4C22B87C08A2646D8313799FDA70C831EBB57C474375A54EF1857F3C8CC3A56A1B8C4A598CE119AE72AAC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............w.J.....iCCPsRGB IEC61966-2.1..(.u..+.a.._....H..K.d...8l1...2\..~.m.}....rU...u./.."Rr.L\X_...=O...z.....y>.XCi%..{ ..i....^t.^i.......3s.!j...,..s..j..;.cq].K..j9.I....j.p......4...GK.fr..?&k.......d.G.XIi.ay9.LzM)..|.=.....-... .|8.b.?..0*v.7^.eG.|O1..U.U...X!I..}..I.....q.i.f...UO.zK..>hx1.....@a.0....p.u.p..........u..M...h.=...'5.E.R.,k"..g....[hZ*..|..#.6.n`..z%...k.g.......pHYs............... .IDATx...y|\gy...s..h.[.-Y.c[.Hv..p. ......%m.J.[ ..p...i......m...M.(...B.5..dsbid.m..E...r.s..%.lk...93......fytt.s....+...k..]""j#"...$..E.,.Y!....Z...Z.Z..(G5..B..."U..D...C4..Gd....@{Q..zq.^.9.....bG.........8.......d.........J0V.r..-!......n...V.K'.k...\........P....t.X.@.U..L$JG.;.w.$.C&a...]+.p T"X.T.h..D..B.&..,.......&E8..W.S.)......C.;<...=...u...$l.\.m..UkA.Qm.a5.:`..$".^...:.t..Aw....n......#.q.c.7&a3.......,EX!.z...5"R.u|sAU..=.O..4.....v..X.9.u|..$.,ll[..).@,..e...d...9}..9JB..h..4.nu.v..gv.tMx.._..M.em.`1,

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\3140d624792d0f04d02efffcc88ea3ab_dark_synapse.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10968
                                                                                                                                                                                                              Entropy (8bit):7.932872060413357
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:9dgz7O5VoBAy+xi7cqAgCZzU9qEikcH6PDK732V8RuLS2+snt7E96:9diO5Vmci7JAZziqEk6g3YLS2+286
                                                                                                                                                                                                              MD5:3140D624792D0F04D02EFFFCC88EA3AB
                                                                                                                                                                                                              SHA1:26FE5FF7822E3A5A4DD8EF46DB17F6FEE684D1FD
                                                                                                                                                                                                              SHA-256:D35AD28BC1165EF7286B862DA0EC19EF65E3FC0C8759C7249066508E2AAFA917
                                                                                                                                                                                                              SHA-512:6B3CC510307F4F1E344B750AFE10265D673B93A5EE34A5F46DCC005E8B885FA818BC25FE7C358412B8B5E5068C2BF06AE00C3FE654D34352474862FEE696C674
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:52F638337BDA11E78B63C153456C03E4" xmpMM:DocumentID="xmp.did:52F638347BDA11E78B63C153456C03E4"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:52F638317BDA11E78B63C153456C03E4" stRef:documentID="xmp.did:52F638327BDA11E78B63C153456C03E4"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.9n...'LIDATx..}...U......U..T..$.B.I.2.P@|*,P..u38v. *.z..A.j..^.Q...~..n......c...H.L .$d"s.$..x...x.;.T.B%..u.....^.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\33e43f4e93382bf68e254b86d08362de_dark_macros.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):12867
                                                                                                                                                                                                              Entropy (8bit):7.947510849054734
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:Teqh34o8rPtcPU05nnH1xO4Gmrn1zgWLgJKtmefDBy:TovwnnH1xO4hvAK/g
                                                                                                                                                                                                              MD5:33E43F4E93382BF68E254B86D08362DE
                                                                                                                                                                                                              SHA1:C5649B994D4444DE8C6C119A0883E7E4AF3CD37C
                                                                                                                                                                                                              SHA-256:07DFA9AA5352DBC42FC7D5CF2E3C658B7ACD22B8DA7C5457507A3C1381C27765
                                                                                                                                                                                                              SHA-512:054666C486A8A7B0C0D08B8C794EC88B47DE882B1A3086C46C1DEFB5A064ACA57AD96F0998030C139B9E4FB631E182F701D2921DD2A86C473F495CA97F4BBE22
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............+u......tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:A26E5FAB78EB11E7A40ADD318F0298DB" xmpMM:DocumentID="xmp.did:A26E5FAC78EB11E7A40ADD318F0298DB"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A26E5FA978EB11E7A40ADD318F0298DB" stRef:documentID="xmp.did:A26E5FAA78EB11E7A40ADD318F0298DB"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>`.2y....IDATx..W.J.@...IM.....j.....x........7.BE.`(.D...$...u..$....@Hv...L....Ek3.0.0.f~...R.X[a.......

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\3c10c6457b0958e8d6cc1bfd4255fd31_GameBooster.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):145606
                                                                                                                                                                                                              Entropy (8bit):7.979197060176394
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:cnr3yLgdV0OWy8G86EY/XAUO+NmGIQNNarfta7Mi:cnuLgkOLj86HPAz+MGNJZ
                                                                                                                                                                                                              MD5:3C10C6457B0958E8D6CC1BFD4255FD31
                                                                                                                                                                                                              SHA1:CB4471816D3B393F64B18D25C8907EDF72DF32C4
                                                                                                                                                                                                              SHA-256:6B19B45B0E6A5C5C6579632E67C3A4257768739907676DC9F11EC30873B398F8
                                                                                                                                                                                                              SHA-512:EBC7B92562B5E95F71DD0237C1A2F02939DBB033CBB631CDCAE8C3EBCF4217ECED4B88815DB404928180C29DF328F986C11E2FC45EBC0662A92163E32FB276B0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........sBIT....|.d... .IDATx^.i.dg........o...Udq.f.{z.gQsf4#.X...........0...c.............-..%K.....f...#u..6l.d.X.-+.%22..?....y32..H......dD....{.7..sR.y$.H,.X .@b........R.l..t..$.H,.X .@b.....@.E.X .@b........;.$....d....$.H,.X .@...k .@b.......$.8v.H..;....$.H,.X .@b...%.@b.......$.H,p.,...cw..'.H,.X .@b.....J........<....r..5.W^y%._.A./9Nb.......,...;.@b......F.....>..%.N,.YZ .@..u.}'.H,.X.AX .B....1.1.$...;..t..$.x.-..:G1=ay..=..B2..a.....+&.H,.X .....(..ezH....=.........T.c.........5..$.H,..[`........+..^q.[.|/..W.7..k.w.....?9...F.$..a<k...$.8.....0..lFY .z......'.Bz..,..#@..Ge{...G...O....E.e....g%.Sb.........D...{.=...6.....QlP|.(.$.2*.....{au..6....B..|Z.$...Z0.>.@b.......?F..-.b.b..$..@),..3.X..0.3.x...3..oi<........G....I..(.{...............5.{..}>.........`..-.@b...G[..#@...].....a...'.>.j..........a..c..0..#....p@0.?..h...m(..Bb.@u.`s..|.....{.(..z..:>.:.ib..._d..~..~...Aeg..a...G..........b.K...E.,.".B.V..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\3eb94c6867b24b25995491da2b5b5536_SystemBooster.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):29874
                                                                                                                                                                                                              Entropy (8bit):7.92678893790336
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:cRA+/MMNAWtmuR6IZz8m3oI+xxGi+SKSWntlqwu:cj/MMjR55roI5aWWb
                                                                                                                                                                                                              MD5:3EB94C6867B24B25995491DA2B5B5536
                                                                                                                                                                                                              SHA1:50208A8036375AE05CF8574781A1FA1C21F6B231
                                                                                                                                                                                                              SHA-256:428332A531DE85DF3A5C8FEACDA10A7D05407BADDD5EE54BFD6362F51E8E4A51
                                                                                                                                                                                                              SHA-512:13D9571F6E9A7AC802CB285F6A2ECEF3E8D40B40C83723649BA7868D184757FE1E123C6D56028B57195D3ECD40E45176B860D8DB5A9D239A47E7B7AB52127758
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........sBIT....|.d... .IDATx^...,IU6|&..o|o.wa...$.~$...$......P.%..$..... .. .D$.".." ldwY....}.;y.s..fzz...z.{.{N.wf.......N......#..0...#......1+/...`...F..`...`....`...F..`.....@cG9...`...F..`.X.q.`...F..`....C....Q..f...F..`....@\...F..`...F`..`.4v.s...F..`...F.....F..`...F...;.X....\`F..`...F..`..u..`...F..`.....@cG9...`...F..`.X.q.`...F..`....C....Q..f...F..`....@\...F..`...F`..`.4v.s...F..`...F.....F..`...F...;.X....\`F..`...F..`..u..`...F..`.....@cG9...`...F..`.X.q.`...F..`....C....Q..f...F..`....@\...F..`...F`..`.4v.s...F..`...F.....F..`...F...;.X....\`F..`...F..`..u..`...F..`.....@cG9...`...F..`.X.q.`...F..`....C....Q..f...F..`....@\...F..`...F`..`.4v.s...F..`...F.....F..`...F...;.X....\`F..`...F..`..u..`...F..`......@...h...\`F..`...F@"p.....c[p.......#..0.....1e..*..@..,.6d [.@.t..nnB.....f...F..H..,.RA.~!.. .?....^|..@..K..K...q..>.9.g.)..#..0.....1..^....sP..E.,A._m:...hL+....`.... ..(!D..M/.h....m...........1...#..D....H`..M

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\42338f87a17534cce39b8c6b0e69eb61_ChromaConnect-2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):34925
                                                                                                                                                                                                              Entropy (8bit):7.960457813142095
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:cbpUd/4y4jNziSeb5WsbQeA9cb/YDStveeoT4rOLZ:cbKdH4j5iSX28cbeStvzoTBZ
                                                                                                                                                                                                              MD5:42338F87A17534CCE39B8C6B0E69EB61
                                                                                                                                                                                                              SHA1:4F8F300FDC3D041DE3C7EBE4A64A2A30C7A1DF5D
                                                                                                                                                                                                              SHA-256:646560D1976753087340D21E04BA0FA4951D12214A8777D4DEA121863418652A
                                                                                                                                                                                                              SHA-512:C6DD04BE69D25BC8DA5EEE29107A0E971C2DAD60F0BA86BD0B77C0583BB0863DF1EAA7AA347D3A0C59332DCD676238D6651F788E66759B26500AC3B9F853E05B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:67460719DDA011E8816CE59E4A832E40" xmpMM:DocumentID="xmp.did:6746071ADDA011E8816CE59E4A832E40"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:67460717DDA011E8816CE59E4A832E40" stRef:documentID="xmp.did:67460718DDA011E8816CE59E4A832E40"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.yD.....IDATx.....Gy6..s..,....[8t......FI..%. .-$|.B(!.B.C..H.........L ..A.[.dI..z%.r..|3.3....l9..{.z.i...s

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\424b96b895c38a661a0707487f06489e_Dark_Hue@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):37334
                                                                                                                                                                                                              Entropy (8bit):7.983899560416525
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:GBLO1BtXzom2TYRvXwPQbsqUp1KcWdGpCN3JOxYbo/nJdH/0CQCfR9G6l:SLcBtomqDPQbsqUpAZDN3bo/nLcKLG6l
                                                                                                                                                                                                              MD5:424B96B895C38A661A0707487F06489E
                                                                                                                                                                                                              SHA1:25B284C3620F16CCBAA9C320734CAE20B7B117EB
                                                                                                                                                                                                              SHA-256:A114BF3E7B7F98978F466D0BC5F55EA365A5C0B13CCD66F701A715E425EC1E61
                                                                                                                                                                                                              SHA-512:6CDBFF66630361B6383BBB5CB024A005F0E15AA6C0080345919CC840589F5C6FF51E3E7224C5232813638D22F5A13761074A967FA3A39E8FB0634210170418E6
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...!iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:D4210463C4FD11E78500CE835AE689C7" xmpMM:DocumentID="xmp.did:D4210464C4FD11E78500CE835AE689C7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D4210461C4FD11E78500CE835AE689C7" stRef:documentID="xmp.did:D4210462C4FD11E78500CE835AE689C7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>z.t9...KIDATx..Zmh[U.~N..i:.&m.|.U...K.... S:*D.....U..1D..?.?..(ke"..4S.c-....R(M..R..f.t.j?V.|.&.s..u{o..,..y..s.{

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\45c30ef5c308822699a6815023c81281_LWI-Natalie-2.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):114873
                                                                                                                                                                                                              Entropy (8bit):7.98721697806487
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:ctJ41bo9oIZedzla3zc0IfZ7AipJ5po756fRIQ0VPg:cDBqIUgIAiDne0qQ0VY
                                                                                                                                                                                                              MD5:45C30EF5C308822699A6815023C81281
                                                                                                                                                                                                              SHA1:9D78EF448CF2C48A139B193C5CCED068834EBCBD
                                                                                                                                                                                                              SHA-256:812B8D22D96E2CDA108C718C5C4227DC83DD8A894CB7843A0195DB7A45242473
                                                                                                                                                                                                              SHA-512:DBC9BAD5CEA0A97C66430AAD3E1F0B553D79D81A4B8E7D537540292EFB7B6756BB69F437E8F7A7982253C931EEF89B8E155F794C73B4E565C0E2183CDEE19535
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.5 (Windows)" xmpMM:InstanceID="xmp.iid:50136EBA1B4411EC9783DB6480A78D8C" xmpMM:DocumentID="xmp.did:50136EBB1B4411EC9783DB6480A78D8C"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:50136EB81B4411EC9783DB6480A78D8C" stRef:documentID="xmp.did:50136EB91B4411EC9783DB6480A78D8C"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.?.....+IDATx....-.Y......y....5..%.H..Dd..!..A..J.....8<.P.b....q....R..P....P`...l0P..z.4.H..........^+...G..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\4e9512ed0ddf959ad181958f4533bca2_audio_visualizer.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):11356
                                                                                                                                                                                                              Entropy (8bit):7.920375384672537
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:A0vhUAQou0PBf5u/jT2J/5eLN3DiIBryJxAXdJI1M4gk0yQSqcF+zFnKo:AmXQ30PBf5u/jT0WiIBryJxMjLkLQSRu
                                                                                                                                                                                                              MD5:4E9512ED0DDF959AD181958F4533BCA2
                                                                                                                                                                                                              SHA1:2760A54343EF743E8027B19A06100C97B88753AB
                                                                                                                                                                                                              SHA-256:D3F96FD64667EB39297F17C7F630172CE448080BA730DDA7575D813BB20484AC
                                                                                                                                                                                                              SHA-512:0DAE7A92B6FFCC4F14A0F2AA413F8AE77C36544557579C2A4A51CCAE8A211F5977ADB0F62D4159A378CAA9611581028B4B893D0D4B5E2CF0EEA4E2B6F721B6D3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<..+.IDATx..}..,Wu.3..pl.......A.H#.....<...!.k......R.P`..I..So..)....&N..*)'.2~#.ecc..D...~+.HB.5(`,.h.*..o.O....o...3;=..}......;..}..s...`T..=.=E.u*-.........=.T.....!.3.i...G.W...d..O....1..Fi..w.....mxO]$.........4......@-?b....G-./(N.3.h.c.`,;./..*..m$.H.0.....c.`,;FpSHt..1.@.....CM..,..e....i..!....+|....H..c.....n.0.B.p..0*B|.....`.`T... 0l.,............".....E.......0.-`..0JN|4...../....l.3.-8..QH..Q"..p......d'..pH.{....1.g...#.X.|..j.i...$g.4......m..#..v....0J..z..G..`..}....."...(...w.........Qk@.......X.....7.Bx..P.;....1s.}..f....%.n....cB+.c.....g..e.....M............+....C.....fkl&..`...\.[..%3.....V..}....v..-......`.k.........b3.k.._........#..J~}.,B0wl....,..u..4...(.Z...?..O:...vF...l.@...A..0Lpt..,.......{&a..7x..>?...A.j...^...@.....mj..sK.........0&......,.~.E........P`.uV.6....n..!mo....o..b=' .|..._M.............,.E$....=.k..7...E.7..>..X.....}..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\5963643b12004933f6e785fec303d18c_LWI-SophiePro-6.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):170948
                                                                                                                                                                                                              Entropy (8bit):7.995961727653888
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:3072:In2R8gKkHNoKyd758oJDiwsciSV51G4RWjOGiKo0t9ggRXPH4oooFL5K8O:1R8fkHiKydl8obbn1RUviKo1gVPH4DmO
                                                                                                                                                                                                              MD5:5963643B12004933F6E785FEC303D18C
                                                                                                                                                                                                              SHA1:549DA484F810A627D18E0A847E30BEAE8CA59629
                                                                                                                                                                                                              SHA-256:49635C6B5EA912440D67845C7FE0E12918E51D9E9BB40692DFA88E98E35699B0
                                                                                                                                                                                                              SHA-512:9FFDF26A9AF2EB2DFED9A475DB35D7C5A3AB6DF370ED579387E9ED3718BEADAA94F6390B444FB857C9078F290FECEBC2AF17A25F43DA86A568B764FFD49DDFD0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.....@.......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:197B6B5453B511EAA32E9EE90A375ED3" xmpMM:InstanceID="xmp.iid:197B6B5353B511EAA32E9EE90A375ED3" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:84eeaffb-6c10-7049-b2da-28b78e89f8bc" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.D......IDATx..gt..}/

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\5f6ca8f479fe71fd77046e5799edf7a9_LWI-Natalie-0.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):34851
                                                                                                                                                                                                              Entropy (8bit):7.967829187058663
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:cd4ou8JgOIwoTPRXfYOCZbbpdl4m0kQ8EFiteg5w:cmROItTPRXXynjWF8EFiteuw
                                                                                                                                                                                                              MD5:5F6CA8F479FE71FD77046E5799EDF7A9
                                                                                                                                                                                                              SHA1:A07245C85D1FB61B48AAE0A4B626EC608D63EB22
                                                                                                                                                                                                              SHA-256:2448B5759477715409C4C36F1A132EDACE5BE1F1EBD049EC4274411AEC829976
                                                                                                                                                                                                              SHA-512:C111FF7D5CDAEA7B92CCE1DC07D3B02897A8302BBE06229B3E77D9B097B3714068BDC6C31126793D2FC4CFD55A30904514991948DAE5A1A9A72D9B57D759DFE0
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.5 (Windows)" xmpMM:InstanceID="xmp.iid:BDB5D6481AB511ECB0B9D0F272BEF395" xmpMM:DocumentID="xmp.did:BDB5D6491AB511ECB0B9D0F272BEF395"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:BDB5D6461AB511ECB0B9D0F272BEF395" stRef:documentID="xmp.did:BDB5D6471AB511ECB0B9D0F272BEF395"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>#SEz....IDATx....\U...+3..-........@,.:X.A.EP.;v.{..A......(H...........H(!...6e7...;wv6....^......s.-.{.)F&....D

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\6aeeee0f40118daff6219b7498284665_RazerCortex.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):106657
                                                                                                                                                                                                              Entropy (8bit):7.990200894826057
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:3072:cnu+0msPrn3uQohcaIlomoiVhkyHh+Q2IN7gZ:cnx0marRTlomoxTQ2INcZ
                                                                                                                                                                                                              MD5:6AEEEE0F40118DAFF6219B7498284665
                                                                                                                                                                                                              SHA1:0A8A4B4F4ACCD0404D271D9A921E8DA5CBDBE5E6
                                                                                                                                                                                                              SHA-256:E06BA63343085B0E0371A702D9076EBC05241D941FFA6751CA1C04D5B3DC1C3C
                                                                                                                                                                                                              SHA-512:8E31A4F0541E2B37A67474B7F3672E15CC304EA9E7985BAB43EEA6D82D9BDEC52DE77C835B50D436F917BD2FA071CE05DCA2446D27C62DF7E9F55B5F691D9366
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...AiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 9.1-c001 79.a8d475349, 2023/03/23-13:05:45 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 24.7 (20230628.m.2223 0770f83) (Windows)" xmpMM:InstanceID="xmp.iid:A0575C2C1EEF11EE95E6F985377EC5D1" xmpMM:DocumentID="xmp.did:A0575C2D1EEF11EE95E6F985377EC5D1"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A0575C2A1EEF11EE95E6F985377EC5D1" stRef:documentID="xmp.did:A0575C2B1EEF11EE95E6F985377EC5D1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.?A$....IDATx....,Ir&f...w....t..$w...V.b.A....).C`.......B. @+..........=..^...3...

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\6f8f3193d4fbdf128e65edd124a89bb7_GameDeals.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):38204
                                                                                                                                                                                                              Entropy (8bit):7.953994301052847
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:cgaaIyWnFulWiSaG1IwGk8CsfnF6JC+AMAuAp12fsWr6r6+3hJbcWAdGgjx5:c0bVlWHm48/F6bAuk1254HAPdGI5
                                                                                                                                                                                                              MD5:6F8F3193D4FBDF128E65EDD124A89BB7
                                                                                                                                                                                                              SHA1:B82A0CB8A5C0D15B631C57E2C746AE30DB00B11C
                                                                                                                                                                                                              SHA-256:A20FF41367E4ABCE24ED4F23C203E8F61F57B09FB8E88A7C112A7B3BC5352F48
                                                                                                                                                                                                              SHA-512:0FCDA24A71F82367FDAC9480D8E416F1A2FF56AD9319398B9B13468A2E5DAC4B87D733BCD48FB65591316AAB40F3445F377659D684EABE124D86FB79D0D3BA26
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........sBIT....|.d... .IDATx^...dY].*.|:....&...C."..@.1>.pM.O.....5^....QA.......AA.%J..!M..=....v..o...j.].w.s.......j......(.x.x.x.x.x.x.x..0.dv..................P... .............q.................... ?.............v..<....'.-.-.-.-.-.-....o.o..Y.>.......~O....;....vj...............k...R7=....q....j........@"....T_...]..-@(..<.m....[.....".E;.&.....`....v..s........J.ec...k.........~~.9.....6P.h.F.o...H-.x1.i........k..*O.zZ...:....M.j~..kM.:..9..|..$..d(j.D...;........_...<|......Z ...B..8...q..H..^W.g.7]c*..w..[.L5.....S..w.H.F.h.B.a(.p..y.lW.x..=...[ j.X.ivm..;K.G...x.t.r.n......r...R.-v|...C.....u.Z...IE.G.F..(..)D.@..C^...o.mo../J..".......R.=q..<..(..rve......4^....kN...O..z......G....\ j.....]..B<........-.Z .b.m.-.-0..HP{.)=Q.G......(;Q.....pj.j&....9...[.I}...n......,.s.. BR...."P..D...2..C..&.....-..../H......`....uo.A..<te....;......P=c@(.N..i...%7..<..v2.{...H.#.".".O(...@D...C.!W.....T!.B..C.M.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\7492f287df3f07064c6999c1a0474b96_Mouse-4-customize@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):33124
                                                                                                                                                                                                              Entropy (8bit):7.969982213524337
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:So/axP3aAyvJt0kwb+KpkSUQTGfM5KiCJ9:z/400kwhX5dCJ9
                                                                                                                                                                                                              MD5:7492F287DF3F07064C6999C1A0474B96
                                                                                                                                                                                                              SHA1:84321241F3D64531D9BA2C10CE62F76FEAB57FC9
                                                                                                                                                                                                              SHA-256:E77324D1939E244598B449BE5BF90332E171A7B55352432FCD7B20BC6C27B2E0
                                                                                                                                                                                                              SHA-512:EF53C79D472F9F53311BB0B0F594C61921DFC696C16C281BEB94ED62EAED1F601F619143E3CCA92E02DAEB763A789CED2B5D17F99700B6FF6D7B0B49FB597BBE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:342350789DCF11E78DCFF67067E4AF6F" xmpMM:DocumentID="xmp.did:342350799DCF11E78DCFF67067E4AF6F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:342350769DCF11E78DCFF67067E4AF6F" stRef:documentID="xmp.did:342350779DCF11E78DCFF67067E4AF6F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>y..|..}.IDATx..Z.O.A...."."...MLK...5.....Lc.C.CO.<..'...&..<kb.xlMoU..j.ph....K......e.eg.W...K.|....73.a...c

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\78498da289014bf19c6ae6e636578e4b_Synapse-Installer@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):125805
                                                                                                                                                                                                              Entropy (8bit):7.994600313158606
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:1536:MVpBdNNX9J61VPSb9P6OzRD4Gupn3WfgBTOcILrGkVkoEsjPdR2glbH9xGw4Eiwh:AP9w7PSb9PX7oru+Kjbrat1Mccz4EJL
                                                                                                                                                                                                              MD5:78498DA289014BF19C6AE6E636578E4B
                                                                                                                                                                                                              SHA1:D8DD4B75D3E6E91296CDEE11BF95A7918B8DC779
                                                                                                                                                                                                              SHA-256:EFC18B5D707619B58B93E5FE8D449BE3FE449256A66F335F740B3530EFB1A78F
                                                                                                                                                                                                              SHA-512:B98BAECCA9D5D01C00A47C95046026F5C36616DD31154476CFC25B78496BF104EAAB0FE05EF27C2D0ED69D0A2EE69455A82BCB03D7F6F4F80DF60CFD7BAD6F4F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:044446799DCF11E7817AEAC6276944CD" xmpMM:DocumentID="xmp.did:0444467A9DCF11E7817AEAC6276944CD"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:044446779DCF11E7817AEAC6276944CD" stRef:documentID="xmp.did:044446789DCF11E7817AEAC6276944CD"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..Zkl.....O{...zw.~.8!.$....H(.......J+.%Q.T....T."._.J...."E!....Jh..H....^{.^........;..v...;..h

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\847e43fe011694060f49ca148ebe77f3_LWI-Alisha2.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):79514
                                                                                                                                                                                                              Entropy (8bit):7.98876365048384
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:ca2EGnAop6Xy8lToIlIEsuUvh5uKU99e/O/XYCvAHjx6eMA:cDEGnl43sJ5PU998OAeAHjxAA
                                                                                                                                                                                                              MD5:847E43FE011694060F49CA148EBE77F3
                                                                                                                                                                                                              SHA1:7E8DD7052D28151F9F6F851C6837E0C8EC5CF182
                                                                                                                                                                                                              SHA-256:EF5DBB30D24D75AE356E45B246265B9E9BBE7A68CBEACEAD806F0783CCC99B45
                                                                                                                                                                                                              SHA-512:D3FF2E347774825D3FEA6DBB8B38480DCE3C3C639D57B770246EA9479DAC517E824BD0CF87AC0AFAB690A0CE69718D6B5301858E1849B799A55D8CE67BDDE985
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:08ABA522D5EE11E99C42B793898AC0FE" xmpMM:InstanceID="xmp.iid:08ABA521D5EE11E99C42B793898AC0FE" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:d78a1ee3-f47a-5641-878e-3008735a3690" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...e..2.IDATx....\.u%

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\88cf9acec89f44de523bae98a788864c_LWI-Alisha4.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):13850
                                                                                                                                                                                                              Entropy (8bit):7.834904432252674
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:cyNuZF+qoek5A5Z8UV51AauD6Si3+AacnltvfEXJgIT0lG8qTj0FWCU37hrLxZmm:cD+qDk5cXO1613+wvOJbMG8aeW3DV5
                                                                                                                                                                                                              MD5:88CF9ACEC89F44DE523BAE98A788864C
                                                                                                                                                                                                              SHA1:4A1B19749CCB5752AF7550B01D249CAFC8FE1578
                                                                                                                                                                                                              SHA-256:95CB17D481C559AF1B1D6253064CA1FE69530D4BCACAACC8A68DCF972A04EC18
                                                                                                                                                                                                              SHA-512:5DCF8D2029C4CDF9E603FB9EEAFCBEA50E262C4CC3B3B68D81F3054C873761772A56D0C5F1F0DB653B0F6411B32C144E8E48251D009374DF42C51E14C06734DE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:955D739EE3EB11E98631F27640615F60" xmpMM:InstanceID="xmp.iid:955D739DE3EB11E98631F27640615F60" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:a18295c3-526e-0946-8790-414757e61244" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..?T..2,IDATx......E..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\8e859396a7087d1d842e18f64b7edccd_LWI-SophiePro-0.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):165546
                                                                                                                                                                                                              Entropy (8bit):7.997753492525422
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:3072:31UkeDiFZ/vZ1xahhGbb6R7C92FFXMbfn2P5qI7SiF26XpaMK0QT6:3S/irxahEwso6mDwUcb6
                                                                                                                                                                                                              MD5:8E859396A7087D1D842E18F64B7EDCCD
                                                                                                                                                                                                              SHA1:6BB1D487FA06AE65E0D829B773D0B1D1DBF31F35
                                                                                                                                                                                                              SHA-256:DCF7868D67940CDE1774B7327984CE12FC181818E65B603048490EBBECD14705
                                                                                                                                                                                                              SHA-512:F70B865D7D76562D8C724FC3CD82C4DC374CB2340F95016836F2773F011E026C8343F46872B985347E77AB10DE5E84D45689A78F798F9B0956E03AA155E8E79E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.....@.......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:D96B9DC053B911EA99B9E23A6CD77B5E" xmpMM:InstanceID="xmp.iid:D96B9DBF53B911EA99B9E23A6CD77B5E" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:ee377768-f9b1-3e44-8899-87723d97cefb" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>r.......IDATx..}.{.H.d

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\90cea53a9e729f143e3f017f087f9559_alexa.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):9572
                                                                                                                                                                                                              Entropy (8bit):7.92037484191708
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:g35c/z91EoSB9ijbW6rxIyejrdVLviGSaJN3EXIrPCmV+HYBwT:uc/7SqnWAxIyCrdpviqPrP1I4Bk
                                                                                                                                                                                                              MD5:90CEA53A9E729F143E3F017F087F9559
                                                                                                                                                                                                              SHA1:85FBF5B76BFCF03C68F2E80025075D99E5B3E97E
                                                                                                                                                                                                              SHA-256:039C4A7108985E4BE4D393C9261C844F20E50551DC958B5D8B5C42D0F62AEF5C
                                                                                                                                                                                                              SHA-512:FA7D0DA6C2CA67D227EDFC679B39D27CD6B9330CC1F573C861619641377B378A8BCB03E46090AFE03EAF385A70D668E46029666990005BB9FEAE911FF5FAD305
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....sBIT....|.d... .IDATx...{.$ea6...K., ..U ....L7..2..U$.../..o...b.....~.7..h...K4.@.....Ff..Ev...Ap# ..w..g..]....f.Y.......w<.#...9.O.U]..`Y.eY.eY.eY.eY.eY.eY.eYV.....2ILm.9....R7........T.....h...;.=... M...U....4.".i.E.."..9...S...)...V.l.D.....K.o...........@..T.....Cp...$......d. ..w.5..t....yk.....d..l........`......s..9g:..7[.!..).".g.:U.$..ZL..9Hy.w{@..0..|.t.fg....la.#.....'...[...{@l..i|0..t.f.T..b.1w.....F./6.)\.0.o..\."..3.......Q.j.O.2..kE...A.3E.....y.}g.....<...#5*[......t..A....t.(.T...n....5.........%;.^(....?.Y>.........&.X4.....X.......>Ho...tQ'...5.......M.2[...b}.......^n:N...'...`.V.e.a...@.R9..b...^....y...GD.....i>c:NT.....-.(.*..!...e:......p.........y......V<..S.U.^h:.U..7.q..|.....8ae.`?...y....G..b-....s..M'.#[..H.L.....\g:..'m..K........-.=z.N.y...sLg...[=.^6>....$a....jL..{.u..."f:.U.BY..O8...BaS.@jdj.....Q..X.'.!x...O....v...~.....1\ko...sO0.f..4._~..o-.Yg.MS..;...GE]F.1.......kbm..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\a2d451068c2275431e4f327476861009_LWI-chroma-connect.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):23781
                                                                                                                                                                                                              Entropy (8bit):7.951830901432337
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:n8AzjlZTHl4imkY/79U8128DZd0zd9Gdd2xHSbSa2osxjeTw8FQ2:nTzC7z9Y8wWExHMjeyBFd
                                                                                                                                                                                                              MD5:A2D451068C2275431E4F327476861009
                                                                                                                                                                                                              SHA1:4F047F1C68E8CEDE3F3ED2AAE15A6AB411F7D9AA
                                                                                                                                                                                                              SHA-256:AE7095A6DEB76BA628585CB84AF5C6A82546B3786426B574871946DD759C8121
                                                                                                                                                                                                              SHA-512:56BFEE0BAA3BAE1BD93948E3FAB9E42987AC7D5C1A6BE9AC42FF8631E7DCBB2C5BA8273ED9333BC5F500BF0761AD44248E01795F4C82134CE15E687580E60469
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2018 (Windows)" xmpMM:InstanceID="xmp.iid:CF199F6EC5E611E88B2B9A7C6A06548A" xmpMM:DocumentID="xmp.did:CF199F6FC5E611E88B2B9A7C6A06548A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CF199F6CC5E611E88B2B9A7C6A06548A" stRef:documentID="xmp.did:CF199F6DC5E611E88B2B9A7C6A06548A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>p.5...YUIDATx..}..$U...U.....( I.F@@..."..3.5..#.]WW.....g.5.U\3......0.(..8.u....U}....{.^W..............

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\a6a8ab87779f3b131679289a63f21a91_LWI-Alisha3.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):6066
                                                                                                                                                                                                              Entropy (8bit):7.519652042544172
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:96:bwJYzX8lfC4dmfdEey5UbYkkTYZpbQqjh4bxhAJcrqmy4W5+VDPH6EhsnzvuIyn/:cyeCnfd5yUnq+Mxhkc+f4Ws5aE6nmkEF
                                                                                                                                                                                                              MD5:A6A8AB87779F3B131679289A63F21A91
                                                                                                                                                                                                              SHA1:86F624D7198D2CD53CE218362033AB281A4574FB
                                                                                                                                                                                                              SHA-256:DCCB0D355F983C8FE5EA723E21597B2931C174E95461711B39DF15181B20C381
                                                                                                                                                                                                              SHA-512:B049E75B9A505478D8AF17C7F9BC1E267E9615410203E1EFE759774522A51129608588D81C8FA190335198E41BFF71A15AE87CDB0EE44B2A5990E194C0C1332D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:99582A34C8AA11E98DF9FA1B6D0C7590" xmpMM:InstanceID="xmp.iid:99582A33C8AA11E98DF9FA1B6D0C7590" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5560a658-d222-ee49-a759-cfd091ddbb95" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.\.....IDATx.....Wb.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\afd837b0edb88795d2d19e7f7741d46e_Mouse-1-customize@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):44173
                                                                                                                                                                                                              Entropy (8bit):7.98410885699493
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:ebecFkuDSIy1jHf6lHko37RRVEQa+z5fMyty3zaQ0jgADDAQJIfcgCZQuq/r:eb/kYSIOGD3+n+zDtUz/egADpJIfcJAr
                                                                                                                                                                                                              MD5:AFD837B0EDB88795D2D19E7F7741D46E
                                                                                                                                                                                                              SHA1:315DE58438B3AFF423FB1050771FAACED627BF40
                                                                                                                                                                                                              SHA-256:06E5E7F102E849D16935ED3D543BE0D6FC82000A4D0CDC63490F8C3F2D998882
                                                                                                                                                                                                              SHA-512:8CE609881865CAD6F09E43321871C4CB751FEE7C1436CF44DF5DD4BCB86FD44959AEA40B1142D6F7490B4C284FF1DBB9B5829ECFBA9C4748E7082E23E7AA9C08
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:0C48E2689DCF11E7B4E7D5699172642E" xmpMM:DocumentID="xmp.did:0C48E2699DCF11E7B4E7D5699172642E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:0C48E2669DCF11E7B4E7D5699172642E" stRef:documentID="xmp.did:0C48E2679DCF11E7B4E7D5699172642E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>*.T.....IDATx..Z.S.E..=3...H....P|..H.?..C.KP...V.<......*s.`..............Jcb.,,.B..%....n....]f.\XL']...;...

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\b49e947b3bd8ca45f28ff10684b85569_Mouse-2-customize@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):37647
                                                                                                                                                                                                              Entropy (8bit):7.969316076916887
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:hCbHGZgEmUxADqO2Z9kc9/YXeoK2wTm4dS5V4gxUzyfLFAoP+xLhj:4bmZgZUxi2ZjqXe/TerU+fmdxLhj
                                                                                                                                                                                                              MD5:B49E947B3BD8CA45F28FF10684B85569
                                                                                                                                                                                                              SHA1:A862B191609CC7C0AC3C8E213E7DD78E7282187E
                                                                                                                                                                                                              SHA-256:ECE3A397894BA9846486846BF483238A5206E2DE75442C69FF97522AA94BD29A
                                                                                                                                                                                                              SHA-512:EBD290A5A87F5E759D8322695A1B1498AF4DD9CF580FBD1767B66C1845A631C938977326C45A104CD33509A0552CC04D683185DF45B62DF298E319421746A6F1
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:112A91289DCF11E78DB9D427D70DA0C0" xmpMM:DocumentID="xmp.did:112A91299DCF11E78DB9D427D70DA0C0"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:112A91269DCF11E78DB9D427D70DA0C0" stRef:documentID="xmp.did:112A91279DCF11E78DB9D427D70DA0C0"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>J..:....IDATx..Z.oTU...uZ.).TT0T[.P$...(..>.T..w$.s.......n...`.D.!..h.;..8......)..-...3.;......R..$...y..{.z

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\c47c6f72b0eb574a9ead57257a613d44_LWI-Alisha1.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):200094
                                                                                                                                                                                                              Entropy (8bit):7.994576180724269
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:6144:cf9blNjlNdEScjzpglI5ri4YU2hXe5GChzc0qESXM:ibXlNKSqzpKari42hXe5EtEX
                                                                                                                                                                                                              MD5:C47C6F72B0EB574A9EAD57257A613D44
                                                                                                                                                                                                              SHA1:E81270739A3880D2D97CDD245020FB21EAC0D2F3
                                                                                                                                                                                                              SHA-256:C945D0D3D5F77A6DE631F3522AD0D8E9F6C76950056BC002B71F926B6C7162C9
                                                                                                                                                                                                              SHA-512:B15B8A49ECB1D747392868D5E1348EFAC534E5875F5B66D54E1A20F2E52CFE64BF8F19CD906A713162FD05460D4B6B6A5CEC7BA2E2F45DF1265A2EFFB04B2281
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:290944E4C8A411E9940AA45EF798293B" xmpMM:InstanceID="xmp.iid:290944E3C8A411E9940AA45EF798293B" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:b43946de-7503-2b41-8dd4-9de4ad20c462" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>G..U....IDATx..i.$.u.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\cadb6e52441bad05d8d3cb09f850940f_virtualringlight.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18572
                                                                                                                                                                                                              Entropy (8bit):7.966553012505821
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:+aFcSacLMCtrjnAswDNQ0UuV8vjuP9B4AkMRk5mHMcy0WHEV/DxEpCPPj:+aWEICtrjnhwDNQWrr47YK0HNxEpoPj
                                                                                                                                                                                                              MD5:CADB6E52441BAD05D8D3CB09F850940F
                                                                                                                                                                                                              SHA1:C2FB748A15B85B5832207496802C3FACDE2550BF
                                                                                                                                                                                                              SHA-256:F9F29ADCFFDB63B8DF6D447D46675F95B22ED9535EB0394D898B38429ABBECF0
                                                                                                                                                                                                              SHA-512:F62B06D5C486923B246B9C56A2B6681D6E674021B1D45BAB6B3267AF5D239016F98DB85CC8CD614755EE9B4C639BEA2E5EED51472BD6162B8CCE37B2A7FA90AB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............+u......sRGB........DeXIfMM.*.......i........................................................g..I..@.IDATx..}.|.U......to."..IH...R..%i......bAA.Q..=.?._}.....C@...,j.$J.....6I.t.-]h.4m.l7....nzn.Nf9g...7s~.d....9..;..........$-T..jmI...x.U4.*..kK..`[f..3w......6..!...p.E..mD.!.".Sb..%...FD.".M.zD$...|..(L..7'.J..ES.v....T...O.I_...J............>.....fH........Hi~^"....P .'+r,gF....MT.6..Vs...5..`.....&.....zyh^...F..>)......6.$;^....|2~R....D..s...=>...e...s.\:.(r...?..O9...0..#.}.yI.2)....I..5...Iy.?d..|R..~.W;I.3..Lc_..Q../.I....X6&...V#....D.......s7DDj..w=.M7..G..0.....(.z..q.|..:'.u...'.~.i...J..].\]N...#^.*@`.8}...qV.i.D.XI....-.....c...XMD.5JN..&f...3z..4V.f#@<.{,3...t..5rC.."B....D.!.$.3`pR%F.. .....}..b....m.4..Y.\~..(w.E.d.....7f........VOmq..P....:lZU.!.U;./.......;..]..r.G!.=.)...M.D...)R@.WS.4BI|.1SEc..8.B.|..3{YSY.(\.5T4..1....o:.3.M.r.H2..a.|.....HH>.."..]..r`.........a.9^.X~C..h..e..[."2N. ..,..y.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\cb7cc25508f123af324b6fc99e28aa71_alexa-2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):44003
                                                                                                                                                                                                              Entropy (8bit):7.986761660621919
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:cthUqm88Uo7fW/ZNCf3dS+C5DHHjFnUTpzQtIbO6dy0AnWJ0THlJmKmczKaD6D:ctxm88UcfyNMU+C5TjyTygO6d0WJY/mP
                                                                                                                                                                                                              MD5:CB7CC25508F123AF324B6FC99E28AA71
                                                                                                                                                                                                              SHA1:B38872ED4C23401B7C1E3BB2D8C63C10CC1D0F4A
                                                                                                                                                                                                              SHA-256:325F127DB1DADB1298739C1A2612F895C162F29A4E7318A2E90D30AF35471457
                                                                                                                                                                                                              SHA-512:25DD0897BFF476D58AE49E244EA082D1D5F9D3A43FC2DF39B6CC51B20093A74E1192AB2EB3D2BF2468CCF451B17C251C52EDE8994041D369F582FFFF077430E7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)" xmpMM:InstanceID="xmp.iid:FF9005C5A1EF11E994ACFECD39237D0D" xmpMM:DocumentID="xmp.did:FF9005C6A1EF11E994ACFECD39237D0D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:FF9005C3A1EF11E994ACFECD39237D0D" stRef:documentID="xmp.did:FF9005C4A1EF11E994ACFECD39237D0D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.d b...SIDATx..]...E...7....b@.....1.3..9.wz*.z.|.3.f......O.(....1..".6..............ewy.]9.Lwuwu...{.. .`0..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\ccb980f0b6e697452cf96f8cb749943c_LWI-SophiePro-4.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):36820
                                                                                                                                                                                                              Entropy (8bit):7.963684726386805
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:cuX1IVsbk3Yn1jUaWQyQwmQRLGCpw6XsJOwbfo9rb9+DGaaj:clzon1oa8QQGCpYOwbCn9u7aj
                                                                                                                                                                                                              MD5:CCB980F0B6E697452CF96F8CB749943C
                                                                                                                                                                                                              SHA1:C4D05353EB697859613C7B62BD50AA82CC9628CB
                                                                                                                                                                                                              SHA-256:8CE184FF01138A88105D94220544D9EA06DD6100AE5CCB83E474F0029E99F18F
                                                                                                                                                                                                              SHA-512:0916C0A8F11C526564947780392CDDFA1B584ACE47A293F0D28E2B73BF91417D1526F82057EDEF89385CBBCEE79D87C92E4DAD561DB0A40B7F0B650A56381684
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:8B37EF5C53B511EA928E859E9FECE256" xmpMM:InstanceID="xmp.iid:8B37EF5B53B511EA928E859E9FECE256" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:84eeaffb-6c10-7049-b2da-28b78e89f8bc" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?> ......IDATx....%Wy%

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\cd208777e3a41c4806276a90824306ac_Mouse-3-customize@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):70559
                                                                                                                                                                                                              Entropy (8bit):7.987419454467471
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:JAOTv5J6vcuM20sma4FAIpdlZw3bJGrLziDdZumYO1XlT:JzTv5EVYNZp3ZM43uFXl
                                                                                                                                                                                                              MD5:CD208777E3A41C4806276A90824306AC
                                                                                                                                                                                                              SHA1:1DFBB3C1FF25A9D1A2CE6798B6092BA644B63DD2
                                                                                                                                                                                                              SHA-256:BD796C2C955D8D258ED15405D31482650C63D5B1824279BB88B85D3F171F69A3
                                                                                                                                                                                                              SHA-512:06DA1C2AE69341135783F5A68090D58206AB7A0318561B1E201C59B91D569B7657ABE4D6B4586025FFC6C221D2F7BE2591F7A21F687247D4EC5C34491ED85B5A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:2E3FE6DE9DCF11E7A2A7F593027B012B" xmpMM:DocumentID="xmp.did:2E3FE6DF9DCF11E7A2A7F593027B012B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2E3FE6DC9DCF11E7A2A7F593027B012B" stRef:documentID="xmp.did:2E3FE6DD9DCF11E7A2A7F593027B012B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Sti....IDATx..Z[l.W.....}..:.Mm.]..q\;.HH..D..h....^(.HH.".x..x@BPA...... E....@.VrQ..._c'...{.^fg....3..z/i..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\cdb5dabe83b269c79ffa33d151a866c6_2018_Cortex_Booster_logo.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14190
                                                                                                                                                                                                              Entropy (8bit):7.964181788393821
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:uwqlJPWpmleymauFNnyFnYQnsNfriyBwPqd:uwqbWBfauF8tnm8Py
                                                                                                                                                                                                              MD5:CDB5DABE83B269C79FFA33D151A866C6
                                                                                                                                                                                                              SHA1:4572AE468EC8D103C91F6367F27FF764F64B8A58
                                                                                                                                                                                                              SHA-256:FC84BA49474C1102278EC7E5E76E84B5A1A988AF694DD6633FC395BE50F0110D
                                                                                                                                                                                                              SHA-512:95B21398FD7D9FE6A054A2D16D63C0D798FB6B95502E855AAE206F2C041A18A6104181CE699CCDD238746DFACB3435D7AA984B3F69B4ECF183169AB61C6F5011
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....sBIT....|.d... .IDATx^.}.x\.......[..di......\(.|.....?z....)..BIH(!.$......I..J .....%ll...Mu....gm...m..;W3..G..9...sg....T.....K]a....F....E.D#m.iT..FT.A.....K..C...:...u...uj.u.N..i....:Q.Fz.*..N.9..".5J.uaWx.{....o...kC.......#Bn...(J.!..L...r..R.F.....?5}%......*._.%..7q...H.+.5..rzQf..vD......./.._f..C..\;..N+....Q4Bi.uG8.....K6s.J5.2.J..........9z.ga.=.-..|......v.. .8.....^T_...5%..R).`.<{....Nm6....=3....}/..M.5..k......7...\CC.........D......V~...y.t+_.:u.$Y.]....F.'.R.A.%.R......1.h.)h.T,..WX'.5..t.}........*.rc....."..e.@%R...##..3.K..Z....9..'^pdv.U).d....R.iby.N..F..4].......+.&..!..!l...n.x....E."....P. E...A...E=. .M...X..@.....Q.>.......@...n..."t%.y.s}......^..x*._.n...-.U. .i..T...u..8W..V...*&!.e....ef.^\X..c...t... S.|.3CY.....T+.fV..,....<...[..........T..r4z.v..._rm.E...[#n.....%..w....),zs.}'....S..m.i.....(rC.'..4!,.R.;'ev.w.C.......'%./.t...C.......&eng.+..`.$...@. .D*..G

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\ce49f7233531adb107a6808f83ca9eca_LWI-Natalie-1.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20072
                                                                                                                                                                                                              Entropy (8bit):7.925513243966566
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c0RKTRdWIISTOoiBRyYYsjD9UmU+e8k1h/TJJUFs+bgJp1rITifWOOKAH6fSQYVw:c0RK9cMmvlUmzkD/TJKFsw+9ITilAaf/
                                                                                                                                                                                                              MD5:CE49F7233531ADB107A6808F83CA9ECA
                                                                                                                                                                                                              SHA1:9F90D880FF520088E9F1F478514157B136E817F8
                                                                                                                                                                                                              SHA-256:69C24E28299270AA54A293CE7D8D3C3367D2D4087BD4B813457C2BC6A2E44030
                                                                                                                                                                                                              SHA-512:5B5587EF89910D6A29D4E1358619B8973E42D6A8413D217BE82E26A64B065A7FE138B77E0E69849465D03469DD0849D6D5E7073BAD23063CCD9F11E41C919FD5
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.1-c000 79.dabacbb, 2021/04/14-00:39:44 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.5 (Windows)" xmpMM:InstanceID="xmp.iid:47B64D8E1AC011ECB2FDF9E897086D6F" xmpMM:DocumentID="xmp.did:47B64D8F1AC011ECB2FDF9E897086D6F"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:47B64D8C1AC011ECB2FDF9E897086D6F" stRef:documentID="xmp.did:47B64D8D1AC011ECB2FDF9E897086D6F"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>&oVg..J.IDATx.....U..Ou.<.$..$KVT...V..tu.VW.O.....a.]w..]]Q\....Yt....*J6a ...q......S..0tuW.....s......U....+D"

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\d164304821b78086c309565b3124f039_thxspatial.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                              Size (bytes):8498
                                                                                                                                                                                                              Entropy (8bit):7.922930230120092
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:PerUqsi9z8qYmtfzsoiLjD9/eb5MeTCPsesIsxP7BIvgE3MLRK:PZfi9z8OtLsoiLvIbOPWPSvOLRK
                                                                                                                                                                                                              MD5:D164304821B78086C309565B3124F039
                                                                                                                                                                                                              SHA1:CBCC391ABF5DFD1EB65766BEE9CD8B18BFE727EC
                                                                                                                                                                                                              SHA-256:13FF29F314A00399A7AF12CE210F3A06D5BDFEEE8954D48070091874C6E6AF1E
                                                                                                                                                                                                              SHA-512:94D16913D12D3543B66BCE49C57AA2AEC018D07E3F6F6277C311D5FA997D2592C21FEFA497A48E6AE6671D84F6C6614626D5C179D38B1FE6B7964560F89DB6A7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<.. .IDATx..]M.....nl.w.&0m7!r;.G.E.lf..%K.lhDDfG..A........MV..M...2(.f....GP....3"!~...-L.w.......nS]..{...U.'==c..^U...{.9=.p........o._..2S.+..?........>......8a.S..Th.;.?.....3A.K..=....O..>=...o.0..C#.q...!!...$........?.......BRx;$.....@.=.c.1....:.....^....yG2....)...@..~.[K.....8C2 ..$........$.&..xh..(.+..N..|2X.. ..%......K.U....P...y.%......y+H.6d.\....7?Wp....@.....O..^x.<.q.....O" ...h.$.... .....;C.G.,$.(..6.K..{].....z?.^...:4...B....`@..N..B........z.3~.........".....,.8Q.gB"h.....C.....Z9.*F*..c..4|.j.c..X......6..z-3|f........@3..:..l.A..B...m.....?$..h.D...;...P....{......k.tx~.!@..>.....N....5..................P......~.H`.1...}4~..y....%.X0....6.A4.'..s........".....$.........O..H.E....V..mAck.z4~.......4.h...i.?.B..j.. ;..Z!Z..p.3.H1.9....hLb.G.'..@...........|.}......].x.F.x...c>...,..u.,.5....xK.z.g........`.......6On....S...g...>. ......J!./B.w>z.7...

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\d213d4ba8f28ea5806e21e946e9cd2ec_AxonLWI00.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26472
                                                                                                                                                                                                              Entropy (8bit):7.919001815936157
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c+uRfNk88R30MEAbRrBmVfiikffpbrFMvlg0fMez0BgVPhPTUGY6CY2:cXs0DGgfi1VB0iAMez0eVFUGY11
                                                                                                                                                                                                              MD5:D213D4BA8F28EA5806E21E946E9CD2EC
                                                                                                                                                                                                              SHA1:EDCAE15D0B9833CF2AED26FFDAC2B5CF90B869AD
                                                                                                                                                                                                              SHA-256:4E29C0D3FABE8FE0481EA7B5E2F8E3B19397C16C1B05B1AA81382857B5E797D3
                                                                                                                                                                                                              SHA-512:9F1A22A259F1FC63D4042DE6A7584FECDA996A252EC3F767553EB1675335C09E778FECFA2E8C265E93B771533117B449DFD706E48C7BC09529688AFCEC7F3E11
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........pHYs.................sRGB.........gAMA......a...f.IDATx....$.Y...we.GW..==.=...iF=.H.O.!...%.,k...`.....5.]..Z...Y.gm|..#.. ...H.IT...z..3===}Vu]Y..wfD|../"2#.2......f.#2......_.........................................................>2==............gQ.....pg.......=KP.t.8.z. ........@<.KD.@......vB...O.)..4.Jxl'.yz.....]^+..........D..[.... 0.bGn.L.t............L.)Tv"z...NP...@.u..P'..M.f;..b............%..-.P.P.'_(t....;]..5...s5m........m9?...... .:]..)...`...M]...8......*.6.|..o]P.../.Z.NP..... f6..6....~.....?...p....)zj.........).. ..M..&!."% x..m.A.qXP..s.\..Z/..].sO.:..w..V...m...>.Q.o...s.?K.g#$U........0..!..y...we......z<..Y.u:.....6./$X\..+L....(..tU.9f.#..U.-..Z>.. ..G..b..k....M..4S.7.V.......6. .....w./.uavJg.s.>.....bX......R..o_..T.T......S4....=...A....|a2....?......!4f...{_l.}..g.1..|.&.'...9..a5%..68?.r.ZDGP...bDMB.~.Yic.S.PZ.....F..Qtp.....;.....).....X.]R"...2..s_..../?...".."..:..T.._...Pn>

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\d5192477f6eb19de78369f83dd10a76d_LWI-SophiePro-5.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10248
                                                                                                                                                                                                              Entropy (8bit):7.834242407971849
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:OzcqFugA2N/cD94iFiTnGfsMgMN7KQEReUEx59IdmoR9PulU4Y8v:OzMKcx4A8OsWz9IXL4Yy
                                                                                                                                                                                                              MD5:D5192477F6EB19DE78369F83DD10A76D
                                                                                                                                                                                                              SHA1:F7A7FFB816105E1A2E5E486BC277C18DAB79F5E1
                                                                                                                                                                                                              SHA-256:155CD524D7882AF4ACFB3D28C6D8A25991108A4B129A535A3456D8F573CC7253
                                                                                                                                                                                                              SHA-512:0A68A1FED1D31034315A01DDA85E34AA446BE11AEAB98C62955448AB34CD7B3E0ACA3CDF515AF2F2F9EBA54D9BD639B068CE58070ECAF95D25389FDA5F92B00F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.....@.......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:48B6F5AA53C211EA95A39E0B260BC399" xmpMM:InstanceID="xmp.iid:48B6F5A953C211EA95A39E0B260BC399" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:07d3b735-5c07-064d-aca0-8bedad7bd1b2" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.b...$.IDATx....|\U..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\d558eb30bf6c4423cd8827c1c39fd4e9_LWI-SophiePro-3.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):219780
                                                                                                                                                                                                              Entropy (8bit):7.997655117691452
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:6144:1OWsLbgg+D1Quo2fXM9PMhVSm9WMQ7vYKrru+Qo0GbFcdBfaiSDxC9MPp:1OWsLbgtD1i2P+eLPQLYKrrGo0/lp9Mx
                                                                                                                                                                                                              MD5:D558EB30BF6C4423CD8827C1C39FD4E9
                                                                                                                                                                                                              SHA1:2D581D537358EF6434DB2AFAE9AF4139DFB4A336
                                                                                                                                                                                                              SHA-256:46C44E4C3FE40FFB6A7C6EF830DE6816F6DF266025EF44E00989F0B8CB8A1DA2
                                                                                                                                                                                                              SHA-512:8641D54E00DD28FEE664C31A82D9A71ABA40D2AF16F99371A8E7FEF86A87F9138FB0010662562271BE16DE23C35F24684D6047D1492E3BF2350BDDB689F2DEE8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.....@.......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:C8FCB6E053BF11EA9FEF81EBB704A7D4" xmpMM:InstanceID="xmp.iid:C8FCB6DF53BF11EA9FEF81EBB704A7D4" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:e709f57f-1325-1a48-9af8-de0bf7079915" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.=....V.IDATx..g.$Yv.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\d57623940cc13a0bddb2963d052a7c3f_AxonLWI01.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15717
                                                                                                                                                                                                              Entropy (8bit):7.8936472082388
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c+plkSSqT8/BTm3ZvjJ3I/BtbB5jn405iomKG6OR:cqylC8NojJY/BtbBdF5i7kOR
                                                                                                                                                                                                              MD5:D57623940CC13A0BDDB2963D052A7C3F
                                                                                                                                                                                                              SHA1:35877E6EFA4BBA8BF73653641DED2A71723BDCD5
                                                                                                                                                                                                              SHA-256:23D5AC29A83A4DF362D3C3DF0CEB5FD5A26796D321512EC459D8BEFFFC58EB02
                                                                                                                                                                                                              SHA-512:86043BD2DB2F2F8AD26B658637EFF343F2186954F6E6E28117897A6DF3431035F2929716DCFEF12048DF34D66A0E67EB11C3A0B580EA3DAF49D311182D6242F2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........pHYs.................sRGB.........gAMA......a...<.IDATx....l$.}..gfv...<.x../K.~4..FB*...Tj...:hd.HP....S....r\.i..B.0..(..Q.&-$.i.H..$..(-"..\T.T?..%..t...wwf:.g8.r.\....;.&O....,9.~...<.1&4...%......!.........G..M.........YIu......>..4.M.......v.bn..W..........0...?........8..[.I.....w......uL/.~n.c...]3w..9.?......2.2.....(+.?.o..4y....'&...@.._....-..b.=S......;.s.l/z`.....'&..os..:...I...W.s.....'............H..x..;..K...;.8.5..%[f.m(L.3.h....g..`.1g.OXy........1{..V.......S.U.y...3...>..O.a...~......0...@...=vu.~.....L7..J......@....9....t.@...t*ZJ....L*ZJ....L......C......q%.kGn0..t.=..Y....2+].:[?m.....@.1....J.....J.....J.....J.....J.....J.....J.....J.....J.....J.....J.....J.....J.....J......O.a.....V..........(.....(.......|?..?4.....c.q....F.!..........(.....(.....(.....(.....(..+A.....k}}..^......hdd.X.z......c...................................N.`......q....=h6..^_..L.....1....)....vm..x..r0.fee%

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\d5ca164e824fabfbcdb060c913bdef2e_cortex-white.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 238 x 238, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):16145
                                                                                                                                                                                                              Entropy (8bit):7.9751725349024225
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:xfG8I3jAt71TUwHT6dWrJ2zl45RS5bMFmPvzox8XZo41aEiHr2tNLddeG8iUsC4M:YiLTUiTrrJ2zM67B7aF2HddeviUst6
                                                                                                                                                                                                              MD5:D5CA164E824FABFBCDB060C913BDEF2E
                                                                                                                                                                                                              SHA1:3CAC9C62E77E6137C31C044DB39690182DE61E6C
                                                                                                                                                                                                              SHA-256:2AAE28EF64942D4CFA6ABF083A1317BF28AD6A4C8AEF88259461F8306B25E25F
                                                                                                                                                                                                              SHA-512:1DD363B5B1FADF45C3AC5B893D9BE527DAD50CAF90DCB4D45A8E43951907FADB6EC25B171EB56585528CFC8EC1FBB2A94916BDC05B69990B376CC53E0EDC5D12
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............>.;"....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c145 79.163499, 2018/08/13-16:40:22 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2019 (Macintosh)" xmpMM:InstanceID="xmp.iid:A3CA7138E99111E8A24BC9510B6BDD49" xmpMM:DocumentID="xmp.did:A3CA7139E99111E8A24BC9510B6BDD49"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:5836C0F5E97C11E8A24BC9510B6BDD49" stRef:documentID="xmp.did:5836C0F6E97C11E8A24BC9510B6BDD49"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>......;.IDATx..].`TE..f...... ......gAi...........z...<=..w...E.].......H.d.....&.J.$.m../..o.yef~....5u

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\dc3d489d95fd04ae0278c4c559287c65_Mouse-5-customize@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):51345
                                                                                                                                                                                                              Entropy (8bit):7.983632686856233
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:VeaCx7JxNIpthspzkSUceplId8hP5j1iSLsymCPe6MwUI2nu4Kh/IcHw+Rr7VAkT:VzCp9EypzreW8JHinoPenJDu42XN
                                                                                                                                                                                                              MD5:DC3D489D95FD04AE0278C4C559287C65
                                                                                                                                                                                                              SHA1:70B09137251D7BDAD5C7BA1900A8322094121930
                                                                                                                                                                                                              SHA-256:FFB827DADD715273F5E8D9EF928945A077898EDD1CADF4F56AFE752E0370BB48
                                                                                                                                                                                                              SHA-512:9FC73FD16370D5FE7EA6B021CF0F0FF2BB77C991B242499075E52E6E80F06DE61E5FD728A0FEF8C4F2DA0313A6EB5995CE1304C476FF652C0FEA6D1529B6B1BC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:391C87C69DCF11E7AA37C62A364E6D95" xmpMM:DocumentID="xmp.did:391C87C79DCF11E7AA37C62A364E6D95"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:391C87C49DCF11E7AA37C62A364E6D95" stRef:documentID="xmp.did:391C87C59DCF11E7AA37C62A364E6D95"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..{....IDATx..Z.O#G...........H...qP.@.Dy()"A.HI..J}...M.2.&J.(.Dt ..E.].;..ID8@....w'...5..{mE......]....w.1..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\dc3d489d95fd04ae0278c4c559287c65_macro-dark@2x.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):51345
                                                                                                                                                                                                              Entropy (8bit):7.983632686856233
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:VeaCx7JxNIpthspzkSUceplId8hP5j1iSLsymCPe6MwUI2nu4Kh/IcHw+Rr7VAkT:VzCp9EypzreW8JHinoPenJDu42XN
                                                                                                                                                                                                              MD5:DC3D489D95FD04AE0278C4C559287C65
                                                                                                                                                                                                              SHA1:70B09137251D7BDAD5C7BA1900A8322094121930
                                                                                                                                                                                                              SHA-256:FFB827DADD715273F5E8D9EF928945A077898EDD1CADF4F56AFE752E0370BB48
                                                                                                                                                                                                              SHA-512:9FC73FD16370D5FE7EA6B021CF0F0FF2BB77C991B242499075E52E6E80F06DE61E5FD728A0FEF8C4F2DA0313A6EB5995CE1304C476FF652C0FEA6D1529B6B1BC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.......+....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:391C87C69DCF11E7AA37C62A364E6D95" xmpMM:DocumentID="xmp.did:391C87C79DCF11E7AA37C62A364E6D95"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:391C87C49DCF11E7AA37C62A364E6D95" stRef:documentID="xmp.did:391C87C59DCF11E7AA37C62A364E6D95"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..{....IDATx..Z.O#G...........H...qP.@.Dy()"A.HI..J}...M.2.&J.(.Dt ..E.].;..ID8@....w'...5..{mE......]....w.1..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\ef04b9e0ce1d81b72ccc5346252f5c6e_LWI-icon-hue.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):14706
                                                                                                                                                                                                              Entropy (8bit):7.938813405123902
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:szJAez/IGUqLeCWvyw5misVxyDwmtTTCBPSglu:szJzgGVe16wKyDvTC9SR
                                                                                                                                                                                                              MD5:EF04B9E0CE1D81B72CCC5346252F5C6E
                                                                                                                                                                                                              SHA1:B43C8D9594F01E7A961A00402676CB33C1D8AD88
                                                                                                                                                                                                              SHA-256:7DC346787B540C408D4E350DA38A68B5CEC30BEC953951F20BC47BF0C2929E00
                                                                                                                                                                                                              SHA-512:D71677BDEDC88EFE57D6470505AD8F62FCF9F1B5EE253311FF658554C9922EE0ADE1FCC399EB67AC195F8C566295F88A5D55088310FCEC4D916CB6F1E7BCFFC2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR.............\r.f....tEXtSoftware.Adobe ImageReadyq.e<...qiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:e87e97d2-b854-914f-a526-587e00e9e1cb" xmpMM:DocumentID="xmp.did:3D1A5D09DFEA11E7A0EC9673C7AAE90C" xmpMM:InstanceID="xmp.iid:3D1A5D08DFEA11E7A0EC9673C7AAE90C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1a18e2a2-c1ac-434b-b9f6-7ea66ba8f1ab" stRef:documentID="xmp.did:e87e97d2-b854-914f-a526-587e00e9e1cb"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.$.B..5.IDATx...|\...oz.F.K..".........

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\f1706ee93dc7f7beccf0ac4274789d39_AxonLWI02.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):15715
                                                                                                                                                                                                              Entropy (8bit):7.867676634482713
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:c+eFtm0OYWhEkG2P3FFFWbzEwjQBehnYA9YQc:cXPOYWhEyHFWbzvjQwKGYQc
                                                                                                                                                                                                              MD5:F1706EE93DC7F7BECCF0AC4274789D39
                                                                                                                                                                                                              SHA1:95F5BD1D70D4137160AF0F9F73FBEAAA038A7095
                                                                                                                                                                                                              SHA-256:22124F54A898AD189BAB5BA8A31CDAB7FF7FE6181402F78F6C2E4DB5E53CED9E
                                                                                                                                                                                                              SHA-512:A0C2C9A2BDB04D0662A069E17BF0EDA99ABFB66E43CA47BB50E42F5FE08270F8B2B83E8B9F6F3E6EC39A2460619C5E2C63C62E6094A4B647CD3F889FE4F1CB1E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........pHYs.................sRGB.........gAMA......a...<.IDATx...Yp%.}....6..`0.!....HJ$.XrJEQ.U...^l?.JR...J*~.$W..)I.J....R.-..rY.S*..x-.DF.%..#;.-n.".g!...0.`.'}....?.}/..\,....\.....w.9.mD....@.....@.....@.....@..md......_:*cg.e.....$..v!.._.....Gd...w.+..`.Z7...s.&..\ r?#...?.......g.:......2........8..d..]....yyG.o....;,......@......l......../N......@..u@.3......p.}.P.........@k.;...........e..............s......w3....n/._^.;B........y..={V..@.;1jpl@Fo...be./f.....c.wcd.{.5....'W.=........f.....We..j~F.........W......`/Z.....`.......:. ...:. ...:C?.....@.P....Z.....Z.....Z......C..........5@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.@...u.z..7........ ...:. ...:. ...:...V........5@...u.@...u.@...u.@...u.@...u.@...uz..cbbB..fgg....,j...@.....@.....@.....@.....@.....@.....@.......)..133..u......_...z... ...:. ...:. ...:. ...:. ...:. ...:. ...:=..4;;+.....5@...u.@...u.@...uz

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\f3a246fec45b5c3e594a917cf91e1be4_BoosterPrime.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):143368
                                                                                                                                                                                                              Entropy (8bit):7.989304761671331
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:cK271iys5PzFHEALi8zFXqSXQi3eN8qfMHAabtWv9PQvGj:cK2gZ7Emi8xZXPC8GMJtWvBj
                                                                                                                                                                                                              MD5:F3A246FEC45B5C3E594A917CF91E1BE4
                                                                                                                                                                                                              SHA1:B889714B4C33391289DAAA8E3B965D01370FE24D
                                                                                                                                                                                                              SHA-256:4C32248F350AC100E515966549852BA4DB00796425C310DD24C8F065839E18E5
                                                                                                                                                                                                              SHA-512:B4FA21062EBC44AAF9C69B3F5BF06775037D18823990C1A1513ED885F065B0DCE8D686919B0AF96896F9A4A6AE3C8E518CF259456A7E7F61AD6A76DD5822E176
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........sBIT....|.d... .IDATx^.Y..Yz.wb.#.Z...kz..E2a..E....l..|c.i...m.....`........!.. ...A......I$H......m..z.%.r.}.?.w....Y...U]Uy.;*3#....|.y.-..+J J J J J J J..I u.....%.%.%.%.%.%.%."... J J J J J J..I ..37..Q.Q.Q.Q.Q.Q....9.%.%.%.%.%.%p.$.......(.(.(.(.(.(.................8s......y.p.@.@.@.@.@.@.@q.D.D.|-..W?|..$..~%...}.'._K#.M......".:.C.;.%..I.....zuX...K............x.(.(..(......>G.|.....w.+.J....S.....y.W..f..G.D..!.D.t..;v5J.i.............e.~.......6.6D.D.<..........(..F.........lPj.........iplH.@..s+.........x.$......I....t...?..w...t.>.&J J.y.@.@....D.<......|35...s...../......7>Y?..x@.@.@...%......O.....O....o.....q.+.......,....x\.@.@......hQ........./_...]*............o/|^<!J J J`..D.4...!Q.Q.'...._.^.5..?x...n...qQ.Q.Q..J ..y%......XH...._O...^.C............Q..........@.@q>D.D....~..w.57M..i\.$...t.......i\/^#J J J@...(.(.(.S.."..$.#2=WO....\..12..$...%p.%...Y....Q..(..D|.{...6...qQ.Q..H ..y........K.'....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\f626abb1339220fca14dd5a9c50f16fc_LWI-SophiePro-2.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):202107
                                                                                                                                                                                                              Entropy (8bit):7.997399992457142
                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                              SSDEEP:6144:8QUOFnoggibkEAMLK+DnM3uPBqs8X2BC6:jZogpbFAaVnMQqL0C6
                                                                                                                                                                                                              MD5:F626ABB1339220FCA14DD5A9C50F16FC
                                                                                                                                                                                                              SHA1:8600CF6DF565E050936EA0936C9EDEFC9BB1576D
                                                                                                                                                                                                              SHA-256:F004360C1FEC8558B6E76D1E25D9D54F22CA03F9231D6EC9BBFF6BDC146E97D3
                                                                                                                                                                                                              SHA-512:2500F0DB62172B6291F8FC93A01F91939E5C4AEB7F8F2B7CF15683134B430AE3C11BC34E2D20410ACECB792E1C16FD78EE824EE21208382BCCBBE01E640CF8E9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D.....@.......tEXtSoftware.Adobe ImageReadyq.e<....iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c148 79.164036, 2019/08/13-01:06:57 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:d06bc424-f8cb-6e4c-81d3-4c585697b5b4" xmpMM:DocumentID="xmp.did:64C0EF7A53B411EAA720AC11925F0B06" xmpMM:InstanceID="xmp.iid:64C0EF7953B411EAA720AC11925F0B06" xmp:CreatorTool="Adobe Photoshop CC 2019 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:84eeaffb-6c10-7049-b2da-28b78e89f8bc" stRef:documentID="adobe:docid:photoshop:50c37d32-9daf-11e7-bddb-93b6dbd936db"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>........IDATx..i.e.u.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ImageCache\f8c32623ccce9d03a00257b2dd7a7312_UniversalLauncher.png

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PNG image data, 576 x 324, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):118652
                                                                                                                                                                                                              Entropy (8bit):7.979307038916795
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:cqZp6LIk35DO8RWNXiVHrYKh2fDMMDH8JLUjn7/mfCY:cCpmn5D96cHM7MzBmKB
                                                                                                                                                                                                              MD5:F8C32623CCCE9D03A00257B2DD7A7312
                                                                                                                                                                                                              SHA1:9063927CC918942A2F3BFE761CD0AC25F807DCE3
                                                                                                                                                                                                              SHA-256:9A2126DFEF651A37D941E9A33EFF83291093940704F85E1BEA865C466C5788F6
                                                                                                                                                                                                              SHA-512:63635C75FC725F880F78D676BA49B0F7DBE880D78E2F52643FCD9AA7172A30D93FE27E5221A64B23027A3EDDF9665484503148A72BA1C7B6FE3A74781D074465
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.PNG........IHDR...@...D...........sBIT....|.d... .IDATx^.}..m5.vN?._z.*>.....X.tx(....b...g.bAP.l..""....QT.g...)..n?....$YIVV.{.s.9wm....J&.d2.e2IzT.i8.p`.s.g.7n..~..i.i8.p`.9.(.idvST..9.......$...&k...@.@g..M....s....y.).p.=..k..@.\7..o..%.h.a.t..T..G3......@.x.9h80}..=.m.....}H.\...iMI..Jp`v....j.4....t.jLik".].h...fk...j8..@w..........jL..I...~.-...oJ.....;..T.........>!..Ii.....3....3.....90}cd6....@<..gq...IU..*..&........_...N.L.x.6.3..[..@..H`...E..z.(..o..h3....dr..c`&...l.....J......-+..Y....Y......:'...v...=";...sR.....&..@g.Q.+.o8P.......;..)..].d:.Qg..0v....;...\.@g..\.V.....&..9.E..g..Q......+.....@g...7.)~..@.r.).3...f`.W.h.>.w..m..0...4`h.S.s.....s.OM......o'..l.;u.....\XS...<u?(.......2......4.n80=..Of.T...v.....0.#/.T.P.....E....34.r._....}.b....*q..9.K..,....M%.*..,P.i.....QW...$...s...R..&e...h_6.T.3..).:..)+O.KW..f..u. .sDv.?......72.....N....T.t..<.3. ..]..\..=z......t..:.Q.#..f]#...h.l...O.7@.5M.....a..t...L....hj..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\InstallerConfiguration.xml (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):600
                                                                                                                                                                                                              Entropy (8bit):5.0953313777906715
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:MMHd4XjOiGo6drMrCTjnwcd9cQZ5IolwXacdZ0iwX7FXjT:JdaSPpdrMrCTjbdZ5IolwBhwhH
                                                                                                                                                                                                              MD5:24FB4D1BDD318445B3533B713CD15E74
                                                                                                                                                                                                              SHA1:37745C6785B12535C6236EC05F47AB4A39D6C036
                                                                                                                                                                                                              SHA-256:3CBA28341496EF931B5735176FC6F640012D92FFC18CF95EDDD648EE35521CAA
                                                                                                                                                                                                              SHA-512:13CE4750943782CBE39D60FB4EA9C507073849B93ED3794480C4CADF748284E7769A7E12038958042BC7C702B693F1F0AED89DC904F291DB1637D5DA528A05D2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<InstallerConfiguration xmlns:i="http://www.w3.org/2001/XMLSchema-instance">...<DiscoveryEndpointName>prod</DiscoveryEndpointName>...<DiscoveryServerRoot>discovery.razerapi.com</DiscoveryServerRoot>...<Endpoint></Endpoint>...<PreSelectedSoftwareModules>....<SoftwareModuleId>Razer Synapse</SoftwareModuleId>...</PreSelectedSoftwareModules>...<ResourceDataUrl i:nil="true" />...<ServerRoot>manifest.razerapi.com</ServerRoot>...<SoftwareOrderPriority>....<SoftwareModuleId>Razer Synapse</SoftwareModuleId>...</SoftwareOrderPriority>..</InstallerConfiguration>

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\InstallerConfiguration.xml.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):600
                                                                                                                                                                                                              Entropy (8bit):5.0953313777906715
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:MMHd4XjOiGo6drMrCTjnwcd9cQZ5IolwXacdZ0iwX7FXjT:JdaSPpdrMrCTjbdZ5IolwBhwhH
                                                                                                                                                                                                              MD5:24FB4D1BDD318445B3533B713CD15E74
                                                                                                                                                                                                              SHA1:37745C6785B12535C6236EC05F47AB4A39D6C036
                                                                                                                                                                                                              SHA-256:3CBA28341496EF931B5735176FC6F640012D92FFC18CF95EDDD648EE35521CAA
                                                                                                                                                                                                              SHA-512:13CE4750943782CBE39D60FB4EA9C507073849B93ED3794480C4CADF748284E7769A7E12038958042BC7C702B693F1F0AED89DC904F291DB1637D5DA528A05D2
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<InstallerConfiguration xmlns:i="http://www.w3.org/2001/XMLSchema-instance">...<DiscoveryEndpointName>prod</DiscoveryEndpointName>...<DiscoveryServerRoot>discovery.razerapi.com</DiscoveryServerRoot>...<Endpoint></Endpoint>...<PreSelectedSoftwareModules>....<SoftwareModuleId>Razer Synapse</SoftwareModuleId>...</PreSelectedSoftwareModules>...<ResourceDataUrl i:nil="true" />...<ServerRoot>manifest.razerapi.com</ServerRoot>...<SoftwareOrderPriority>....<SoftwareModuleId>Razer Synapse</SoftwareModuleId>...</SoftwareOrderPriority>..</InstallerConfiguration>

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\Log\rzS3detmgr.log

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):10044
                                                                                                                                                                                                              Entropy (8bit):3.724511297117559
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:HZoc62SV2S0w+PTJ2Qj+2QjFCjtvjYjwjhjd2Pi2PeTSZ25qO25qLnqCqEqZqs2E:HZocNSsSp+PTI0Z0ohcUV0P1PoS45qJj
                                                                                                                                                                                                              MD5:ED84FE7D5A2D9AB511315449FE29975E
                                                                                                                                                                                                              SHA1:8705642B67AD40961E977B2634A36CC53AFA8DF1
                                                                                                                                                                                                              SHA-256:121E8D620D56550DE344B9CDAE4E42DFEDE7E949697A554A0E6EC941E26A9018
                                                                                                                                                                                                              SHA-512:670E1B3A3B96A87B7736441EBA0717AAF57FA9FD27EE23F27A45F8231160625944CADA0E6DCBF314C3EF511A63C7B7B630F311E0B693CD170A01284093FCA976
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:=.=.=.=.=. .S.t.a.r.t.i.n.g. .L.o.g.:. .2.1. .O.c.t. .2.0.2.4. .@. .0.5.:.2.3. .=.=.=.=.=.=.........[.2.0.2.4.1.0.2.1. .0.5.:.2.3.:.2.2...7.0.2.].[.P.r.o.c.I.D.4.9.2.4.:.T.I.D.4.8.0.0.].D.e.t.e.c.t. .M.a.n.a.g.e.r. .s.t.a.r.t.i.n.g.......[.2.0.2.4.1.0.2.1. .0.5.:.2.3.:.2.2...7.3.3.].[.P.r.o.c.I.D.4.9.2.4.:.T.I.D.4.8.0.0.].D.e.t.e.c.t.M.g.r. .s.t.a.r.t.i.n.g.......[.2.0.2.4.1.0.2.1. .0.5.:.2.3.:.2.2...7.3.3.].[.P.r.o.c.I.D.4.9.2.4.:.T.I.D.1.1.3.6.].D.e.l.e.t.e.U.r.l.C.a.c.h.e.E.n.t.r.y.......[.2.0.2.4.1.0.2.1. .0.5.:.2.3.:.2.3...1.7.8.].[.P.r.o.c.I.D.4.9.2.4.:.T.I.D.1.1.3.6.].U.R.L.D.o.w.n.l.o.a.d.T.o.F.i.l.e. .h.t.t.p.s.:././.s.y.n.a.p.s.e.-.3.-.w.e.b.s.e.r.v.i.c.e...r.a.z.e.r.z.o.n.e...c.o.m./.s.y.s.t.e.m.s...j.s.o.n. .t.o. .C.:.\.W.i.n.d.o.w.s.\.I.n.s.t.a.l.l.e.r.\.R.a.z.e.r.\.I.n.s.t.a.l.l.e.r.\.A.p.p.\.s.y.s.t.e.m.s...j.s.o.n.......[.2.0.2.4.1.0.2.1. .0.5.:.2.3.:.2.4...4.4.1.].[.P.r.o.c.I.D.4.9.2.4.:.T.I.D.1.1.3.6.].d.o.w.n.l.o.a.d. .h.r. .=. .0.x.0. .h.t.t.p.s.:././.s.y.n.a.p.s.e.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\NLog.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):861968
                                                                                                                                                                                                              Entropy (8bit):5.995830941451248
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:eMfWnunGn2PG3ssAjzGHkRnnPiUQPnkbEXtNtFxdtv:lfWnunGn2PG3ssX3ntFxnv
                                                                                                                                                                                                              MD5:6B99CC30BB8A163094CABD9454E3FB61
                                                                                                                                                                                                              SHA1:AFBB727B1D827803BB326AB8C89E70602F85E1B0
                                                                                                                                                                                                              SHA-256:B911867EF2213E93D6DDAEDF37CEEB8022A6AADF2BD0DA31DBC75040F3802B15
                                                                                                                                                                                                              SHA-512:75A9419E447E1B7B71391AE53052B3C58582B52636B4AEE70C8DC0A6E837D74245533F380DCC270DB1C25B8AF406A5FC9A20026C56BB3506654229AE95536621
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....51..........." ..0......B......N.... ........... .......................@.......[....`.....................................O........?...............'... ......@...T............................................ ............... ..H............text....... ...................... ..`.rsrc....?.......@..................@..@.reloc....... ......................@..B........................H........b...v..........x...H.............................................(X...*..(X...*..(X...*..(X...*:.(X.....}....*..{....*..(X...*:.(X.....}....*..{....*..{....*..{....*~.(X..........}...........}....*~.(X..........}...........}....*...0...........(X...........%.}.....}....*.0...........(X...........%.}.....}....*..(X...*..(X...*..(X...*:.(X.....}....*..{....*&...(....*V.(X.....}......}....*..{....*..{....*"..(....*:.(X.....}....*..{....*..(X...*:.(X.....}....*..{....*&.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\NLog.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):861968
                                                                                                                                                                                                              Entropy (8bit):5.995830941451248
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:eMfWnunGn2PG3ssAjzGHkRnnPiUQPnkbEXtNtFxdtv:lfWnunGn2PG3ssX3ntFxnv
                                                                                                                                                                                                              MD5:6B99CC30BB8A163094CABD9454E3FB61
                                                                                                                                                                                                              SHA1:AFBB727B1D827803BB326AB8C89E70602F85E1B0
                                                                                                                                                                                                              SHA-256:B911867EF2213E93D6DDAEDF37CEEB8022A6AADF2BD0DA31DBC75040F3802B15
                                                                                                                                                                                                              SHA-512:75A9419E447E1B7B71391AE53052B3C58582B52636B4AEE70C8DC0A6E837D74245533F380DCC270DB1C25B8AF406A5FC9A20026C56BB3506654229AE95536621
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....51..........." ..0......B......N.... ........... .......................@.......[....`.....................................O........?...............'... ......@...T............................................ ............... ..H............text....... ...................... ..`.rsrc....?.......@..................@..@.reloc....... ......................@..B........................H........b...v..........x...H.............................................(X...*..(X...*..(X...*..(X...*:.(X.....}....*..{....*..(X...*:.(X.....}....*..{....*..{....*..{....*~.(X..........}...........}....*~.(X..........}...........}....*...0...........(X...........%.}.....}....*.0...........(X...........%.}.....}....*..(X...*..(X...*..(X...*:.(X.....}....*..{....*&...(....*V.(X.....}......}....*..{....*..{....*"..(....*:.(X.....}....*..{....*..(X...*:.(X.....}....*..{....*&.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\PatchExceptionalEID.json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):131
                                                                                                                                                                                                              Entropy (8bit):3.3536071292473113
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:6eovX1MBHtcTY/FCshN/NSN7co/X1MBHtUStshN/NIFtFtkn:6eovXGB8Y/YAN/NSN7Z/XGBbAN/NaFtk
                                                                                                                                                                                                              MD5:1A102291D5EB3146FFD0BE2969EE0EAE
                                                                                                                                                                                                              SHA1:F35B9158D851D1FFE1A5DFDE74CFECD2EC2BAD94
                                                                                                                                                                                                              SHA-256:0F667D54883D3BA72A8A0CFA864431F79D74905E92976BE0611706B1191C3C45
                                                                                                                                                                                                              SHA-512:56A987B077F88F0806B7DAF1EDA464FC393279A48859ABED0B6ED942056E0D8F3BACDAC7FBDCC40362FD1ADD47D6D81C7B9559083A567D37365C1B275C44E017
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[ {.. "pid": 96,.. "EID": [.. 145.. ].. },.. {.. "pid": 178,.. "EID": [.. 145,.. 146.. ].. }]..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\PatchExceptionalEID.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):131
                                                                                                                                                                                                              Entropy (8bit):3.3536071292473113
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:6eovX1MBHtcTY/FCshN/NSN7co/X1MBHtUStshN/NIFtFtkn:6eovXGB8Y/YAN/NSN7Z/XGBbAN/NaFtk
                                                                                                                                                                                                              MD5:1A102291D5EB3146FFD0BE2969EE0EAE
                                                                                                                                                                                                              SHA1:F35B9158D851D1FFE1A5DFDE74CFECD2EC2BAD94
                                                                                                                                                                                                              SHA-256:0F667D54883D3BA72A8A0CFA864431F79D74905E92976BE0611706B1191C3C45
                                                                                                                                                                                                              SHA-512:56A987B077F88F0806B7DAF1EDA464FC393279A48859ABED0B6ED942056E0D8F3BACDAC7FBDCC40362FD1ADD47D6D81C7B9559083A567D37365C1B275C44E017
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[ {.. "pid": 96,.. "EID": [.. 145.. ].. },.. {.. "pid": 178,.. "EID": [.. 145,.. 146.. ].. }]..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):113928
                                                                                                                                                                                                              Entropy (8bit):6.249624856112993
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:oBA081klxEy7HrnZuyrFIH2gXryoYpLhlKpqEPl2h+7HxK:oTxEy77QyrFU2gXryoYjIPch+8
                                                                                                                                                                                                              MD5:95C0670F99FB82CFA73FFF92E19137C0
                                                                                                                                                                                                              SHA1:D0A05653118F6F0613FCA0045B3EFFFAD3523FC3
                                                                                                                                                                                                              SHA-256:AC1DF4374C693533C51C116970645344CC43B7150F091A42847856A08C60CB8C
                                                                                                                                                                                                              SHA-512:D9E7C13C20C1BF23DC19387733328E0EB2E3754AF29ABB37D5C143EFCC4DCA792ED5B7AB6A4832FC7463C6BF0379F6527B1E8B8E91CABA301B5EBD133FC4AB5E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G..)...)...).......).q...)...(...).......)...(...)...*...)...,...)...-...).;.,...).>....).......).;.+...).Rich..).................PE..L...M.kf...........!.....@...V.......N.......P.......................................k....@..................................X.......... 2...............'......H...pR..T............................R..@............P.............. Q..H............text....>.......@.................. ..`.rdata..0....P.......D..............@..@.data...T....`.......T..............@....gfids..D....p.......Z..............@..@.rsrc... 2.......4...\..............@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\Razer.DetectManagerWrapper.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):113928
                                                                                                                                                                                                              Entropy (8bit):6.249624856112993
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:oBA081klxEy7HrnZuyrFIH2gXryoYpLhlKpqEPl2h+7HxK:oTxEy77QyrFU2gXryoYjIPch+8
                                                                                                                                                                                                              MD5:95C0670F99FB82CFA73FFF92E19137C0
                                                                                                                                                                                                              SHA1:D0A05653118F6F0613FCA0045B3EFFFAD3523FC3
                                                                                                                                                                                                              SHA-256:AC1DF4374C693533C51C116970645344CC43B7150F091A42847856A08C60CB8C
                                                                                                                                                                                                              SHA-512:D9E7C13C20C1BF23DC19387733328E0EB2E3754AF29ABB37D5C143EFCC4DCA792ED5B7AB6A4832FC7463C6BF0379F6527B1E8B8E91CABA301B5EBD133FC4AB5E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G..)...)...).......).q...)...(...).......)...(...)...*...)...,...)...-...).;.,...).>....).......).;.+...).Rich..).................PE..L...M.kf...........!.....@...V.......N.......P.......................................k....@..................................X.......... 2...............'......H...pR..T............................R..@............P.............. Q..H............text....>.......@.................. ..`.rdata..0....P.......D..............@..@.data...T....`.......T..............@....gfids..D....p.......Z..............@..@.rsrc... 2.......4...\..............@..@.reloc..H...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3281672
                                                                                                                                                                                                              Entropy (8bit):6.844990091444059
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:NyTBSWf7I7o0aj60smzLYTS64q9ilZzs0CbpBYja+In8CSUm2YyfhhdqWm3ZE:NyTB1Z0aj60pL/qGzsRpjbSUpWC
                                                                                                                                                                                                              MD5:B16D9FE55B6A07A2D303CB09AE60F542
                                                                                                                                                                                                              SHA1:8D3FA4D10B6EC3CC861F146C8E08E77F1AE90A12
                                                                                                                                                                                                              SHA-256:25122DFEC11DD426178186266102E13E1EF0E3E31F5610222D47116C5D2400F5
                                                                                                                                                                                                              SHA-512:1F2E86488FE2B0F5A8962A46341DB4F9734BF04CD2021926644015228A6B706957D1A50A5603AA82811FDD8200092098FCBB73BB842C043CF6D2E43FF056C105
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!..0...1...........2.. ... 2...... .......................`2......2...`...................................2.O.... 2.\.............1..'...@2.....h.1.............................................. ............... ..H............text.....1.. ....1................. ..`.rsrc...\.... 2.......1.............@..@.reloc.......@2.......1.............@..B..................2.....H............)...........%..p.'.........................................>. 4......(7...*2......o8...*:........o9...*.0..,........o:...r...p $...........%...%....o;...t....*&...o<...*..(=...*6.(>....(....*F.~....(?...t....*6.~.....(@...*.0..$........{....,.*..}....r!..p.sA......(B...*.0..i.........YE................,...9...F...S...`...m...z...........................................8......t....}....*..t ...}....*..t ...}....*..t!...}....*..t"...}....*..t"...}....*..t#...}....*

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\Razer.RazerInstallerCommon.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):3281672
                                                                                                                                                                                                              Entropy (8bit):6.844990091444059
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:NyTBSWf7I7o0aj60smzLYTS64q9ilZzs0CbpBYja+In8CSUm2YyfhhdqWm3ZE:NyTB1Z0aj60pL/qGzsRpjbSUpWC
                                                                                                                                                                                                              MD5:B16D9FE55B6A07A2D303CB09AE60F542
                                                                                                                                                                                                              SHA1:8D3FA4D10B6EC3CC861F146C8E08E77F1AE90A12
                                                                                                                                                                                                              SHA-256:25122DFEC11DD426178186266102E13E1EF0E3E31F5610222D47116C5D2400F5
                                                                                                                                                                                                              SHA-512:1F2E86488FE2B0F5A8962A46341DB4F9734BF04CD2021926644015228A6B706957D1A50A5603AA82811FDD8200092098FCBB73BB842C043CF6D2E43FF056C105
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!..0...1...........2.. ... 2...... .......................`2......2...`...................................2.O.... 2.\.............1..'...@2.....h.1.............................................. ............... ..H............text.....1.. ....1................. ..`.rsrc...\.... 2.......1.............@..@.reloc.......@2.......1.............@..B..................2.....H............)...........%..p.'.........................................>. 4......(7...*2......o8...*:........o9...*.0..,........o:...r...p $...........%...%....o;...t....*&...o<...*..(=...*6.(>....(....*F.~....(?...t....*6.~.....(@...*.0..$........{....,.*..}....r!..p.sA......(B...*.0..i.........YE................,...9...F...S...`...m...z...........................................8......t....}....*..t ...}....*..t ...}....*..t!...}....*..t"...}....*..t"...}....*..t#...}....*

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4492040
                                                                                                                                                                                                              Entropy (8bit):6.105815733645057
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:QsU6js0T9MSjlEtgtz4cO5c7yGjhCSA/Bkj0hK:DUdVcojSA+
                                                                                                                                                                                                              MD5:7046AAC6CAEE64EF664508D999DA39D3
                                                                                                                                                                                                              SHA1:AC9DDB52BC9EC98A88033BF5D79E7ED1423CA791
                                                                                                                                                                                                              SHA-256:75FA6B29EC799B9FE489167C03C06AF2B4CA6D97B8F1694DA03B25CEA7F37838
                                                                                                                                                                                                              SHA-512:7F7FE7D3753191B32CAAE5F901A0751C56EE7CEAE3E1331883A9C039436D786CABB00189356192574131F7740C7E6B6803B37611551639AEBD2B5C4AE74E9526
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.kf..............0...@.........~.@.. ....@...@.. ........................D.....q.E...`.................................,.@.O.....@..............dD..'....D.......@.............................................. ............... ..H............text.....@.. ....@................. ..`.rsrc.........@.......@.............@..@.reloc........D......bD.............@..B................`.@.....H........>..|N...... ...D....N@.........................................f.(.....o.....(....o....&*...0............(....(....~:...%-.&~9.....0...s ...%.:...o!....o"...~;...%-.&~9.....1...s#...%.;...(...+.o"...~<...%-.&~9.....2...s#...%.<...(...+..o"...~=...%-.&~9.....3...s#...%.=...(...+~%....,..o"....o"...r...p(...+.X..('.....((...*f..((....(.... @...o)...&*.0../.........(*...}?......}>.....|?.....(...+..|?...(,...*..(-...*..0...........s....}.....(/....(.....(0...(1.....}...

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.config (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):635
                                                                                                                                                                                                              Entropy (8bit):5.080473303869362
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:MMHdGGsVur+LNFF7ap+5v+ZgmuGqf/2/dFicY03Ojm3xm:JdjrcPF7Nv+qmuvH2/X9jS
                                                                                                                                                                                                              MD5:1CBC9248F7468783548B2B23EE029D2A
                                                                                                                                                                                                              SHA1:543DA727378029DDEB225CE03271F4EC6486C5D9
                                                                                                                                                                                                              SHA-256:895D6569A9DEC15595621A04A122D7CC0242E455E31A4F048ADA9B85156BAF24
                                                                                                                                                                                                              SHA-512:F81DB797A8571900BA90759262723BFC071934DA4D2E85364A56BD5401D1E5DD881983F79233E3CDD7B9C8DDE29314B160880B402E17CD039007A8FBD23CFB6D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.Practices.ServiceLocation" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-1.3.0.0" newVersion="1.3.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>.. <appSettings>.. <add key="Theme" value="Dark" />.. </appSettings>..</configuration>..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.config.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):635
                                                                                                                                                                                                              Entropy (8bit):5.080473303869362
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:MMHdGGsVur+LNFF7ap+5v+ZgmuGqf/2/dFicY03Ojm3xm:JdjrcPF7Nv+qmuvH2/X9jS
                                                                                                                                                                                                              MD5:1CBC9248F7468783548B2B23EE029D2A
                                                                                                                                                                                                              SHA1:543DA727378029DDEB225CE03271F4EC6486C5D9
                                                                                                                                                                                                              SHA-256:895D6569A9DEC15595621A04A122D7CC0242E455E31A4F048ADA9B85156BAF24
                                                                                                                                                                                                              SHA-512:F81DB797A8571900BA90759262723BFC071934DA4D2E85364A56BD5401D1E5DD881983F79233E3CDD7B9C8DDE29314B160880B402E17CD039007A8FBD23CFB6D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.Practices.ServiceLocation" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-1.3.0.0" newVersion="1.3.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>.. <appSettings>.. <add key="Theme" value="Dark" />.. </appSettings>..</configuration>..

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4492040
                                                                                                                                                                                                              Entropy (8bit):6.105815733645057
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:QsU6js0T9MSjlEtgtz4cO5c7yGjhCSA/Bkj0hK:DUdVcojSA+
                                                                                                                                                                                                              MD5:7046AAC6CAEE64EF664508D999DA39D3
                                                                                                                                                                                                              SHA1:AC9DDB52BC9EC98A88033BF5D79E7ED1423CA791
                                                                                                                                                                                                              SHA-256:75FA6B29EC799B9FE489167C03C06AF2B4CA6D97B8F1694DA03B25CEA7F37838
                                                                                                                                                                                                              SHA-512:7F7FE7D3753191B32CAAE5F901A0751C56EE7CEAE3E1331883A9C039436D786CABB00189356192574131F7740C7E6B6803B37611551639AEBD2B5C4AE74E9526
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i.kf..............0...@.........~.@.. ....@...@.. ........................D.....q.E...`.................................,.@.O.....@..............dD..'....D.......@.............................................. ............... ..H............text.....@.. ....@................. ..`.rsrc.........@.......@.............@..@.reloc........D......bD.............@..B................`.@.....H........>..|N...... ...D....N@.........................................f.(.....o.....(....o....&*...0............(....(....~:...%-.&~9.....0...s ...%.:...o!....o"...~;...%-.&~9.....1...s#...%.;...(...+.o"...~<...%-.&~9.....2...s#...%.<...(...+..o"...~=...%-.&~9.....3...s#...%.=...(...+~%....,..o"....o"...r...p(...+.X..('.....((...*f..((....(.... @...o)...&*.0../.........(*...}?......}>.....|?.....(...+..|?...(,...*..(-...*..0...........s....}.....(/....(.....(0...(1.....}...

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.976424624702251
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:0IO5WMuXhWWpO5A9YOCAs/nGfe4pBjS7oT13iWYyieHaVWQ4SWJvaqnajnR5fXFy:0BW7hWv57A0GftpBjbxIg6ECl9OIVnO
                                                                                                                                                                                                              MD5:11E55839FCB3A53BDFED2A27FB7D5E80
                                                                                                                                                                                                              SHA1:E585A1ED88696CD310C12F91FFA27F17F354B4F4
                                                                                                                                                                                                              SHA-256:F6BDC8FFD172B44F4D169707D9A457AEEF619872661229B8629EE4F15EEFFF0D
                                                                                                                                                                                                              SHA-512:BEC9419E35DE03CC145B3C974833F73F1A5082D886DE4739351B93BB4CC6C0234EFD0E35AD845FABA83FA600C4A7D5343EAAE949A837D00D5528E6DB79438EE4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......5....@.............................+............ ...................<..............8............................................................................text...;........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-console-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.976424624702251
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:0IO5WMuXhWWpO5A9YOCAs/nGfe4pBjS7oT13iWYyieHaVWQ4SWJvaqnajnR5fXFy:0BW7hWv57A0GftpBjbxIg6ECl9OIVnO
                                                                                                                                                                                                              MD5:11E55839FCB3A53BDFED2A27FB7D5E80
                                                                                                                                                                                                              SHA1:E585A1ED88696CD310C12F91FFA27F17F354B4F4
                                                                                                                                                                                                              SHA-256:F6BDC8FFD172B44F4D169707D9A457AEEF619872661229B8629EE4F15EEFFF0D
                                                                                                                                                                                                              SHA-512:BEC9419E35DE03CC145B3C974833F73F1A5082D886DE4739351B93BB4CC6C0234EFD0E35AD845FABA83FA600C4A7D5343EAAE949A837D00D5528E6DB79438EE4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......5....@.............................+............ ...................<..............8............................................................................text...;........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.9837008370699465
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0bW7hWQ57A0GftpBjWwTFg6HPaol9OIVnt:0MXPiwwgH2T
                                                                                                                                                                                                              MD5:9F3CF9F22836C32D988D7C7E0A977E1B
                                                                                                                                                                                                              SHA1:1E7BBD6175BDB04826E60DE07AA496493C9B3A3B
                                                                                                                                                                                                              SHA-256:7D588A5A958E32875D7BD346D1371E6EBFD9D5D2EDE47755942BADFC9C74E207
                                                                                                                                                                                                              SHA-512:16C98E6AEC67FFE4558C6D3F881301490BE5D8A714C1ADC6735005613251ADB8E1C2CB9B1C0D2504A9A99C61A06B0E30C944CA603FC00FBB18CD20BA1C9BD697
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......-*....@.......................................... ...................<..............8............................................................................text... ........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-datetime-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.9837008370699465
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0bW7hWQ57A0GftpBjWwTFg6HPaol9OIVnt:0MXPiwwgH2T
                                                                                                                                                                                                              MD5:9F3CF9F22836C32D988D7C7E0A977E1B
                                                                                                                                                                                                              SHA1:1E7BBD6175BDB04826E60DE07AA496493C9B3A3B
                                                                                                                                                                                                              SHA-256:7D588A5A958E32875D7BD346D1371E6EBFD9D5D2EDE47755942BADFC9C74E207
                                                                                                                                                                                                              SHA-512:16C98E6AEC67FFE4558C6D3F881301490BE5D8A714C1ADC6735005613251ADB8E1C2CB9B1C0D2504A9A99C61A06B0E30C944CA603FC00FBB18CD20BA1C9BD697
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......-*....@.......................................... ...................<..............8............................................................................text... ........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.987679084821931
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0XW7hWlwIp68A0GftpBjuy1g6al9OIVnQ:046ib1grC
                                                                                                                                                                                                              MD5:64978E199A7239D2C911876447A7F05B
                                                                                                                                                                                                              SHA1:0048CE6724DB08C64441CE6E573676BC8AE94BF9
                                                                                                                                                                                                              SHA-256:92B947F1D6236F86ED7E105CFF19E23C13D1968861426511B775905E1D26B47A
                                                                                                                                                                                                              SHA-512:9C64211895473FFC7162B56B0B8E732DEC54CF03EA9B9B36FE3CC3339C35FC71FC7173D4E146989DB399CB1BCB063079378BB6F778F7D2591CD545550038397C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......w.....@.......................................... ...................<..............8............................................................................text...+........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-debug-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.987679084821931
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0XW7hWlwIp68A0GftpBjuy1g6al9OIVnQ:046ib1grC
                                                                                                                                                                                                              MD5:64978E199A7239D2C911876447A7F05B
                                                                                                                                                                                                              SHA1:0048CE6724DB08C64441CE6E573676BC8AE94BF9
                                                                                                                                                                                                              SHA-256:92B947F1D6236F86ED7E105CFF19E23C13D1968861426511B775905E1D26B47A
                                                                                                                                                                                                              SHA-512:9C64211895473FFC7162B56B0B8E732DEC54CF03EA9B9B36FE3CC3339C35FC71FC7173D4E146989DB399CB1BCB063079378BB6F778F7D2591CD545550038397C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......w.....@.......................................... ...................<..............8............................................................................text...+........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.018154189425805
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:01z0W7hWDwIp68A0GftpBj8g65l9OIVnB:01zJIiqgI3
                                                                                                                                                                                                              MD5:9D74D89F2679C0C5DDB35A1EF30BD182
                                                                                                                                                                                                              SHA1:22EAED07A6E477A4001F9467B5462CF4CC15CC16
                                                                                                                                                                                                              SHA-256:E207FFC6FEF144E5D393E79DE75F8F20D223F1AC33A011EEB822D30FA2031046
                                                                                                                                                                                                              SHA-512:725626E961D32398EA5AA120AC0339DEEB493FC02EE7EF4D8E586173FDBF768B5CBB1F16F093AE4ECFEE87E661170F8F832777640A353DF5D651AF4A62A2D819
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-errorhandling-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.018154189425805
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:01z0W7hWDwIp68A0GftpBj8g65l9OIVnB:01zJIiqgI3
                                                                                                                                                                                                              MD5:9D74D89F2679C0C5DDB35A1EF30BD182
                                                                                                                                                                                                              SHA1:22EAED07A6E477A4001F9467B5462CF4CC15CC16
                                                                                                                                                                                                              SHA-256:E207FFC6FEF144E5D393E79DE75F8F20D223F1AC33A011EEB822D30FA2031046
                                                                                                                                                                                                              SHA-512:725626E961D32398EA5AA120AC0339DEEB493FC02EE7EF4D8E586173FDBF768B5CBB1F16F093AE4ECFEE87E661170F8F832777640A353DF5D651AF4A62A2D819
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22208
                                                                                                                                                                                                              Entropy (8bit):6.915669684436143
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0JPvVX/W7hWLwIp68A0GftpBjXeg6L4l6UzPp:0JPvVXAAi8gHV
                                                                                                                                                                                                              MD5:D826D27C73D9F2420FB39FBE0745C7F0
                                                                                                                                                                                                              SHA1:6E68E239F1A58185C7DAD0FCFAAC9ECFD2E5726C
                                                                                                                                                                                                              SHA-256:C0E5D482BD93BF71A73C01D0C1EC0722EA3260EBA1F4C87E797BAE334B5E9870
                                                                                                                                                                                                              SHA-512:C49843EB10E4E54C66E0E194DBD29CEAB9094BDFE745B6A858CB03E34D73A6326F54804E5E5505DEACC87146CBDFBA17A0F02E62E76C685BCE0CD1FF41962FF4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!.........................0...............................@......^.....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22208
                                                                                                                                                                                                              Entropy (8bit):6.915669684436143
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0JPvVX/W7hWLwIp68A0GftpBjXeg6L4l6UzPp:0JPvVXAAi8gHV
                                                                                                                                                                                                              MD5:D826D27C73D9F2420FB39FBE0745C7F0
                                                                                                                                                                                                              SHA1:6E68E239F1A58185C7DAD0FCFAAC9ECFD2E5726C
                                                                                                                                                                                                              SHA-256:C0E5D482BD93BF71A73C01D0C1EC0722EA3260EBA1F4C87E797BAE334B5E9870
                                                                                                                                                                                                              SHA-512:C49843EB10E4E54C66E0E194DBD29CEAB9094BDFE745B6A858CB03E34D73A6326F54804E5E5505DEACC87146CBDFBA17A0F02E62E76C685BCE0CD1FF41962FF4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!.........................0...............................@......^.....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.99684155170919
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0sW7hWGwIp68A0GftpBjk2g6PBl5AVgk8g:0h3iVgSeVWg
                                                                                                                                                                                                              MD5:EC4F2CB68DCF7E96516EB284003BE8BB
                                                                                                                                                                                                              SHA1:FB9237719B5E21B9DB176E41BDF125E6E7C01B11
                                                                                                                                                                                                              SHA-256:3816BBB7DD76D8FC6A7B83A0ED2F61B23DD5FC0843D3308EE077CB725D5C9088
                                                                                                                                                                                                              SHA-512:6CBDA80C476A9FCF46458CAC45229C96DC9DF251230531E25088E834CD954DB9FF4561E744F76495F9C57A4068B7635C72C6F9FF838436C54142297EE310B236
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......DT....@.............................L............ ...................<..............8............................................................................text...\........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l1-2-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.99684155170919
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0sW7hWGwIp68A0GftpBjk2g6PBl5AVgk8g:0h3iVgSeVWg
                                                                                                                                                                                                              MD5:EC4F2CB68DCF7E96516EB284003BE8BB
                                                                                                                                                                                                              SHA1:FB9237719B5E21B9DB176E41BDF125E6E7C01B11
                                                                                                                                                                                                              SHA-256:3816BBB7DD76D8FC6A7B83A0ED2F61B23DD5FC0843D3308EE077CB725D5C9088
                                                                                                                                                                                                              SHA-512:6CBDA80C476A9FCF46458CAC45229C96DC9DF251230531E25088E834CD954DB9FF4561E744F76495F9C57A4068B7635C72C6F9FF838436C54142297EE310B236
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......DT....@.............................L............ ...................<..............8............................................................................text...\........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.059361185931904
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:dW7hWkwIp68A0GftpBj/mfg6mTxl6Uz8p:21iBmfgDe
                                                                                                                                                                                                              MD5:B9287EB7BCBFDCEC2E8D4198FD266509
                                                                                                                                                                                                              SHA1:1375B6FF6121EC140668881F4A0B02F0C517F6C7
                                                                                                                                                                                                              SHA-256:096409422ECD1894E4D6289FD2D1C7490BD83DAFF0C1E3D16C36C78BD477B895
                                                                                                                                                                                                              SHA-512:B86348D3F42D0FF465066A14C281088C73EC5E03EFACDAABE27A410B054A8A81B438D7E5D030B0D95F53B07783911B8B8200581D4E0B6F1B3CC79F4AAE1D67DF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....*.V...........!......................... ...............................0.......H....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-file-l2-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.059361185931904
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:dW7hWkwIp68A0GftpBj/mfg6mTxl6Uz8p:21iBmfgDe
                                                                                                                                                                                                              MD5:B9287EB7BCBFDCEC2E8D4198FD266509
                                                                                                                                                                                                              SHA1:1375B6FF6121EC140668881F4A0B02F0C517F6C7
                                                                                                                                                                                                              SHA-256:096409422ECD1894E4D6289FD2D1C7490BD83DAFF0C1E3D16C36C78BD477B895
                                                                                                                                                                                                              SHA-512:B86348D3F42D0FF465066A14C281088C73EC5E03EFACDAABE27A410B054A8A81B438D7E5D030B0D95F53B07783911B8B8200581D4E0B6F1B3CC79F4AAE1D67DF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....*.V...........!......................... ...............................0.......H....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.002343612500237
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:/W7hW6awIp68A0GftpBjasg67llcEbP7JzYl:AwiAsgQ9lzYl
                                                                                                                                                                                                              MD5:6A35A52D536E34BA060A19D06B1DAC80
                                                                                                                                                                                                              SHA1:0494A9CBF898E5BABB6E697FC2DE04A128D2FC35
                                                                                                                                                                                                              SHA-256:A369EF130749BF8CD9F67055179E6F537F200C060AF47493D49473912A95021E
                                                                                                                                                                                                              SHA-512:A8AEB58BCF4B314212C2AB5A8FD3C2EDEB97E680F774171D4A79390AA23BB62A414AEF0ECD5286FFB68B7ED8F6E713FF1892D6D4CC2CBB67DE916C6062E762D9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0............@............................._............ ...................<..............8............................................................................text...o........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-handle-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.002343612500237
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:/W7hW6awIp68A0GftpBjasg67llcEbP7JzYl:AwiAsgQ9lzYl
                                                                                                                                                                                                              MD5:6A35A52D536E34BA060A19D06B1DAC80
                                                                                                                                                                                                              SHA1:0494A9CBF898E5BABB6E697FC2DE04A128D2FC35
                                                                                                                                                                                                              SHA-256:A369EF130749BF8CD9F67055179E6F537F200C060AF47493D49473912A95021E
                                                                                                                                                                                                              SHA-512:A8AEB58BCF4B314212C2AB5A8FD3C2EDEB97E680F774171D4A79390AA23BB62A414AEF0ECD5286FFB68B7ED8F6E713FF1892D6D4CC2CBB67DE916C6062E762D9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0............@............................._............ ...................<..............8............................................................................text...o........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.963261394858369
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0aliW7hW5wIp68A0GftpBjQg6nMl9OIVnZ:0imiOgyCX
                                                                                                                                                                                                              MD5:EE5C2FB7BC23BFD06FF32556CC7C3B4D
                                                                                                                                                                                                              SHA1:5D60EBF016219BBEC340D353A4FA541FFF596D3F
                                                                                                                                                                                                              SHA-256:EFC9F0E32BCE971900DDF66A1A9E68DAA3BFB2099A1BA9F24C6EE82DA2CBD6E8
                                                                                                                                                                                                              SHA-512:5D1B8A130C27D8EB63CA0C836BDF63E76AFB311DE26ED4F25B073BDA843EBFA25E136849E3882822257E3783058F30AF818A96764D60821A40329CFF4E1BADAC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......Z$....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-heap-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.963261394858369
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0aliW7hW5wIp68A0GftpBjQg6nMl9OIVnZ:0imiOgyCX
                                                                                                                                                                                                              MD5:EE5C2FB7BC23BFD06FF32556CC7C3B4D
                                                                                                                                                                                                              SHA1:5D60EBF016219BBEC340D353A4FA541FFF596D3F
                                                                                                                                                                                                              SHA-256:EFC9F0E32BCE971900DDF66A1A9E68DAA3BFB2099A1BA9F24C6EE82DA2CBD6E8
                                                                                                                                                                                                              SHA-512:5D1B8A130C27D8EB63CA0C836BDF63E76AFB311DE26ED4F25B073BDA843EBFA25E136849E3882822257E3783058F30AF818A96764D60821A40329CFF4E1BADAC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......Z$....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.979328925691928
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:FlYsF2W7hWewIp68A0GftpBjjUg6plcEbP7Jh:dbiygelh
                                                                                                                                                                                                              MD5:48A5E206D92F3102256EC65E8D570EE0
                                                                                                                                                                                                              SHA1:76024FAD398DFA4734AFCE0CC2E5AC117F090BA6
                                                                                                                                                                                                              SHA-256:A272AE4FC60E511F48950B08F106FCDD3BC86831DF908EE78D630F1AE921880C
                                                                                                                                                                                                              SHA-512:65407DA566B571E050C25448BE6042E84B0C1C7248422CBA00B543AF9DE425A723B0C7C54C4EB6F534E42B1679A058562D500875DDC4F2B52E6B8E6107B1B575
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text...$........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-interlocked-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.979328925691928
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:FlYsF2W7hWewIp68A0GftpBjjUg6plcEbP7Jh:dbiygelh
                                                                                                                                                                                                              MD5:48A5E206D92F3102256EC65E8D570EE0
                                                                                                                                                                                                              SHA1:76024FAD398DFA4734AFCE0CC2E5AC117F090BA6
                                                                                                                                                                                                              SHA-256:A272AE4FC60E511F48950B08F106FCDD3BC86831DF908EE78D630F1AE921880C
                                                                                                                                                                                                              SHA-512:65407DA566B571E050C25448BE6042E84B0C1C7248422CBA00B543AF9DE425A723B0C7C54C4EB6F534E42B1679A058562D500875DDC4F2B52E6B8E6107B1B575
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text...$........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.020541486658728
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0lvuBL3BGW7hW0wIp68A0GftpBjrg6EqlCXpfAPw:0sBL3BDpiFg1wPw
                                                                                                                                                                                                              MD5:E33F52E89DFC376EAF7AA655F260CA76
                                                                                                                                                                                                              SHA1:B66E1F934F491544190714966031B6DFD2E349EC
                                                                                                                                                                                                              SHA-256:0BD03E89A539AAA3100E2F7D9A058964730320E55AEE1F85BE8FD243EEA7017A
                                                                                                                                                                                                              SHA-512:95CB889599801BA7FA225B633D0FE25FDCC8B495DEE5EBA05B15A6E53A8A3643B5DEFE1A881236C40F4FA4365D6775ECE067DBB526AFDF2015F4D1355C9DFC57
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......x....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-libraryloader-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.020541486658728
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0lvuBL3BGW7hW0wIp68A0GftpBjrg6EqlCXpfAPw:0sBL3BDpiFg1wPw
                                                                                                                                                                                                              MD5:E33F52E89DFC376EAF7AA655F260CA76
                                                                                                                                                                                                              SHA1:B66E1F934F491544190714966031B6DFD2E349EC
                                                                                                                                                                                                              SHA-256:0BD03E89A539AAA3100E2F7D9A058964730320E55AEE1F85BE8FD243EEA7017A
                                                                                                                                                                                                              SHA-512:95CB889599801BA7FA225B633D0FE25FDCC8B495DEE5EBA05B15A6E53A8A3643B5DEFE1A881236C40F4FA4365D6775ECE067DBB526AFDF2015F4D1355C9DFC57
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......x....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):21184
                                                                                                                                                                                                              Entropy (8bit):6.996932834877981
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0IOMw3zdp3bwjGjue9/0jCRrndbNW7hWVwIp68A0GftpBj9g6ylcEbP7J3:0IOMwBprwjGjue9/0jCRrndbmOiPg9l3
                                                                                                                                                                                                              MD5:DBB81FCC74C59490008EE59BFFFF5A6D
                                                                                                                                                                                                              SHA1:EDBB465AB3BEA3A4DF3F05E5A4E816EDBE195C3B
                                                                                                                                                                                                              SHA-256:F33E6AC5D3E1C4F1D89564FB6AEEAC170486C073B67694380755049DBC48EEC1
                                                                                                                                                                                                              SHA-512:2847A73E952BD5F2448264E0BFC8DC1DCD37F8B02D6D6F525EF0CB69C8E634FDCC4637876361B22C53244659039ED305C015435834B61EEA15015FED45E9C374
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0....... ....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-localization-l1-2-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):21184
                                                                                                                                                                                                              Entropy (8bit):6.996932834877981
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0IOMw3zdp3bwjGjue9/0jCRrndbNW7hWVwIp68A0GftpBj9g6ylcEbP7J3:0IOMwBprwjGjue9/0jCRrndbmOiPg9l3
                                                                                                                                                                                                              MD5:DBB81FCC74C59490008EE59BFFFF5A6D
                                                                                                                                                                                                              SHA1:EDBB465AB3BEA3A4DF3F05E5A4E816EDBE195C3B
                                                                                                                                                                                                              SHA-256:F33E6AC5D3E1C4F1D89564FB6AEEAC170486C073B67694380755049DBC48EEC1
                                                                                                                                                                                                              SHA-512:2847A73E952BD5F2448264E0BFC8DC1DCD37F8B02D6D6F525EF0CB69C8E634FDCC4637876361B22C53244659039ED305C015435834B61EEA15015FED45E9C374
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0....... ....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.993175101529438
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:epW7hW0wIp68A0GftpBj0Ng6llcEbP7JnKd:rRi6NgalKd
                                                                                                                                                                                                              MD5:0EE9E0C830A7534DCFC9BE72146796F9
                                                                                                                                                                                                              SHA1:CECC860B494135482AE693F8E252301073A98578
                                                                                                                                                                                                              SHA-256:8F3F0FD765A37F48162F0BD00C3047E79B4EDA355223BFCBED4D35B51349CFCC
                                                                                                                                                                                                              SHA-512:47161E02F4478464AB45C1E3BF9D244D34613E0E68EBE48511A9A0C4E7F8DDB0C1DFD59707C6968C5D76D5027CD19EF748D1235BF74B976410EA6672A6A4BCAF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......f.....@.............................l............ ...................<..............8............................................................................text...|........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-memory-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.993175101529438
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:epW7hW0wIp68A0GftpBj0Ng6llcEbP7JnKd:rRi6NgalKd
                                                                                                                                                                                                              MD5:0EE9E0C830A7534DCFC9BE72146796F9
                                                                                                                                                                                                              SHA1:CECC860B494135482AE693F8E252301073A98578
                                                                                                                                                                                                              SHA-256:8F3F0FD765A37F48162F0BD00C3047E79B4EDA355223BFCBED4D35B51349CFCC
                                                                                                                                                                                                              SHA-512:47161E02F4478464AB45C1E3BF9D244D34613E0E68EBE48511A9A0C4E7F8DDB0C1DFD59707C6968C5D76D5027CD19EF748D1235BF74B976410EA6672A6A4BCAF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......f.....@.............................l............ ...................<..............8............................................................................text...|........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.0485006476528085
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0vW7hWkwIp68A0GftpBjZyg6mHPUPlCXpfAPuH:0w1i2gpPUdPk
                                                                                                                                                                                                              MD5:1557093ADD722D1C5A97C359BFCD0D77
                                                                                                                                                                                                              SHA1:A8CE995F00A12A81A13D3EF47CE0834178ED69A4
                                                                                                                                                                                                              SHA-256:3A20635A223E68418C22858413E8C603AAC25723DE1CB0F54DD675349EC3213D
                                                                                                                                                                                                              SHA-512:B7ACD6882B4D36B52F1E49E4B61DDD025DE8503F765B72C94EC5A0D85B6CED513C348F7C4898675728C851A2632AD71C78937CDEC9DFF994B7B27ED2D85CDDDD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......v.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-namedpipe-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.0485006476528085
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0vW7hWkwIp68A0GftpBjZyg6mHPUPlCXpfAPuH:0w1i2gpPUdPk
                                                                                                                                                                                                              MD5:1557093ADD722D1C5A97C359BFCD0D77
                                                                                                                                                                                                              SHA1:A8CE995F00A12A81A13D3EF47CE0834178ED69A4
                                                                                                                                                                                                              SHA-256:3A20635A223E68418C22858413E8C603AAC25723DE1CB0F54DD675349EC3213D
                                                                                                                                                                                                              SHA-512:B7ACD6882B4D36B52F1E49E4B61DDD025DE8503F765B72C94EC5A0D85B6CED513C348F7C4898675728C851A2632AD71C78937CDEC9DFF994B7B27ED2D85CDDDD
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......v.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.966611818374333
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:0vp5WMuXhWWWO5A9YOCAs/nGfe4pBjS7C8WYyieHaVWQ4SWTqnajGppoCfAP3pnO:0vzW7hWa57A0GftpBjYg6ilCXpfAPZN0
                                                                                                                                                                                                              MD5:2A61E4E21BF255107884B6520AF5BBCC
                                                                                                                                                                                                              SHA1:884EB1A835BCDE4E7FD98134F0BE797229F4239A
                                                                                                                                                                                                              SHA-256:64742EE0729CBE72555247B0165FAE03BEA7A6B0147869253DAE3BB0072173E8
                                                                                                                                                                                                              SHA-512:D0CA104904352586BBD3DA654125B3DF9355FE250938A465E8E900D135CEC397F1118FDF54829B076DF82B8E45FCD7656C2C7AA33AD3C0AF5189F7A55E43F498
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......B.....@......................... ...G............ ...................<..............8............................................................................text...g........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processenvironment-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.966611818374333
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:0vp5WMuXhWWWO5A9YOCAs/nGfe4pBjS7C8WYyieHaVWQ4SWTqnajGppoCfAP3pnO:0vzW7hWa57A0GftpBjYg6ilCXpfAPZN0
                                                                                                                                                                                                              MD5:2A61E4E21BF255107884B6520AF5BBCC
                                                                                                                                                                                                              SHA1:884EB1A835BCDE4E7FD98134F0BE797229F4239A
                                                                                                                                                                                                              SHA-256:64742EE0729CBE72555247B0165FAE03BEA7A6B0147869253DAE3BB0072173E8
                                                                                                                                                                                                              SHA-512:D0CA104904352586BBD3DA654125B3DF9355FE250938A465E8E900D135CEC397F1118FDF54829B076DF82B8E45FCD7656C2C7AA33AD3C0AF5189F7A55E43F498
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0......B.....@......................... ...G............ ...................<..............8............................................................................text...g........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20672
                                                                                                                                                                                                              Entropy (8bit):6.994995569868269
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:07k1JzNcKSIZW7hWZwIp68A0GftpBj3Ng6g/l5AVgkqZ:0CcKSPqipNg+V8
                                                                                                                                                                                                              MD5:D5C4B8F7260563F72150A84FE884EE31
                                                                                                                                                                                                              SHA1:DAE1185359ED25A4974504CD1CEAACDE28D4318E
                                                                                                                                                                                                              SHA-256:02839F3B2BDF6ADFC89D2F800CC8ACDA59A40C3E7CE14EF3026F4C72E202297D
                                                                                                                                                                                                              SHA-512:09CA23413EECF1DF94AA36E53FC6FFF0F402F21EDA2EF79BE6AA087818A5BB82ED98DB790A2B5CF4EF91A8F70D8E27F56313BC2054A26872D2CAD611C472F0B7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......q....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20672
                                                                                                                                                                                                              Entropy (8bit):6.994995569868269
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:07k1JzNcKSIZW7hWZwIp68A0GftpBj3Ng6g/l5AVgkqZ:0CcKSPqipNg+V8
                                                                                                                                                                                                              MD5:D5C4B8F7260563F72150A84FE884EE31
                                                                                                                                                                                                              SHA1:DAE1185359ED25A4974504CD1CEAACDE28D4318E
                                                                                                                                                                                                              SHA-256:02839F3B2BDF6ADFC89D2F800CC8ACDA59A40C3E7CE14EF3026F4C72E202297D
                                                                                                                                                                                                              SHA-512:09CA23413EECF1DF94AA36E53FC6FFF0F402F21EDA2EF79BE6AA087818A5BB82ED98DB790A2B5CF4EF91A8F70D8E27F56313BC2054A26872D2CAD611C472F0B7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......q....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.006412915673589
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0mDfIehW7hW+wIp68A0GftpBjnJTYg67l5AVgk99:0xeKHiVJTYg7VX9
                                                                                                                                                                                                              MD5:F61B9ECB79CD20FC2E8FCE87286CFE43
                                                                                                                                                                                                              SHA1:7A48ACCBE43E156F886F1F2836F74E1043FEEC59
                                                                                                                                                                                                              SHA-256:BFA24F94BA095174B82D3657F8ECC689EAB8FF380C69B1C9A7E311EB70D66386
                                                                                                                                                                                                              SHA-512:42AB62087BBC9FC9C9003AE96EBB9E9BBFA3DB4EB74BD6746DA035D53D1002015D8482ECB92620EC65C42B8B2B41D9B0A7793E105B0CF8CB6F713A2BC03241DB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......s....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-processthreads-l1-1-1.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.006412915673589
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:0mDfIehW7hW+wIp68A0GftpBjnJTYg67l5AVgk99:0xeKHiVJTYg7VX9
                                                                                                                                                                                                              MD5:F61B9ECB79CD20FC2E8FCE87286CFE43
                                                                                                                                                                                                              SHA1:7A48ACCBE43E156F886F1F2836F74E1043FEEC59
                                                                                                                                                                                                              SHA-256:BFA24F94BA095174B82D3657F8ECC689EAB8FF380C69B1C9A7E311EB70D66386
                                                                                                                                                                                                              SHA-512:42AB62087BBC9FC9C9003AE96EBB9E9BBFA3DB4EB74BD6746DA035D53D1002015D8482ECB92620EC65C42B8B2B41D9B0A7793E105B0CF8CB6F713A2BC03241DB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......s....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18112
                                                                                                                                                                                                              Entropy (8bit):7.08746344291522
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:03adW7hWDwIp68A0GftpBj8ng6YlcEbP7JsNE:07ciingbln
                                                                                                                                                                                                              MD5:A472BD416BDC12668523670360650910
                                                                                                                                                                                                              SHA1:831D930EF9917E0DCCACD8E7F7FD6F3D90082441
                                                                                                                                                                                                              SHA-256:48DCEEEA29558966C391CDA34E5755386C2E7E252EA0A03D8D1F21E3CB370C5B
                                                                                                                                                                                                              SHA-512:166134E6C3403F4437E10AFB514A55677481D3B03F7CFDF17917A0BB6FA1F387FEAE58D7DD5DFBC375EAE66D24F10C3163BA5958C22BEB6978C0B778C2883B6F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-profile-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18112
                                                                                                                                                                                                              Entropy (8bit):7.08746344291522
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:03adW7hWDwIp68A0GftpBj8ng6YlcEbP7JsNE:07ciingbln
                                                                                                                                                                                                              MD5:A472BD416BDC12668523670360650910
                                                                                                                                                                                                              SHA1:831D930EF9917E0DCCACD8E7F7FD6F3D90082441
                                                                                                                                                                                                              SHA-256:48DCEEEA29558966C391CDA34E5755386C2E7E252EA0A03D8D1F21E3CB370C5B
                                                                                                                                                                                                              SHA-512:166134E6C3403F4437E10AFB514A55677481D3B03F7CFDF17917A0BB6FA1F387FEAE58D7DD5DFBC375EAE66D24F10C3163BA5958C22BEB6978C0B778C2883B6F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18112
                                                                                                                                                                                                              Entropy (8bit):7.08764693438697
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:fGj5WMuXhWBAO5A9YOCAs/nGfe4pBjSfCyefWYyieHaVWQ4mWXvqnajY1n+htP7G:fGtW7hWF57A0GftpBjrnVg6klcEbP7J4
                                                                                                                                                                                                              MD5:525A156E0FF61306FD44BF7937CACFAE
                                                                                                                                                                                                              SHA1:6A9A88317A55C939C0CB9F77256F5C3F961D0562
                                                                                                                                                                                                              SHA-256:41C69B545D931045A280F83B2F5FBE0EA18C35AC42DFCA54B661B42FE8E4F982
                                                                                                                                                                                                              SHA-512:C99147EBA45E9561B7A2802B0C15A2DF2AC886CE95A95F2980F8BF4D1DFF92A69B94F11CD17383B577303F24295B1B7E52B8C80AD26C0BB08862C726B9CD8841
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......Z....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18112
                                                                                                                                                                                                              Entropy (8bit):7.08764693438697
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:fGj5WMuXhWBAO5A9YOCAs/nGfe4pBjSfCyefWYyieHaVWQ4mWXvqnajY1n+htP7G:fGtW7hWF57A0GftpBjrnVg6klcEbP7J4
                                                                                                                                                                                                              MD5:525A156E0FF61306FD44BF7937CACFAE
                                                                                                                                                                                                              SHA1:6A9A88317A55C939C0CB9F77256F5C3F961D0562
                                                                                                                                                                                                              SHA-256:41C69B545D931045A280F83B2F5FBE0EA18C35AC42DFCA54B661B42FE8E4F982
                                                                                                                                                                                                              SHA-512:C99147EBA45E9561B7A2802B0C15A2DF2AC886CE95A95F2980F8BF4D1DFF92A69B94F11CD17383B577303F24295B1B7E52B8C80AD26C0BB08862C726B9CD8841
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L......V...........!......................... ...............................0.......Z....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.028491444641698
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:cyMvhW7hWMwIp68A0GftpBjT0i0g6hlcEbP7JI:cyMvK5iN6galI
                                                                                                                                                                                                              MD5:E57EC98E69961E45CC7A4E0666D26B7D
                                                                                                                                                                                                              SHA1:70462A1D68BF49908FCB7186743A47A1AFFC5D7D
                                                                                                                                                                                                              SHA-256:52C9B061C4C74EEB70019EDDE2B690C7E9D9744979A3B718D6687B3A83F00DEF
                                                                                                                                                                                                              SHA-512:4A450BCBCE0EB3F98F78AF07673227A55CDF8E7840FA892196CBB8D0F90551B32731F70F171644F8097FDA97D57CAA4B7430023671B19881764613231A20CDC9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......>q....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-string-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.028491444641698
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:cyMvhW7hWMwIp68A0GftpBjT0i0g6hlcEbP7JI:cyMvK5iN6galI
                                                                                                                                                                                                              MD5:E57EC98E69961E45CC7A4E0666D26B7D
                                                                                                                                                                                                              SHA1:70462A1D68BF49908FCB7186743A47A1AFFC5D7D
                                                                                                                                                                                                              SHA-256:52C9B061C4C74EEB70019EDDE2B690C7E9D9744979A3B718D6687B3A83F00DEF
                                                                                                                                                                                                              SHA-512:4A450BCBCE0EB3F98F78AF07673227A55CDF8E7840FA892196CBB8D0F90551B32731F70F171644F8097FDA97D57CAA4B7430023671B19881764613231A20CDC9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......>q....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20672
                                                                                                                                                                                                              Entropy (8bit):6.948090885386217
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:Vdv3V0dfpkXc0vVa/W7hWswIp68A0GftpBjuFceg6nlcEbP7JnH:Vdv3VqpkXc0vVaAVioFjgklH
                                                                                                                                                                                                              MD5:99572AE21D1C8AFE3D02F1124979E911
                                                                                                                                                                                                              SHA1:5B17ADDC80B1406A3EAA615F5E37D92E953A0BB7
                                                                                                                                                                                                              SHA-256:E7D39DCB79D739EC030E9A4E2165B264A24C400566056E1FDA267FDD1A8B36BD
                                                                                                                                                                                                              SHA-512:27CA8149D1F0C625DE90A3F4CD4A4930AB0C1362EE10A7131EBFD2A88065C2A34C8AD7FB6D95CE33072146B9309488CBFE122984606D631B99D925E3FC42FCFF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0............@.............................V............ ...................<..............8............................................................................text...f........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20672
                                                                                                                                                                                                              Entropy (8bit):6.948090885386217
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:Vdv3V0dfpkXc0vVa/W7hWswIp68A0GftpBjuFceg6nlcEbP7JnH:Vdv3VqpkXc0vVaAVioFjgklH
                                                                                                                                                                                                              MD5:99572AE21D1C8AFE3D02F1124979E911
                                                                                                                                                                                                              SHA1:5B17ADDC80B1406A3EAA615F5E37D92E953A0BB7
                                                                                                                                                                                                              SHA-256:E7D39DCB79D739EC030E9A4E2165B264A24C400566056E1FDA267FDD1A8B36BD
                                                                                                                                                                                                              SHA-512:27CA8149D1F0C625DE90A3F4CD4A4930AB0C1362EE10A7131EBFD2A88065C2A34C8AD7FB6D95CE33072146B9309488CBFE122984606D631B99D925E3FC42FCFF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0............@.............................V............ ...................<..............8............................................................................text...f........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.039201032037828
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:FtZ3IW7hWzwIp68A0GftpBjXHg6GTlcEbP7Ji9a:zoiJHgrlD
                                                                                                                                                                                                              MD5:E4110AA5C8A32B63DE2C85E0BC297C54
                                                                                                                                                                                                              SHA1:6039680F47750CF56D0C9A1768DE815A44B83DE7
                                                                                                                                                                                                              SHA-256:01BB32D692B86EBB39A76893125E0F3AAF957C6E4BD682FB46EAC32F6FB65BE7
                                                                                                                                                                                                              SHA-512:0631EA8224403CA113DFF9B17852E92C1FCB2820E4F335B668B12689D2A8F058BA33905692F2FD0F4897F8F766DB816747EC95478D854B75A0803D2C899E6D98
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......c.....@.............................v............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-synch-l1-2-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.039201032037828
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:FtZ3IW7hWzwIp68A0GftpBjXHg6GTlcEbP7Ji9a:zoiJHgrlD
                                                                                                                                                                                                              MD5:E4110AA5C8A32B63DE2C85E0BC297C54
                                                                                                                                                                                                              SHA1:6039680F47750CF56D0C9A1768DE815A44B83DE7
                                                                                                                                                                                                              SHA-256:01BB32D692B86EBB39A76893125E0F3AAF957C6E4BD682FB46EAC32F6FB65BE7
                                                                                                                                                                                                              SHA-512:0631EA8224403CA113DFF9B17852E92C1FCB2820E4F335B668B12689D2A8F058BA33905692F2FD0F4897F8F766DB816747EC95478D854B75A0803D2C899E6D98
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......c.....@.............................v............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.967584438717776
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:R9UJW7hWLwIp68A0GftpBjv6fcg6DlCXpfAPc:R9USIiVmcg8Pc
                                                                                                                                                                                                              MD5:A13048905FC64CD2103094C871C6D826
                                                                                                                                                                                                              SHA1:CEBB1A74BD5196A3FE174A20543335074A1B7397
                                                                                                                                                                                                              SHA-256:FB23439A5982E723E8E4AE1A5A35F9BBBFBA1E76FEB4596668F57093B231DA6B
                                                                                                                                                                                                              SHA-512:E23EFFC6C17177D07F43955CC8FFA17ED05CC2C0A6430078B37DE8536170DC3CB4F8970EBA1049B10A789AB5ACB423745F9D842DAC4D63D5714751186A3F071D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......)~....@.............................E............ ...................<..............8............................................................................text...U........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-sysinfo-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.967584438717776
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:R9UJW7hWLwIp68A0GftpBjv6fcg6DlCXpfAPc:R9USIiVmcg8Pc
                                                                                                                                                                                                              MD5:A13048905FC64CD2103094C871C6D826
                                                                                                                                                                                                              SHA1:CEBB1A74BD5196A3FE174A20543335074A1B7397
                                                                                                                                                                                                              SHA-256:FB23439A5982E723E8E4AE1A5A35F9BBBFBA1E76FEB4596668F57093B231DA6B
                                                                                                                                                                                                              SHA-512:E23EFFC6C17177D07F43955CC8FFA17ED05CC2C0A6430078B37DE8536170DC3CB4F8970EBA1049B10A789AB5ACB423745F9D842DAC4D63D5714751186A3F071D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......)~....@.............................E............ ...................<..............8............................................................................text...U........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.072372254691121
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:JW7hWUwIp68A0GftpBjtSg60TwlcEbP7Jira:SBibSgJElira
                                                                                                                                                                                                              MD5:00B548BF3EAB7A6DEBCE296EE5E877DE
                                                                                                                                                                                                              SHA1:AE18022EB78C192AC3BAEE32664B9EB011194772
                                                                                                                                                                                                              SHA-256:D592B91A087C001F9EA38DC5912A90C78FAD3A368879D04FD7E5650ED374C8DC
                                                                                                                                                                                                              SHA-512:3BA15D9A0F1680C2B182CF04FBBFCB0D4F1B607519C161C590928930AD1B3EBA8BD417575A51305B9552F0ABF0064C74267336EC09CEA709AED9228E4EAC799E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......B.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-timezone-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):7.072372254691121
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:JW7hWUwIp68A0GftpBjtSg60TwlcEbP7Jira:SBibSgJElira
                                                                                                                                                                                                              MD5:00B548BF3EAB7A6DEBCE296EE5E877DE
                                                                                                                                                                                                              SHA1:AE18022EB78C192AC3BAEE32664B9EB011194772
                                                                                                                                                                                                              SHA-256:D592B91A087C001F9EA38DC5912A90C78FAD3A368879D04FD7E5650ED374C8DC
                                                                                                                                                                                                              SHA-512:3BA15D9A0F1680C2B182CF04FBBFCB0D4F1B607519C161C590928930AD1B3EBA8BD417575A51305B9552F0ABF0064C74267336EC09CEA709AED9228E4EAC799E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......B.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.984809628009301
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:oW7hW+AwIp68A0GftpBjR71g608lCXpfAPy:NJ2i71gOPy
                                                                                                                                                                                                              MD5:96D9965EA02EEFEADF1F122DFA724449
                                                                                                                                                                                                              SHA1:C6F9EB1BABE64B30FB1FF6B74E93DB8AC41D1294
                                                                                                                                                                                                              SHA-256:4F31B2888CA82BD1FF40D71E2D11500456B99940DD469BFB097FCD304676FA38
                                                                                                                                                                                                              SHA-512:4018EAE1E00899A5BD392C9B4F25561CF03292011F52387EDD77058F49BD1B7456570F0108338088E5711BF5D6BA33AEB2C7BCD5D24D2744B173FF75BBA0347B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......S"....@.............................9............ ...................<..............8............................................................................text...I........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-core-util-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):18624
                                                                                                                                                                                                              Entropy (8bit):6.984809628009301
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:oW7hW+AwIp68A0GftpBjR71g608lCXpfAPy:NJ2i71gOPy
                                                                                                                                                                                                              MD5:96D9965EA02EEFEADF1F122DFA724449
                                                                                                                                                                                                              SHA1:C6F9EB1BABE64B30FB1FF6B74E93DB8AC41D1294
                                                                                                                                                                                                              SHA-256:4F31B2888CA82BD1FF40D71E2D11500456B99940DD469BFB097FCD304676FA38
                                                                                                                                                                                                              SHA-512:4018EAE1E00899A5BD392C9B4F25561CF03292011F52387EDD77058F49BD1B7456570F0108338088E5711BF5D6BA33AEB2C7BCD5D24D2744B173FF75BBA0347B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....&.V...........!......................... ...............................0......S"....@.............................9............ ...................<..............8............................................................................text...I........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.985576384482665
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:mjsW7hWNwIp68A0GftpBjTqvg6F599QlCXpfAP+:0h6iQvgm599WP+
                                                                                                                                                                                                              MD5:032A139EA3CC41F2BB801CD580759A75
                                                                                                                                                                                                              SHA1:4D88E10BCC4E75EDC83BCA578510D53FC827AA1A
                                                                                                                                                                                                              SHA-256:905F86530C56C9B453DD8BD9770440DE0F6F35AA84B171DE747A04D112E35AAD
                                                                                                                                                                                                              SHA-512:4F574DFE92E90C7D6F162C0B69DD56C96031790ABE15E52121C7E44980BBAB86914EE06FC153FA5F3A77C4F1C6E4C24D7044507880A80B587872477708506A50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0......&.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-conio-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.985576384482665
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:mjsW7hWNwIp68A0GftpBjTqvg6F599QlCXpfAP+:0h6iQvgm599WP+
                                                                                                                                                                                                              MD5:032A139EA3CC41F2BB801CD580759A75
                                                                                                                                                                                                              SHA1:4D88E10BCC4E75EDC83BCA578510D53FC827AA1A
                                                                                                                                                                                                              SHA-256:905F86530C56C9B453DD8BD9770440DE0F6F35AA84B171DE747A04D112E35AAD
                                                                                                                                                                                                              SHA-512:4F574DFE92E90C7D6F162C0B69DD56C96031790ABE15E52121C7E44980BBAB86914EE06FC153FA5F3A77C4F1C6E4C24D7044507880A80B587872477708506A50
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0......&.....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22720
                                                                                                                                                                                                              Entropy (8bit):6.833535064426485
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:CuyVW7hWr57A0GftpBjt9g67mlCXpfAP24m:l+PiD9gVPDm
                                                                                                                                                                                                              MD5:94E386A317FAA200AA1DC270CE54E5FD
                                                                                                                                                                                                              SHA1:E352CED285C04378BC3F6AF4B30FA69DF70B8974
                                                                                                                                                                                                              SHA-256:E4CCD13D5861E3E28984FC7263D79B580A0BC7BBE0D234ED8F1A69706EF908F3
                                                                                                                                                                                                              SHA-512:F622D303ADECDCE6FF88ACC779D108556C2FDBE1F4140092D2D637C2FC1AAF651C1798291239E1334AABEA702D7D380150922ABD4E0122CBFC9C079A64DC0E76
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...3).V...........!.........................0...............................@.......C....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-convert-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):22720
                                                                                                                                                                                                              Entropy (8bit):6.833535064426485
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:CuyVW7hWr57A0GftpBjt9g67mlCXpfAP24m:l+PiD9gVPDm
                                                                                                                                                                                                              MD5:94E386A317FAA200AA1DC270CE54E5FD
                                                                                                                                                                                                              SHA1:E352CED285C04378BC3F6AF4B30FA69DF70B8974
                                                                                                                                                                                                              SHA-256:E4CCD13D5861E3E28984FC7263D79B580A0BC7BBE0D234ED8F1A69706EF908F3
                                                                                                                                                                                                              SHA-512:F622D303ADECDCE6FF88ACC779D108556C2FDBE1F4140092D2D637C2FC1AAF651C1798291239E1334AABEA702D7D380150922ABD4E0122CBFC9C079A64DC0E76
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...3).V...........!.........................0...............................@.......C....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.969723805441482
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:75WMuXhWWbO5A9YOCAs/nGfe4pBjS7kWYyieHaVWQ4SWGoqnajGppoCfAP3unil:1W7hWF57A0GftpBjHg6DolCXpfAP/
                                                                                                                                                                                                              MD5:E8CCECAC4F06679B9D5E77333D216EE0
                                                                                                                                                                                                              SHA1:377363813D0FC18083BDB0456A66EFB6598A763A
                                                                                                                                                                                                              SHA-256:2CF24C6AAC48261AB04EB616E85DD707417697764F860FC29DD3955DD2C49226
                                                                                                                                                                                                              SHA-512:E37DB74E11138639E3BB02270589F977BFD803D450FF098D474CA461FD1FABC8E646A177A2082FD0A901FBE15225C4D352567A561C453F56AD8E0097838B945E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...`).V...........!......................... ...............................0......./....@............................."............ ...................<..............8............................................................................text...2........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-environment-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):6.969723805441482
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:75WMuXhWWbO5A9YOCAs/nGfe4pBjS7kWYyieHaVWQ4SWGoqnajGppoCfAP3unil:1W7hWF57A0GftpBjHg6DolCXpfAP/
                                                                                                                                                                                                              MD5:E8CCECAC4F06679B9D5E77333D216EE0
                                                                                                                                                                                                              SHA1:377363813D0FC18083BDB0456A66EFB6598A763A
                                                                                                                                                                                                              SHA-256:2CF24C6AAC48261AB04EB616E85DD707417697764F860FC29DD3955DD2C49226
                                                                                                                                                                                                              SHA-512:E37DB74E11138639E3BB02270589F977BFD803D450FF098D474CA461FD1FABC8E646A177A2082FD0A901FBE15225C4D352567A561C453F56AD8E0097838B945E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...`).V...........!......................... ...............................0......./....@............................."............ ...................<..............8............................................................................text...2........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20672
                                                                                                                                                                                                              Entropy (8bit):6.983286020919859
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:xhQTq6nWm5CtW7hWV57A0GftpBjaOlg6ElWlCXpfAPUQ:xhQm6nWm5CGUPivlgJMPUQ
                                                                                                                                                                                                              MD5:42153324A982F848D7A49BB7406125C2
                                                                                                                                                                                                              SHA1:F0878690D23AD0C905F0A6EC37E9EA1EDB813195
                                                                                                                                                                                                              SHA-256:FCD8B213E2E9962B84D1EEC4296BBEFDF4465398A235E118BE12C878FDC08C05
                                                                                                                                                                                                              SHA-512:1710B3FD90210DD6603F2104DE249704CAD9D83ACDC0C6B96AC24E20C4913679B1E4EE41BB7812D919BA76CADB36F7BD8210EE127325FD9DB6B542CF2D0B7F69
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...w).V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-filesystem-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):20672
                                                                                                                                                                                                              Entropy (8bit):6.983286020919859
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:xhQTq6nWm5CtW7hWV57A0GftpBjaOlg6ElWlCXpfAPUQ:xhQm6nWm5CGUPivlgJMPUQ
                                                                                                                                                                                                              MD5:42153324A982F848D7A49BB7406125C2
                                                                                                                                                                                                              SHA1:F0878690D23AD0C905F0A6EC37E9EA1EDB813195
                                                                                                                                                                                                              SHA-256:FCD8B213E2E9962B84D1EEC4296BBEFDF4465398A235E118BE12C878FDC08C05
                                                                                                                                                                                                              SHA-512:1710B3FD90210DD6603F2104DE249704CAD9D83ACDC0C6B96AC24E20C4913679B1E4EE41BB7812D919BA76CADB36F7BD8210EE127325FD9DB6B542CF2D0B7F69
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...w).V...........!......................... ...............................0............@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.952540204031986
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:S1W7hWm57A0GftpBjoN6Dg6VAlCXpfAP/:SudPiaugxP/
                                                                                                                                                                                                              MD5:AAD41D33906CFDB31681CE8276648481
                                                                                                                                                                                                              SHA1:6367D1990873C5AF2F5D05D31EA083FB8B127883
                                                                                                                                                                                                              SHA-256:242CB185643DF586A5F55735E8810B8D2B6B095C78BE206E42CDAAE7665BB2CF
                                                                                                                                                                                                              SHA-512:43B2CF09FCB13211F5BCAB6942050E03DFB9CE36B727727F7C764DF3754F332F04DC81F411E55CAEECFA676C43DD1E977F29B0042C485BABAAAD609C239A84A9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0.......1....@.......................................... ...................<..............8............................................................................text...&........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-heap-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.952540204031986
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:S1W7hWm57A0GftpBjoN6Dg6VAlCXpfAP/:SudPiaugxP/
                                                                                                                                                                                                              MD5:AAD41D33906CFDB31681CE8276648481
                                                                                                                                                                                                              SHA1:6367D1990873C5AF2F5D05D31EA083FB8B127883
                                                                                                                                                                                                              SHA-256:242CB185643DF586A5F55735E8810B8D2B6B095C78BE206E42CDAAE7665BB2CF
                                                                                                                                                                                                              SHA-512:43B2CF09FCB13211F5BCAB6942050E03DFB9CE36B727727F7C764DF3754F332F04DC81F411E55CAEECFA676C43DD1E977F29B0042C485BABAAAD609C239A84A9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0.......1....@.......................................... ...................<..............8............................................................................text...&........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.0308655129029125
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:AZ5WMuXhWBgO5A9YOCAs/nGfe4pBjSfYPLIDWYyieHaVWQ4mW9qnajuJB0zOk:8W7hWp57A0GftpBjp4g6Sl6UzOk
                                                                                                                                                                                                              MD5:BC75B80A80802146E79C383C94542F06
                                                                                                                                                                                                              SHA1:7DA2020A855EA6C003D905551A28AF456E7519C2
                                                                                                                                                                                                              SHA-256:81A7A98E11AE94236F34A82A0D450A1100A9B8E752205248DE0037A764B91A07
                                                                                                                                                                                                              SHA-512:0B6A8F6809F1A39C90BFE58EF0D05D997BE307CB18771FF8FED6539BF7E19EE8CC3BEDC44E1C22F34441DB9B82A6470D3814FC7465D1EA82FA30D37278A0FE65
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...>).V...........!......................... ...............................0......(.....@.............................e............ ...................<..............8............................................................................text...u........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-locale-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.0308655129029125
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:AZ5WMuXhWBgO5A9YOCAs/nGfe4pBjSfYPLIDWYyieHaVWQ4mW9qnajuJB0zOk:8W7hWp57A0GftpBjp4g6Sl6UzOk
                                                                                                                                                                                                              MD5:BC75B80A80802146E79C383C94542F06
                                                                                                                                                                                                              SHA1:7DA2020A855EA6C003D905551A28AF456E7519C2
                                                                                                                                                                                                              SHA-256:81A7A98E11AE94236F34A82A0D450A1100A9B8E752205248DE0037A764B91A07
                                                                                                                                                                                                              SHA-512:0B6A8F6809F1A39C90BFE58EF0D05D997BE307CB18771FF8FED6539BF7E19EE8CC3BEDC44E1C22F34441DB9B82A6470D3814FC7465D1EA82FA30D37278A0FE65
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...>).V...........!......................... ...............................0......(.....@.............................e............ ...................<..............8............................................................................text...u........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):29376
                                                                                                                                                                                                              Entropy (8bit):6.602102091819155
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:/47isbM4Oe5grykfIgTmLOdW7hWX57A0GftpBjBZdIsg6wi0lCXpfAPOm:A1Mq5grxfInO2OPiIsgffPOm
                                                                                                                                                                                                              MD5:1028042A84AEFE816280F22A4517DC68
                                                                                                                                                                                                              SHA1:B3437BEB0E5A6A062678A0B32CEA98F3C5E33580
                                                                                                                                                                                                              SHA-256:4A88F73CAE12080B9A637F76F8AB1B8AC29829817FF03DDD611A25B6981EE573
                                                                                                                                                                                                              SHA-512:1DA4A2D152943447950AE5DE80360741C8A827647D1568C18B026376645F15CC9B5D1915DBDB43278ADEAC1423B20D6E1C97F6AD67CE724A0D91EC84C4E5250C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....(.V...........!.........................@...............................P.......@....@..............................+...........@...............6...<..............8............................................................................text....,.......................... ..`.rsrc........@.......2..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-math-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):29376
                                                                                                                                                                                                              Entropy (8bit):6.602102091819155
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:/47isbM4Oe5grykfIgTmLOdW7hWX57A0GftpBjBZdIsg6wi0lCXpfAPOm:A1Mq5grxfInO2OPiIsgffPOm
                                                                                                                                                                                                              MD5:1028042A84AEFE816280F22A4517DC68
                                                                                                                                                                                                              SHA1:B3437BEB0E5A6A062678A0B32CEA98F3C5E33580
                                                                                                                                                                                                              SHA-256:4A88F73CAE12080B9A637F76F8AB1B8AC29829817FF03DDD611A25B6981EE573
                                                                                                                                                                                                              SHA-512:1DA4A2D152943447950AE5DE80360741C8A827647D1568C18B026376645F15CC9B5D1915DBDB43278ADEAC1423B20D6E1C97F6AD67CE724A0D91EC84C4E5250C
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....(.V...........!.........................@...............................P.......@....@..............................+...........@...............6...<..............8............................................................................text....,.......................... ..`.rsrc........@.......2..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26816
                                                                                                                                                                                                              Entropy (8bit):6.639213878409407
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:2y+Kr6aLPmIHJI6/CpG3t2G3t4odXL7dW7hW557A0GftpBjubg6bRlCXpfAPl7:2ZKrZPmIHJI6l2oPiKgKPl7
                                                                                                                                                                                                              MD5:B7E1023EBBF0E5018C58B5488C03A643
                                                                                                                                                                                                              SHA1:B10D3A570D4A44B87480D015AAC4D04EF3F0A355
                                                                                                                                                                                                              SHA-256:E7238F5E38D3991E9D6219255E8CD951D6DD431402C4B4B295A68BD43EFA3D48
                                                                                                                                                                                                              SHA-512:C5536416AEBA4B37931E2961A29EA4C8679F6D942289325C9067D46B36797E404C0D8DFD01CE997E89BD42A7F084029D2F2D3CD7485B8CEC5E66DB50AC1DF565
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...>).V...........!.....$...................@...............................P.......Y....@.............................. ...........@...............,...<..............8............................................................................text....".......$.................. ..`.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-multibyte-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26816
                                                                                                                                                                                                              Entropy (8bit):6.639213878409407
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:2y+Kr6aLPmIHJI6/CpG3t2G3t4odXL7dW7hW557A0GftpBjubg6bRlCXpfAPl7:2ZKrZPmIHJI6l2oPiKgKPl7
                                                                                                                                                                                                              MD5:B7E1023EBBF0E5018C58B5488C03A643
                                                                                                                                                                                                              SHA1:B10D3A570D4A44B87480D015AAC4D04EF3F0A355
                                                                                                                                                                                                              SHA-256:E7238F5E38D3991E9D6219255E8CD951D6DD431402C4B4B295A68BD43EFA3D48
                                                                                                                                                                                                              SHA-512:C5536416AEBA4B37931E2961A29EA4C8679F6D942289325C9067D46B36797E404C0D8DFD01CE997E89BD42A7F084029D2F2D3CD7485B8CEC5E66DB50AC1DF565
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...>).V...........!.....$...................@...............................P.......Y....@.............................. ...........@...............,...<..............8............................................................................text....".......$.................. ..`.rsrc........@.......(..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):73408
                                                                                                                                                                                                              Entropy (8bit):5.810671570533282
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:4t2b2De5c4bFX2Jy2cvxXWpD9d3334BkZnkPBQbrGk:4w2De5c4bFX2Jy2cvxXWpD9d3334BkZj
                                                                                                                                                                                                              MD5:538057DA2C6EC8B927904346BB808792
                                                                                                                                                                                                              SHA1:1156A3D1A653678B9F85AA64FF65BD3C10510B5E
                                                                                                                                                                                                              SHA-256:F8720E9250C5D5AACE6918E1F67F6105F2CD08C0CF55633D2B6B28032D904E9A
                                                                                                                                                                                                              SHA-512:228531381AE55E7C1A24CFE36101325CD0B95899F2A125C72E82043F13248236171AD89A497E5B1D6C19A5FEBB8D2BD38CB43E81FBD753F3088AAEE1C1791B7D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...#).V...........!................................................................*f....@.............................8................................<..............8............................................................................text...H........................... ..`.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-private-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):73408
                                                                                                                                                                                                              Entropy (8bit):5.810671570533282
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:4t2b2De5c4bFX2Jy2cvxXWpD9d3334BkZnkPBQbrGk:4w2De5c4bFX2Jy2cvxXWpD9d3334BkZj
                                                                                                                                                                                                              MD5:538057DA2C6EC8B927904346BB808792
                                                                                                                                                                                                              SHA1:1156A3D1A653678B9F85AA64FF65BD3C10510B5E
                                                                                                                                                                                                              SHA-256:F8720E9250C5D5AACE6918E1F67F6105F2CD08C0CF55633D2B6B28032D904E9A
                                                                                                                                                                                                              SHA-512:228531381AE55E7C1A24CFE36101325CD0B95899F2A125C72E82043F13248236171AD89A497E5B1D6C19A5FEBB8D2BD38CB43E81FBD753F3088AAEE1C1791B7D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...#).V...........!................................................................*f....@.............................8................................<..............8............................................................................text...H........................... ..`.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.969727973297568
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:rKsW7hWywIp68A0GftpBjv6oEg6fwqtlcEbP7JK:Y/isoEgnq1lK
                                                                                                                                                                                                              MD5:4AA747ECC612240D522C23B51A8BE7C1
                                                                                                                                                                                                              SHA1:B037BE0BC321E9329C7CF0DBF609FDB9B2D82FB4
                                                                                                                                                                                                              SHA-256:ECC116471CCFA09C599D389D71A574EBED01260B9760021A40665C4D8A22257D
                                                                                                                                                                                                              SHA-512:FB8C0D4F661FE6C8CE6CD04A3C0661A2F0B6058223EDBFEA811891AEDD343D006C22A8524BF8508C2CC396853252477D5CF3C520889650A24D661F4964BCE5C9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....(.V...........!......................... ...............................0......#.....@.............................x............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-process-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19648
                                                                                                                                                                                                              Entropy (8bit):6.969727973297568
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:rKsW7hWywIp68A0GftpBjv6oEg6fwqtlcEbP7JK:Y/isoEgnq1lK
                                                                                                                                                                                                              MD5:4AA747ECC612240D522C23B51A8BE7C1
                                                                                                                                                                                                              SHA1:B037BE0BC321E9329C7CF0DBF609FDB9B2D82FB4
                                                                                                                                                                                                              SHA-256:ECC116471CCFA09C599D389D71A574EBED01260B9760021A40665C4D8A22257D
                                                                                                                                                                                                              SHA-512:FB8C0D4F661FE6C8CE6CD04A3C0661A2F0B6058223EDBFEA811891AEDD343D006C22A8524BF8508C2CC396853252477D5CF3C520889650A24D661F4964BCE5C9
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....(.V...........!......................... ...............................0......#.....@.............................x............ ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):23232
                                                                                                                                                                                                              Entropy (8bit):6.861625185870084
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R0CjfhrpIhhf4AN5/jip5WMuXhWBjO5A9YOCAs/nGfe4pBjSfUFWYyieHaVWQ4mn:Rb7hrKYW7hWs57A0GftpBjB/g6Zl6UzJ
                                                                                                                                                                                                              MD5:2F10F2255271B09D58AF75F58476899C
                                                                                                                                                                                                              SHA1:CA37F8E4C99FB178E718E99EED286D1EF32B00FC
                                                                                                                                                                                                              SHA-256:24BC147F7C8A2DFCBE9296D83CE75A1F2C02076D8F6E6C81F6032C927ED5888A
                                                                                                                                                                                                              SHA-512:74D85F5A40BD22EB9C85973BDA5E596C3688096DC78FB6984F84DED4757AE82D77894C4CAE0F24DE77D211BBD869F9A4120A104D7C2ED161B4BB7B8568CF5103
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!.........................0...............................@.......s....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-runtime-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):23232
                                                                                                                                                                                                              Entropy (8bit):6.861625185870084
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:R0CjfhrpIhhf4AN5/jip5WMuXhWBjO5A9YOCAs/nGfe4pBjSfUFWYyieHaVWQ4mn:Rb7hrKYW7hWs57A0GftpBjB/g6Zl6UzJ
                                                                                                                                                                                                              MD5:2F10F2255271B09D58AF75F58476899C
                                                                                                                                                                                                              SHA1:CA37F8E4C99FB178E718E99EED286D1EF32B00FC
                                                                                                                                                                                                              SHA-256:24BC147F7C8A2DFCBE9296D83CE75A1F2C02076D8F6E6C81F6032C927ED5888A
                                                                                                                                                                                                              SHA-512:74D85F5A40BD22EB9C85973BDA5E596C3688096DC78FB6984F84DED4757AE82D77894C4CAE0F24DE77D211BBD869F9A4120A104D7C2ED161B4BB7B8568CF5103
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!.........................0...............................@.......s....@..........................................0...................<..............8............................................................................text............................... ..`.rsrc........0......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24768
                                                                                                                                                                                                              Entropy (8bit):6.789505073274606
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:DUFVhzW7hWhwIp68A0GftpBjq+G+g6eVZl6Uz0yE:gmWinG+g3VpQj
                                                                                                                                                                                                              MD5:65FE48962755451A1A5BAB26E6FD978D
                                                                                                                                                                                                              SHA1:D1322C477FE4FF61EEDF9433B8DEDDEE27F5ADB9
                                                                                                                                                                                                              SHA-256:5A3D9A0A2C1F9B14CB52D9CCE92B761EC1FE0460EA7D994179C96648455EAD84
                                                                                                                                                                                                              SHA-512:940269AF2C3A8B5B43CA936DF1BB5338AE5166F04C34A163B5938895D19BDD7EADC156ADD1B96B5508E06088419A7D8F466F40BF01E64B4C547FBC1B20328ED7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...A).V...........!.........................0...............................@............@.............................a............0...............$...<..............8............................................................................text...q........................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-stdio-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24768
                                                                                                                                                                                                              Entropy (8bit):6.789505073274606
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:DUFVhzW7hWhwIp68A0GftpBjq+G+g6eVZl6Uz0yE:gmWinG+g3VpQj
                                                                                                                                                                                                              MD5:65FE48962755451A1A5BAB26E6FD978D
                                                                                                                                                                                                              SHA1:D1322C477FE4FF61EEDF9433B8DEDDEE27F5ADB9
                                                                                                                                                                                                              SHA-256:5A3D9A0A2C1F9B14CB52D9CCE92B761EC1FE0460EA7D994179C96648455EAD84
                                                                                                                                                                                                              SHA-512:940269AF2C3A8B5B43CA936DF1BB5338AE5166F04C34A163B5938895D19BDD7EADC156ADD1B96B5508E06088419A7D8F466F40BF01E64B4C547FBC1B20328ED7
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L...A).V...........!.........................0...............................@............@.............................a............0...............$...<..............8............................................................................text...q........................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24768
                                                                                                                                                                                                              Entropy (8bit):6.781313271183151
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:B6S5yguNvZ5VQgx3SbwA71IkFbZPirgpVo:Bl5yguNvZ5VQgx3SbwA71IsZbpK
                                                                                                                                                                                                              MD5:A3ECCD7F2F2C45D1553055593278645A
                                                                                                                                                                                                              SHA1:23CD6AED1B198CA515D7ADB213EFAE780FBF0537
                                                                                                                                                                                                              SHA-256:D51DFD972E6DF5E8185DCE0B4EB26DCCB0527C5F1C63BC081677335F69B92B67
                                                                                                                                                                                                              SHA-512:1DBF60F5DF95E72B98B72FACCB52F83585BC0BC5B1F65C259E8568D812461B738BB37C96E72E2F272370788CC7DCD7A8E5A698D9FB2C773CE0E17978C19EF858
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L..."*.V...........!.........................0...............................@............@..........................................0...............$...<..............8............................................................................text............................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-string-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):24768
                                                                                                                                                                                                              Entropy (8bit):6.781313271183151
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:B6S5yguNvZ5VQgx3SbwA71IkFbZPirgpVo:Bl5yguNvZ5VQgx3SbwA71IsZbpK
                                                                                                                                                                                                              MD5:A3ECCD7F2F2C45D1553055593278645A
                                                                                                                                                                                                              SHA1:23CD6AED1B198CA515D7ADB213EFAE780FBF0537
                                                                                                                                                                                                              SHA-256:D51DFD972E6DF5E8185DCE0B4EB26DCCB0527C5F1C63BC081677335F69B92B67
                                                                                                                                                                                                              SHA-512:1DBF60F5DF95E72B98B72FACCB52F83585BC0BC5B1F65C259E8568D812461B738BB37C96E72E2F272370788CC7DCD7A8E5A698D9FB2C773CE0E17978C19EF858
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L..."*.V...........!.........................0...............................@............@..........................................0...............$...<..............8............................................................................text............................... ..`.rsrc........0....... ..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):21184
                                                                                                                                                                                                              Entropy (8bit):6.914950931143945
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:zDW7hWiwIp68A0GftpBjcp+g69xlcEbP7JRR:Avihg+hl3
                                                                                                                                                                                                              MD5:C8F1A3B19E5103751202010805BCE5C9
                                                                                                                                                                                                              SHA1:179CF585CE939D05F9610D4B684E4DDA6F452F76
                                                                                                                                                                                                              SHA-256:D5E2FB8495BBBFB66B2612CD5179C1A5F4746DCDD043ECD474363FFE4A8DEB4F
                                                                                                                                                                                                              SHA-512:879FBE66E5440CBE01BD1814A36345FCE6454196C8457969D2EE9E93B749DF91D0D95B1DA1D368063B7EF2A3ED538449B456EB2C7507A27DE60105A0D37DCB71
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0.......X....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-time-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):21184
                                                                                                                                                                                                              Entropy (8bit):6.914950931143945
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:zDW7hWiwIp68A0GftpBjcp+g69xlcEbP7JRR:Avihg+hl3
                                                                                                                                                                                                              MD5:C8F1A3B19E5103751202010805BCE5C9
                                                                                                                                                                                                              SHA1:179CF585CE939D05F9610D4B684E4DDA6F452F76
                                                                                                                                                                                                              SHA-256:D5E2FB8495BBBFB66B2612CD5179C1A5F4746DCDD043ECD474363FFE4A8DEB4F
                                                                                                                                                                                                              SHA-512:879FBE66E5440CBE01BD1814A36345FCE6454196C8457969D2EE9E93B749DF91D0D95B1DA1D368063B7EF2A3ED538449B456EB2C7507A27DE60105A0D37DCB71
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0.......X....@.......................................... ...................<..............8............................................................................text............................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.023656170989873
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:ZfHQdud5WMuXhWBPO5A9YOCAs/nGfe4pBjSfEWLlhWYyieHaVWQ4mWnqnajuJB08:ZfRW7hWY57A0GftpBjul7g6wl6Uz4
                                                                                                                                                                                                              MD5:E0AEBA2D9D9AE584D6C1AA0F5929526B
                                                                                                                                                                                                              SHA1:3F97B977D8877398D350B373FD441867167BD2BA
                                                                                                                                                                                                              SHA-256:4ECA5B9E5BE5750B0BC03FD74B6D5E351CB6D70FD63D5F740A1A122F906390E0
                                                                                                                                                                                                              SHA-512:CFA02A7AFA052C5149A741500063F110462D272AF417C33BEDEAC6AD3AF424B181144C8045ADC04A44A54DFFCA4639AE3C135F23D64BCFB66F7D3AA980143799
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0............@.............................^............ ...................<..............8............................................................................text...n........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\api-ms-win-crt-utility-l1-1-0.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):19136
                                                                                                                                                                                                              Entropy (8bit):7.023656170989873
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:192:ZfHQdud5WMuXhWBPO5A9YOCAs/nGfe4pBjSfEWLlhWYyieHaVWQ4mWnqnajuJB08:ZfRW7hWY57A0GftpBjul7g6wl6Uz4
                                                                                                                                                                                                              MD5:E0AEBA2D9D9AE584D6C1AA0F5929526B
                                                                                                                                                                                                              SHA1:3F97B977D8877398D350B373FD441867167BD2BA
                                                                                                                                                                                                              SHA-256:4ECA5B9E5BE5750B0BC03FD74B6D5E351CB6D70FD63D5F740A1A122F906390E0
                                                                                                                                                                                                              SHA-512:CFA02A7AFA052C5149A741500063F110462D272AF417C33BEDEAC6AD3AF424B181144C8045ADC04A44A54DFFCA4639AE3C135F23D64BCFB66F7D3AA980143799
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m2..)S..)S..)S....].(S....A.+S....^.(S....C.(S..Rich)S..........................PE..L....).V...........!......................... ...............................0............@.............................^............ ...................<..............8............................................................................text...n........................... ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\concrt140.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):244544
                                                                                                                                                                                                              Entropy (8bit):6.693333083384306
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:wyiwHCJZ3wCkYKX7AOh8mtGcTFBt8Xv9aqd/CSgNcrJ3qy12z/dDhOy:6wrhJGcx8f9aqKNcrVqPzZ
                                                                                                                                                                                                              MD5:48DB05391B6405F67F65D67095CBFDD9
                                                                                                                                                                                                              SHA1:17B78DFE4051AA5E363FD2A5A73E5786F5785BE4
                                                                                                                                                                                                              SHA-256:C1E5D240BC3A1C5B36770110AE35A10FBF7438A5C617E8C751B00BEC10FCE063
                                                                                                                                                                                                              SHA-512:A3C9EF1ED24D30AF0CC46F0474B5E264E065C758F30FC252CE53BC369BEC40F2DFB4C165F634BBF737D284B7A25FE10323D65EF0B805B01DE6783EF0CC58AE1E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.j...9...9...9.].9...9..O9...9...9...9x..8...9x..8...9x..8...9x..8...9x..8 ..9x..8...9x.#9...9x..8...9Rich...9........................PE..L.....V.........."!.........r......@........ ......................................"l....@A........................P....K..4R.......p...............|..@?.......)...*..8............................*..@............P..0............................text............................... ..`.data........ ...,..................@....idata.......P.......:..............@..@.rsrc........p.......L..............@..@.reloc...).......*...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\concrt140.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):244544
                                                                                                                                                                                                              Entropy (8bit):6.693333083384306
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6144:wyiwHCJZ3wCkYKX7AOh8mtGcTFBt8Xv9aqd/CSgNcrJ3qy12z/dDhOy:6wrhJGcx8f9aqKNcrVqPzZ
                                                                                                                                                                                                              MD5:48DB05391B6405F67F65D67095CBFDD9
                                                                                                                                                                                                              SHA1:17B78DFE4051AA5E363FD2A5A73E5786F5785BE4
                                                                                                                                                                                                              SHA-256:C1E5D240BC3A1C5B36770110AE35A10FBF7438A5C617E8C751B00BEC10FCE063
                                                                                                                                                                                                              SHA-512:A3C9EF1ED24D30AF0CC46F0474B5E264E065C758F30FC252CE53BC369BEC40F2DFB4C165F634BBF737D284B7A25FE10323D65EF0B805B01DE6783EF0CC58AE1E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.j...9...9...9.].9...9..O9...9...9...9x..8...9x..8...9x..8...9x..8...9x..8 ..9x..8...9x.#9...9x..8...9Rich...9........................PE..L.....V.........."!.........r......@........ ......................................"l....@A........................P....K..4R.......p...............|..@?.......)...*..8............................*..@............P..0............................text............................... ..`.data........ ...,..................@....idata.......P.......:..............@..@.rsrc........p.......L..............@..@.reloc...).......*...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4622648
                                                                                                                                                                                                              Entropy (8bit):6.436025157274069
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:iKo8EP4vJkrIVK4sIU3HAeLvM5U0QxnoCfTkaPKHUjoRL5C2RElmCs2260ak:i9P4vJkrIVKDIU3HAeLE53WnuvUMfCG
                                                                                                                                                                                                              MD5:BA53F0CC539F5D03B5DDCBC68BA1D207
                                                                                                                                                                                                              SHA1:A7D6D5E4E26A5DD7CD76A1BAAE0AC173B1C85D59
                                                                                                                                                                                                              SHA-256:AAD1BBEE36F08B0B87AA0B14B273F1E6AEAABB1A1500ECC9BFF5500292ADA648
                                                                                                                                                                                                              SHA-512:7FE242BB44EA3F4B6A03727E2E20981DEB31901A9BF626BCF5925B688305CE5AF99C730B3C1BA9EB73A6D9939C91EBB8948C502D622A401ED1AB26D82D9FFAAE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.J.O.J.O.J.7(J.O.J...K.O.J...K.O.J...K.O.J...K.O.J...K.O.J.O.J.O.J...KTN.JP.pJ.O.J.O.J}N.J...K.O.J...K.O.J..DJ.O.J.O,J.O.J...K.O.JRich.O.J........PE..L....^.[...........!......4.........H.........4...............................F.....C.G...@..........................\@......@.......C..............bF.8'....C.......9.T...................D.9......9.@.............4. ............................text.....4.......4................. ..`.rdata...D....4..F....4.............@..@.data....J...@A......(A.............@....gfids..X.....C......>C.............@..@.tls..........C......@C.............@....rsrc.........C......BC.............@..@.reloc........C......HC.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\cpprest140_2_10.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):4622648
                                                                                                                                                                                                              Entropy (8bit):6.436025157274069
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:49152:iKo8EP4vJkrIVK4sIU3HAeLvM5U0QxnoCfTkaPKHUjoRL5C2RElmCs2260ak:i9P4vJkrIVKDIU3HAeLE53WnuvUMfCG
                                                                                                                                                                                                              MD5:BA53F0CC539F5D03B5DDCBC68BA1D207
                                                                                                                                                                                                              SHA1:A7D6D5E4E26A5DD7CD76A1BAAE0AC173B1C85D59
                                                                                                                                                                                                              SHA-256:AAD1BBEE36F08B0B87AA0B14B273F1E6AEAABB1A1500ECC9BFF5500292ADA648
                                                                                                                                                                                                              SHA-512:7FE242BB44EA3F4B6A03727E2E20981DEB31901A9BF626BCF5925B688305CE5AF99C730B3C1BA9EB73A6D9939C91EBB8948C502D622A401ED1AB26D82D9FFAAE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O.J.O.J.O.J.7(J.O.J...K.O.J...K.O.J...K.O.J...K.O.J...K.O.J.O.J.O.J...KTN.JP.pJ.O.J.O.J}N.J...K.O.J...K.O.J..DJ.O.J.O,J.O.J...K.O.JRich.O.J........PE..L....^.[...........!......4.........H.........4...............................F.....C.G...@..........................\@......@.......C..............bF.8'....C.......9.T...................D.9......9.@.............4. ............................text.....4.......4................. ..`.rdata...D....4..F....4.............@..@.data....J...@A......(A.............@....gfids..X.....C......>C.............@..@.tls..........C......@C.............@....rsrc.........C......BC.............@..@.reloc........C......HC.............@..B................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.16466762850375
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:EpE+LvFMcHjBgynzIk2Nyb8E9VF6IYinAM+oaupoou2/P0l:YEuNMcHjnEkeEpYinAMxJZPO
                                                                                                                                                                                                              MD5:1D21E82D0C446756199BB4DA0374F7A4
                                                                                                                                                                                                              SHA1:A4B05F5CC77548F69CB4F21A361B68DD75F8048E
                                                                                                                                                                                                              SHA-256:CD4986C8860D34DD580D3F52EE14EC8D41EC436FC502B0E6A8575BE90BA0ED84
                                                                                                                                                                                                              SHA-512:87AB7B5D3548E3267A9BF80764C419E0F0DD9BFB43F90755E022EF7AE852098C0D8CEA760AEC4BBC3503E8E143DFA2E0F2CA1CFDC29022C6065600CE06CACC63
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6..........>U... ...`....... ...............................D....@..................................T..O....`..8............@...'........................................................... ............... ..H............text...D5... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B................ U......H.......LQ..............P ...0...........................................0.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\de-DE\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.16466762850375
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:EpE+LvFMcHjBgynzIk2Nyb8E9VF6IYinAM+oaupoou2/P0l:YEuNMcHjnEkeEpYinAMxJZPO
                                                                                                                                                                                                              MD5:1D21E82D0C446756199BB4DA0374F7A4
                                                                                                                                                                                                              SHA1:A4B05F5CC77548F69CB4F21A361B68DD75F8048E
                                                                                                                                                                                                              SHA-256:CD4986C8860D34DD580D3F52EE14EC8D41EC436FC502B0E6A8575BE90BA0ED84
                                                                                                                                                                                                              SHA-512:87AB7B5D3548E3267A9BF80764C419E0F0DD9BFB43F90755E022EF7AE852098C0D8CEA760AEC4BBC3503E8E143DFA2E0F2CA1CFDC29022C6065600CE06CACC63
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6..........>U... ...`....... ...............................D....@..................................T..O....`..8............@...'........................................................... ............... ..H............text...D5... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B................ U......H.......LQ..............P ...0...........................................0.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dockEID.json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):108
                                                                                                                                                                                                              Entropy (8bit):3.2006807004351225
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:EcfmBcnhvOmBcB4o0F66jn:Bf2chvO2cBmF66j
                                                                                                                                                                                                              MD5:0BA7699B22971832FB281493DB7C4545
                                                                                                                                                                                                              SHA1:84E905AA566BAA398CD42B62670E438986559F84
                                                                                                                                                                                                              SHA-256:9C27C8E8AF9DB9C93BDEC5981E8348758B8DE6D21F7DA7FD196F88E440C89561
                                                                                                                                                                                                              SHA-512:7DBB7C75AEC1FAC2C83F9084368291508CFFA5B6A8217C258C90B01B2908881B5F226AB4229F2C87A30529208FED2A344397F7843DE010BB2553B38A477E7A3D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":185},.. {"pid":171},.. {"pid":183}].......................................... .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dockEID.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):108
                                                                                                                                                                                                              Entropy (8bit):3.2006807004351225
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:EcfmBcnhvOmBcB4o0F66jn:Bf2chvO2cBmF66j
                                                                                                                                                                                                              MD5:0BA7699B22971832FB281493DB7C4545
                                                                                                                                                                                                              SHA1:84E905AA566BAA398CD42B62670E438986559F84
                                                                                                                                                                                                              SHA-256:9C27C8E8AF9DB9C93BDEC5981E8348758B8DE6D21F7DA7FD196F88E440C89561
                                                                                                                                                                                                              SHA-512:7DBB7C75AEC1FAC2C83F9084368291508CFFA5B6A8217C258C90B01B2908881B5F226AB4229F2C87A30529208FED2A344397F7843DE010BB2553B38A477E7A3D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":185},.. {"pid":171},.. {"pid":183}].......................................... .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dongle.json (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):109
                                                                                                                                                                                                              Entropy (8bit):3.526584263320003
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:EbVPcHmBbXuFYmBbW9mBbQuF66jn:CPcH2zKY2423F66j
                                                                                                                                                                                                              MD5:5BFAD26AD566016F436C5C87CB57BFF4
                                                                                                                                                                                                              SHA1:A50B385D7E4D6FB20911119F3CDE9ABE8F3EBBAD
                                                                                                                                                                                                              SHA-256:B692F6B0EF46CACFAA10F4069D4BC88CCD054E6149B55E15C5E245CC69D25DED
                                                                                                                                                                                                              SHA-512:806525138FB39C8A4C3C83F48151EDC5775EC0D8453F0D8BD051F4F1A50504A6D4631A2579B5E39A2F17BDDC9DA380F5E471CDD2BD6F2906E8B12D54D49309D3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":604},.. {"pid":625},.. {"pid":635},.. {"pid":656}]............................ .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dongle.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):109
                                                                                                                                                                                                              Entropy (8bit):3.526584263320003
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:EbVPcHmBbXuFYmBbW9mBbQuF66jn:CPcH2zKY2423F66j
                                                                                                                                                                                                              MD5:5BFAD26AD566016F436C5C87CB57BFF4
                                                                                                                                                                                                              SHA1:A50B385D7E4D6FB20911119F3CDE9ABE8F3EBBAD
                                                                                                                                                                                                              SHA-256:B692F6B0EF46CACFAA10F4069D4BC88CCD054E6149B55E15C5E245CC69D25DED
                                                                                                                                                                                                              SHA-512:806525138FB39C8A4C3C83F48151EDC5775EC0D8453F0D8BD051F4F1A50504A6D4631A2579B5E39A2F17BDDC9DA380F5E471CDD2BD6F2906E8B12D54D49309D3
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":604},.. {"pid":625},.. {"pid":635},.. {"pid":656}]............................ .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dongleV2.json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):295
                                                                                                                                                                                                              Entropy (8bit):4.396580116389276
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:C/y//2z+g//2vHg//24y//23an//2cBG8y/H0H2cLBy/H0H2t/aF66j:C/G/M/Q8/fG/h//fjGH0HfL0H0Hsa1
                                                                                                                                                                                                              MD5:60D1685C219502B67F777E6322E39DA6
                                                                                                                                                                                                              SHA1:07FCA7B5A4D379E7EB244E4578C132D2C285546B
                                                                                                                                                                                                              SHA-256:FE8BE471FA6BBD88D62B4C9C1305DCCAD43FEEF8C7E6E303F7A06EA7A383C073
                                                                                                                                                                                                              SHA-512:07E3CD2A29E65ED4CBC575A5424BD92075F2E2FC2D6049D50631B4A66AC6472305DCBA3FF3018501E5B5E5677DBF563BA16C8A072AF3773AB2E074FC0E63DECC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":604, "cmdSteer":128},.. {"pid":625, "cmdSteer":128},.. {"pid":635, "cmdSteer":128},.. {"pid":656, "cmdSteer":128},.. {"pid":662, "cmdSteer":128},.. {"pid":164, "cmdSteer":224},.. {"pid":179, "cmdSteer":224},.. {"pid":698, "cmdSteer":128}].......................... .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dongleV2.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):264
                                                                                                                                                                                                              Entropy (8bit):4.378320960601661
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:6:C/y//2z+g//2vHg//24y//23an//2cBG8y/H0H2cLBy/HLZF66j:C/G/M/Q8/fG/h//fjGH0HfL0Hd1
                                                                                                                                                                                                              MD5:C0755B4F4A7A8BCE8C343B6B8D41EF6A
                                                                                                                                                                                                              SHA1:0BC810D82B979F3B84DF3847F28508BAD68D3DB2
                                                                                                                                                                                                              SHA-256:044103626CFB031B8B3736F172257AF5090BDCD097B160D11013C64AE3C710F6
                                                                                                                                                                                                              SHA-512:9CDC9F0DD567DAD666EFF2AA4BC9E3EC7BF8D651D2524156721CEF185C1F35A63FF0E2A8589A745CEDBB9FD228D9427E59401A2CFB46FF3C8A4BA5B0FC6A24C4
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":604, "cmdSteer":128},.. {"pid":625, "cmdSteer":128},.. {"pid":635, "cmdSteer":128},.. {"pid":656, "cmdSteer":128},.. {"pid":662, "cmdSteer":128},.. {"pid":164, "cmdSteer":224},.. {"pid":179, "cmdSteer":224}].......................... .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dummyProt.json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):77
                                                                                                                                                                                                              Entropy (8bit):2.5388201338542005
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Ee0JvAF66jn:D0JvAF66j
                                                                                                                                                                                                              MD5:32A494AA96AEB6A5DE217B3DCE460C3A
                                                                                                                                                                                                              SHA1:6F25AF72B649C174CF8357FC24B727D11EDCF875
                                                                                                                                                                                                              SHA-256:731B66B46AE9477920E21E26F4E30FBB9E2E24BC135A0811568254D23598CE9B
                                                                                                                                                                                                              SHA-512:EB0C39951B79A8684153881881089AF50D7FBB7A423E8CBEFDA226D895420ADEF80A9166D11111F74F4FF520416A2A1E918D842456AE4D6C160BB49AA6F56491
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":3337}]........................................ .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\dummyProt.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):77
                                                                                                                                                                                                              Entropy (8bit):2.5388201338542005
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:Ee0JvAF66jn:D0JvAF66j
                                                                                                                                                                                                              MD5:32A494AA96AEB6A5DE217B3DCE460C3A
                                                                                                                                                                                                              SHA1:6F25AF72B649C174CF8357FC24B727D11EDCF875
                                                                                                                                                                                                              SHA-256:731B66B46AE9477920E21E26F4E30FBB9E2E24BC135A0811568254D23598CE9B
                                                                                                                                                                                                              SHA-512:EB0C39951B79A8684153881881089AF50D7FBB7A423E8CBEFDA226D895420ADEF80A9166D11111F74F4FF520416A2A1E918D842456AE4D6C160BB49AA6F56491
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":3337}]........................................ .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.120628098402113
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:rpEt8sIq5YlhV+Nyb8E9VF6IYinAM+oaupoou2mS/pJ6F:VEt8sIAYjVGEpYinAMxJLj6F
                                                                                                                                                                                                              MD5:AD41BC6648C36534CBA12A3F19520B3D
                                                                                                                                                                                                              SHA1:ABC3269DEB3566D986916E4628C4D99568E360EC
                                                                                                                                                                                                              SHA-256:6800DDE384969AC4045C75B46755E4987C44236A6A9EEF276D76BEAB0CE25D8B
                                                                                                                                                                                                              SHA-512:23D468C046C50E5B7EF96CEE172E0103F4B81B0CAC4742CBBA18FE3A087E2E645F82BFF79A79344BC5219E3433A6A0D3D6DCCDE411ECAC14FDA7379E16F47DBE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6..........nT... ...`....... ....................................@..................................T..S....`..8............@...'........................................................... ............... ..H............text...t4... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B................PT......H.......xP..............P ..&0.........................................."0.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\es-ES\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.120628098402113
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:rpEt8sIq5YlhV+Nyb8E9VF6IYinAM+oaupoou2mS/pJ6F:VEt8sIAYjVGEpYinAMxJLj6F
                                                                                                                                                                                                              MD5:AD41BC6648C36534CBA12A3F19520B3D
                                                                                                                                                                                                              SHA1:ABC3269DEB3566D986916E4628C4D99568E360EC
                                                                                                                                                                                                              SHA-256:6800DDE384969AC4045C75B46755E4987C44236A6A9EEF276D76BEAB0CE25D8B
                                                                                                                                                                                                              SHA-512:23D468C046C50E5B7EF96CEE172E0103F4B81B0CAC4742CBBA18FE3A087E2E645F82BFF79A79344BC5219E3433A6A0D3D6DCCDE411ECAC14FDA7379E16F47DBE
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6..........nT... ...`....... ....................................@..................................T..S....`..8............@...'........................................................... ............... ..H............text...t4... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B................PT......H.......xP..............P ..&0.........................................."0.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.206880330845551
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:PpEPwrGBFbvlnIuLkwXFrGRMAiNyb8E9VF6IYinAM+oaupoou2gBV6:BEPwrGBFbvlnIuLLXk2AiEpYinAMxJK6
                                                                                                                                                                                                              MD5:400A0E68330B21AC1BB043410F3F94F0
                                                                                                                                                                                                              SHA1:BD892330CC841C57C52121984DF163BC0A376252
                                                                                                                                                                                                              SHA-256:79E00269724EDFF90D5877CE9C881B3C1018E3201C1BF23DBE7E3162E431335A
                                                                                                                                                                                                              SHA-512:F6EA74BF56CD1BACC1E3DA6BC9E42AC27CE9EE629E5D403BA47A3C87C9ED8965B6B2EE55FFE62DC4DAA2B35F9A09D0ADD167533F6D6BB7C0211A3EEEE0BB8CFA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6...........U... ...`....... ...................................@..................................U..K....`..8............@...'........................................................... ............... ..H............text....5... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B.................U......H........R..............P ...1...........................................1.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\fr-FR\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.206880330845551
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:PpEPwrGBFbvlnIuLkwXFrGRMAiNyb8E9VF6IYinAM+oaupoou2gBV6:BEPwrGBFbvlnIuLLXk2AiEpYinAMxJK6
                                                                                                                                                                                                              MD5:400A0E68330B21AC1BB043410F3F94F0
                                                                                                                                                                                                              SHA1:BD892330CC841C57C52121984DF163BC0A376252
                                                                                                                                                                                                              SHA-256:79E00269724EDFF90D5877CE9C881B3C1018E3201C1BF23DBE7E3162E431335A
                                                                                                                                                                                                              SHA-512:F6EA74BF56CD1BACC1E3DA6BC9E42AC27CE9EE629E5D403BA47A3C87C9ED8965B6B2EE55FFE62DC4DAA2B35F9A09D0ADD167533F6D6BB7C0211A3EEEE0BB8CFA
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6...........U... ...`....... ...................................@..................................U..K....`..8............@...'........................................................... ............... ..H............text....5... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B.................U......H........R..............P ...1...........................................1.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):27912
                                                                                                                                                                                                              Entropy (8bit):6.293252681714742
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:cpE7LQ5nFBM4i//Nyb8E9VF6IYinAM+oaupoou22IUD:gE7LQ5nFy4i/DEpYinAMxJYh
                                                                                                                                                                                                              MD5:8650C471C7993B09F752D2F1AF5B5144
                                                                                                                                                                                                              SHA1:8D9F451AB5D50FF892AFEF263AA37C70B5986F86
                                                                                                                                                                                                              SHA-256:EF5C97D5A8E0B847565FEA64E397D291C68B91AAE5B99F881CB47AE958098E45
                                                                                                                                                                                                              SHA-512:F64279165B90014B78697EDF386156B52AAC8E91E1D97E4752B4598DDCEA5B2AA3557B7A4ED41FC742034D3A8992AA099FF95D9E5181C340289B811C0810245F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....<..........NZ... ...`....... ...............................?....@..................................Z..K....`..8............F...'........................................................... ............... ..H............text...T:... ...<.................. ..`.rsrc...8....`.......>..............@..@.reloc...............D..............@..B................0Z......H.......`V..............P ...6...........................................6.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ja-JP\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):27912
                                                                                                                                                                                                              Entropy (8bit):6.293252681714742
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:cpE7LQ5nFBM4i//Nyb8E9VF6IYinAM+oaupoou22IUD:gE7LQ5nFy4i/DEpYinAMxJYh
                                                                                                                                                                                                              MD5:8650C471C7993B09F752D2F1AF5B5144
                                                                                                                                                                                                              SHA1:8D9F451AB5D50FF892AFEF263AA37C70B5986F86
                                                                                                                                                                                                              SHA-256:EF5C97D5A8E0B847565FEA64E397D291C68B91AAE5B99F881CB47AE958098E45
                                                                                                                                                                                                              SHA-512:F64279165B90014B78697EDF386156B52AAC8E91E1D97E4752B4598DDCEA5B2AA3557B7A4ED41FC742034D3A8992AA099FF95D9E5181C340289B811C0810245F
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....<..........NZ... ...`....... ...............................?....@..................................Z..K....`..8............F...'........................................................... ............... ..H............text...T:... ...<.................. ..`.rsrc...8....`.......>..............@..@.reloc...............D..............@..B................0Z......H.......`V..............P ...6...........................................6.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.368993898472396
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:CpER0pdryJzZzKbUqNyb8E9VF6IYinAM+oaupoou2kub:eEKpByJzZzKbUqEpYinAMxJV
                                                                                                                                                                                                              MD5:B9C6D0034565EF7C739990E3EEF446CC
                                                                                                                                                                                                              SHA1:BCA7FD160DE09FB24003EC6F80B5C5DD495CB582
                                                                                                                                                                                                              SHA-256:A0F97492AFA6E051153831E6C3DBD49D71266B55A45B12A4AE83BCACEF425275
                                                                                                                                                                                                              SHA-512:2976896DC78D5B5A5A98F601DE63D2A39E746E99DB04B97B0A90824CBB3BA4D03C9F83B650F4752BB63BBC0282A736F518B49978D575D2683746674348A45989
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6...........U... ...`....... ....................................@.................................<U..O....`..8............@...'........................................................... ............... ..H............text....5... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B................pU......H........Q..............P ..I1..........................................E1.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ko-KR\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.368993898472396
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:CpER0pdryJzZzKbUqNyb8E9VF6IYinAM+oaupoou2kub:eEKpByJzZzKbUqEpYinAMxJV
                                                                                                                                                                                                              MD5:B9C6D0034565EF7C739990E3EEF446CC
                                                                                                                                                                                                              SHA1:BCA7FD160DE09FB24003EC6F80B5C5DD495CB582
                                                                                                                                                                                                              SHA-256:A0F97492AFA6E051153831E6C3DBD49D71266B55A45B12A4AE83BCACEF425275
                                                                                                                                                                                                              SHA-512:2976896DC78D5B5A5A98F601DE63D2A39E746E99DB04B97B0A90824CBB3BA4D03C9F83B650F4752BB63BBC0282A736F518B49978D575D2683746674348A45989
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6...........U... ...`....... ....................................@.................................<U..O....`..8............@...'........................................................... ............... ..H............text....5... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B................pU......H........Q..............P ..I1..........................................E1.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\msvcp140.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):443712
                                                                                                                                                                                                              Entropy (8bit):6.649999451038214
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:tH0R7WeZbuswwxRek5Y9OehUgiW6QR7t5s03Ooc8dHkC2esgK35d:tH0R6ehx9Hd03Ooc8dHkC2eZK35d
                                                                                                                                                                                                              MD5:A84A8A708751E2CB1F2BB117E9B7F390
                                                                                                                                                                                                              SHA1:A9378BAE50093465E2EA1567958A1BB656D42149
                                                                                                                                                                                                              SHA-256:F656F0F98CF2510F4E0FE5D5666643028A6B8BAC50BF553C0A464456C0E82934
                                                                                                                                                                                                              SHA-512:609850F700A3147BBD1947C26ECE31AEB0CA70249EC4DCD22F1BDC922FB24B0A20F569DE827D4818F32983B65456BC9A9A0E9C23BA1E8EEBE8520581A814BC49
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yC..=".=".=".....?".4Zv.%".^..>".="..".^..4".^..1".^..+".^..E".^..<".^...<".^..<".Rich=".........PE..L.....V.........."!........................0......................................=.....@A.........................P.......b..,.......................@?.......;..`l..8...........................0...@............`.......M..@....................text...R........................... ..`.data....'...0......................@....idata.......`......................@..@.didat..4............D..............@....rsrc................F..............@..@.reloc...;.......<...J..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\msvcp140.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):443712
                                                                                                                                                                                                              Entropy (8bit):6.649999451038214
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:tH0R7WeZbuswwxRek5Y9OehUgiW6QR7t5s03Ooc8dHkC2esgK35d:tH0R6ehx9Hd03Ooc8dHkC2eZK35d
                                                                                                                                                                                                              MD5:A84A8A708751E2CB1F2BB117E9B7F390
                                                                                                                                                                                                              SHA1:A9378BAE50093465E2EA1567958A1BB656D42149
                                                                                                                                                                                                              SHA-256:F656F0F98CF2510F4E0FE5D5666643028A6B8BAC50BF553C0A464456C0E82934
                                                                                                                                                                                                              SHA-512:609850F700A3147BBD1947C26ECE31AEB0CA70249EC4DCD22F1BDC922FB24B0A20F569DE827D4818F32983B65456BC9A9A0E9C23BA1E8EEBE8520581A814BC49
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......yC..=".=".=".....?".4Zv.%".^..>".="..".^..4".^..1".^..+".^..E".^..<".^...<".^..<".Rich=".........PE..L.....V.........."!........................0......................................=.....@A.........................P.......b..,.......................@?.......;..`l..8...........................0...@............`.......M..@....................text...R........................... ..`.data....'...0......................@....idata.......`......................@..@.didat..4............D..............@....rsrc................F..............@..@.reloc...;.......<...J..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.122090501128217
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:epEZuCWfJhQWer2XNyb8E9VF6IYinAM+oaupoou2jOj:iE/eJhQWer2bEpYinAMxJ4j
                                                                                                                                                                                                              MD5:ABF9E279FE14A5F0CA35D47616C9A592
                                                                                                                                                                                                              SHA1:C49CB7E9B6AEBED3961392C13A04533E3D0B2EF5
                                                                                                                                                                                                              SHA-256:43768C68B1AC723C6D94B341810ADF447A6449300E78980B1A97015DD89D2563
                                                                                                                                                                                                              SHA-512:5F012F2BDD985CC33A7D0E7AD4A296D821DEB1CB4F37FFEAD55D2F139992A1E850ABDFF56FD73705E972D3373C2C769E2DBAA433A58C9FD8432ECCDE0C8528DB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6...........T... ...`....... ..............................].....@..................................S..W....`..8............@...'........................................................... ............... ..H............text...44... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B.................T......H.......4P..............P .../.........................................../.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\pt-BR\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):26376
                                                                                                                                                                                                              Entropy (8bit):6.122090501128217
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:epEZuCWfJhQWer2XNyb8E9VF6IYinAM+oaupoou2jOj:iE/eJhQWer2bEpYinAMxJ4j
                                                                                                                                                                                                              MD5:ABF9E279FE14A5F0CA35D47616C9A592
                                                                                                                                                                                                              SHA1:C49CB7E9B6AEBED3961392C13A04533E3D0B2EF5
                                                                                                                                                                                                              SHA-256:43768C68B1AC723C6D94B341810ADF447A6449300E78980B1A97015DD89D2563
                                                                                                                                                                                                              SHA-512:5F012F2BDD985CC33A7D0E7AD4A296D821DEB1CB4F37FFEAD55D2F139992A1E850ABDFF56FD73705E972D3373C2C769E2DBAA433A58C9FD8432ECCDE0C8528DB
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....6...........T... ...`....... ..............................].....@..................................S..W....`..8............@...'........................................................... ............... ..H............text...44... ...6.................. ..`.rsrc...8....`.......8..............@..@.reloc...............>..............@..B.................T......H.......4P..............P .../.........................................../.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):28424
                                                                                                                                                                                                              Entropy (8bit):6.272715696613889
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:D+pE1FZCwbhF5EYBCMr2GTbd1OYzNyb8E9VF6IYinAM+oaupoou2aO:DCEXZbbh8FGTbdsYvEpYinAMxJ5
                                                                                                                                                                                                              MD5:F72CF732377C92DF755892D9A2A38E78
                                                                                                                                                                                                              SHA1:8E7680FCE5F1C5215912DF1A3E71BBD1AA19605D
                                                                                                                                                                                                              SHA-256:E35D8D1F0F56AF945F72336DA80A1F509C82669F5A44206866DACD878F93D42D
                                                                                                                                                                                                              SHA-512:20AFC4DE3688A4117934E48E322D8889968828B4E0CFE854229325F22AD15090EF1A1FD857A5E27CAC2BBC67BF26D6E4E5BCB90DAF2D3DC2FADEF2EEA851C3AF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....>..........N]... ...`....... ..............................B|....@..................................]..K....`..8............H...'........................................................... ............... ..H............text...T=... ...>.................. ..`.rsrc...8....`.......@..............@..@.reloc...............F..............@..B................0]......H.......`Y..............P ...9...........................................9.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ru-RU\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):28424
                                                                                                                                                                                                              Entropy (8bit):6.272715696613889
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:D+pE1FZCwbhF5EYBCMr2GTbd1OYzNyb8E9VF6IYinAM+oaupoou2aO:DCEXZbbh8FGTbdsYvEpYinAMxJ5
                                                                                                                                                                                                              MD5:F72CF732377C92DF755892D9A2A38E78
                                                                                                                                                                                                              SHA1:8E7680FCE5F1C5215912DF1A3E71BBD1AA19605D
                                                                                                                                                                                                              SHA-256:E35D8D1F0F56AF945F72336DA80A1F509C82669F5A44206866DACD878F93D42D
                                                                                                                                                                                                              SHA-512:20AFC4DE3688A4117934E48E322D8889968828B4E0CFE854229325F22AD15090EF1A1FD857A5E27CAC2BBC67BF26D6E4E5BCB90DAF2D3DC2FADEF2EEA851C3AF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q.kf...........!.....>..........N]... ...`....... ..............................B|....@..................................]..K....`..8............H...'........................................................... ............... ..H............text...T=... ...>.................. ..`.rsrc...8....`.......@..............@..@.reloc...............F..............@..B................0]......H.......`Y..............P ...9...........................................9.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):93496
                                                                                                                                                                                                              Entropy (8bit):6.489818271298372
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:3lMbTqTcOhlyNk+E853H/gaar1OZrMOPSVsWpdbycdlYraWQDzw0VKP7HxD:3eb+zhlyNkG3HYoPUdbzlVWQDzw0VKPh
                                                                                                                                                                                                              MD5:B44AE6E7622313EAAE9F488A26E19345
                                                                                                                                                                                                              SHA1:29E9D9A31E90967C9FBEAAB401E24DE2BF7457D1
                                                                                                                                                                                                              SHA-256:C7C11975E410A35CE9ECF581A5E77F132787D67F63D08DA0A4ADB8CAC697218F
                                                                                                                                                                                                              SHA-512:F4D8855C6361AEC84BD4D294C9FD19C5C411D095F513D09DD069A7565DB98ABA0DEBA497E9E5D14F05D8A94D50C6B3FE75F867EF45C87B00CC864FD3CDF1E055
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............keQ.keQ.keQ..fP.keQ..`P.keQ..aP.keQ..`P.keQ..aP.keQ..fP.keQ..dP.keQ.kdQ.keQ..lP.keQ..eP.keQ...Q.keQ.k.Q.keQ..gP.keQRich.keQ........PE..L....2[f...........!...!............E.....................................................@..........................*.......+..(....`...............F..8'...p...... ...p...........................`...@............................................text...s........................... ..`.rdata...a.......b..................@..@.data........@.......&..............@....rsrc........`.......0..............@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\rzS3detgmr_CWrapper.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):93496
                                                                                                                                                                                                              Entropy (8bit):6.489818271298372
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:3lMbTqTcOhlyNk+E853H/gaar1OZrMOPSVsWpdbycdlYraWQDzw0VKP7HxD:3eb+zhlyNkG3HYoPUdbzlVWQDzw0VKPh
                                                                                                                                                                                                              MD5:B44AE6E7622313EAAE9F488A26E19345
                                                                                                                                                                                                              SHA1:29E9D9A31E90967C9FBEAAB401E24DE2BF7457D1
                                                                                                                                                                                                              SHA-256:C7C11975E410A35CE9ECF581A5E77F132787D67F63D08DA0A4ADB8CAC697218F
                                                                                                                                                                                                              SHA-512:F4D8855C6361AEC84BD4D294C9FD19C5C411D095F513D09DD069A7565DB98ABA0DEBA497E9E5D14F05D8A94D50C6B3FE75F867EF45C87B00CC864FD3CDF1E055
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............keQ.keQ.keQ..fP.keQ..`P.keQ..aP.keQ..`P.keQ..aP.keQ..fP.keQ..dP.keQ.kdQ.keQ..lP.keQ..eP.keQ...Q.keQ.k.Q.keQ..gP.keQRich.keQ........PE..L....2[f...........!...!............E.....................................................@..........................*.......+..(....`...............F..8'...p...... ...p...........................`...@............................................text...s........................... ..`.rdata...a.......b..................@..@.data........@.......&..............@....rsrc........`.......0..............@..@.reloc.......p.......6..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):502584
                                                                                                                                                                                                              Entropy (8bit):6.435552108367775
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:btsVuwN0+VRFCXahKqYu1jRD57nosZBHlZ+Yyc:HFiN57Zdl8K
                                                                                                                                                                                                              MD5:F95ADD4D173F78387D0218257B9C8B24
                                                                                                                                                                                                              SHA1:6EC978A5D9BB04227197395D85DB5A3837A8ED80
                                                                                                                                                                                                              SHA-256:3B8ABF3D3AB5B8B36789479BACD5FD0BBA02D0D6197C0EC1D0F9A2EB1E115881
                                                                                                                                                                                                              SHA-512:E82FC6D17EDCA4CD25B70BB45775A2A6C01C584CCB92F5AB1018A3835531EB5D05E12BDBCB308A59FC21E9233C8947EF4304B2A30881E3E99263F9704C3E26C8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......].^...0...0...0.....0...4...0...3...0...5.:.0...1...0...1...0.R.4...0...1...0.R.1...0...1.O.0...5.6.0...0...0......0.......0...2...0.Rich..0.................PE..L....2[f...........!...!............................................................hU....@.................................l........`..p...............8'...p...R...-..T...................@........-..@............................................text.............................. ..`.rdata..lI.......J..................@..@.data....=... ...$..................@....rsrc...p....`.......*..............@..@.reloc...R...p...T...0..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\rzS3detmgr.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):502584
                                                                                                                                                                                                              Entropy (8bit):6.435552108367775
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12288:btsVuwN0+VRFCXahKqYu1jRD57nosZBHlZ+Yyc:HFiN57Zdl8K
                                                                                                                                                                                                              MD5:F95ADD4D173F78387D0218257B9C8B24
                                                                                                                                                                                                              SHA1:6EC978A5D9BB04227197395D85DB5A3837A8ED80
                                                                                                                                                                                                              SHA-256:3B8ABF3D3AB5B8B36789479BACD5FD0BBA02D0D6197C0EC1D0F9A2EB1E115881
                                                                                                                                                                                                              SHA-512:E82FC6D17EDCA4CD25B70BB45775A2A6C01C584CCB92F5AB1018A3835531EB5D05E12BDBCB308A59FC21E9233C8947EF4304B2A30881E3E99263F9704C3E26C8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......].^...0...0...0.....0...4...0...3...0...5.:.0...1...0...1...0.R.4...0...1...0.R.1...0...1.O.0...5.6.0...0...0......0.......0...2...0.Rich..0.................PE..L....2[f...........!...!............................................................hU....@.................................l........`..p...............8'...p...R...-..T...................@........-..@............................................text.............................. ..`.rdata..lI.......J..................@..@.data....=... ...$..................@....rsrc...p....`.......*..............@..@.reloc...R...p...T...0..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\systems.json

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):495
                                                                                                                                                                                                              Entropy (8bit):3.99753712005902
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:F9b+bVH4NIjbfJo2b9bHoYbu8HkIQHbkbRICZHbEbp9y1bwHc5CHYqHz+J1:cC7kJ1q01
                                                                                                                                                                                                              MD5:775C312110D971862864B91A2379794A
                                                                                                                                                                                                              SHA1:B5A7A80EBD352FD45493F3968EBB2C7735FECB11
                                                                                                                                                                                                              SHA-256:2F2541706F13FD6D3EAAD2628F7B4FA35F0648822EDACB8B92D04CEA42FC5537
                                                                                                                                                                                                              SHA-512:3C3428222FEEF08D3BE3896CCFA72A1AE6EE0CB06E9C11F005439041E3F8AB9263A07F04A6C054E0D82EDABD48AEF9A68ECC45E3FAD8803DDE365E668F9B58FF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":569},.. {"pid":586},.. {"pid":594},.. {"pid":601},.. .. {"pid":570},.. {"pid":581},.. {"pid":587},.. {"pid":589},.. {"pid":595},.. {"pid":612},.. {"pid":630},.. .. {"pid":582},.. {"pid":597},.. {"pid":613},.. .. {"pid":564},.. {"pid":588},.. {"pid":598},.. {"pid":611}, .. .. {"pid":616}, .. {"pid":618},.. {"pid":652},.. {"pid":650},.. {"pid":671},.. {"pid":672},.. {"pid":669},.. {"pid":694},.. {"pid":695},.. {"pid":696}]........................................ .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\systems.json.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):495
                                                                                                                                                                                                              Entropy (8bit):3.99753712005902
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:12:F9b+bVH4NIjbfJo2b9bHoYbu8HkIQHbkbRICZHbEbp9y1bwHc5CHYqHz+J1:cC7kJ1q01
                                                                                                                                                                                                              MD5:775C312110D971862864B91A2379794A
                                                                                                                                                                                                              SHA1:B5A7A80EBD352FD45493F3968EBB2C7735FECB11
                                                                                                                                                                                                              SHA-256:2F2541706F13FD6D3EAAD2628F7B4FA35F0648822EDACB8B92D04CEA42FC5537
                                                                                                                                                                                                              SHA-512:3C3428222FEEF08D3BE3896CCFA72A1AE6EE0CB06E9C11F005439041E3F8AB9263A07F04A6C054E0D82EDABD48AEF9A68ECC45E3FAD8803DDE365E668F9B58FF
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:[{"pid":569},.. {"pid":586},.. {"pid":594},.. {"pid":601},.. .. {"pid":570},.. {"pid":581},.. {"pid":587},.. {"pid":589},.. {"pid":595},.. {"pid":612},.. {"pid":630},.. .. {"pid":582},.. {"pid":597},.. {"pid":613},.. .. {"pid":564},.. {"pid":588},.. {"pid":598},.. {"pid":611}, .. .. {"pid":616}, .. {"pid":618},.. {"pid":652},.. {"pid":650},.. {"pid":671},.. {"pid":672},.. {"pid":669},.. {"pid":694},.. {"pid":695},.. {"pid":696}]........................................ .. .. .. ....

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):921280
                                                                                                                                                                                                              Entropy (8bit):6.820085683737744
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:0oqW/e7NMe7KtlQzn4pz+xJlEIn3FmcvIZPoy4zUkG:d/ehF54pg2
                                                                                                                                                                                                              MD5:015B30309491A911E75748AD69C9E680
                                                                                                                                                                                                              SHA1:2F2243B6EA99689CD54E45B67D9B7D98847F904C
                                                                                                                                                                                                              SHA-256:DD32570B8183A8B117233333153DA29CC8D2AC5B1C868440DD852D9C3F77BAF5
                                                                                                                                                                                                              SHA-512:51159E407021CE78AD64EA91A5E53F59EE15D6D74B9C2891CD6DD532CAE3F1D388198E0CD78648CE067E82FA7F01050B4773D95C5C827439F094B289F0EE0AC8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........`..`3..`3..`3...3..`3..a3/.`3.`.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3Rich..`3................PE..L......V...........!.....J...................`............................................@A........................p|..f............... ................<......TY..@...8...............................@............................................text....H.......J.................. ..`.data........`.......N..............@....idata...............\..............@..@.rsrc... ............r..............@..@.reloc..TY.......Z...x..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\ucrtbase.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                              Size (bytes):921280
                                                                                                                                                                                                              Entropy (8bit):6.820085683737744
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:24576:0oqW/e7NMe7KtlQzn4pz+xJlEIn3FmcvIZPoy4zUkG:d/ehF54pg2
                                                                                                                                                                                                              MD5:015B30309491A911E75748AD69C9E680
                                                                                                                                                                                                              SHA1:2F2243B6EA99689CD54E45B67D9B7D98847F904C
                                                                                                                                                                                                              SHA-256:DD32570B8183A8B117233333153DA29CC8D2AC5B1C868440DD852D9C3F77BAF5
                                                                                                                                                                                                              SHA-512:51159E407021CE78AD64EA91A5E53F59EE15D6D74B9C2891CD6DD532CAE3F1D388198E0CD78648CE067E82FA7F01050B4773D95C5C827439F094B289F0EE0AC8
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........`..`3..`3..`3...3..`3..a3/.`3.`.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3.:.3..`3Rich..`3................PE..L......V...........!.....J...................`............................................@A........................p|..f............... ................<......TY..@...8...............................@............................................text....H.......J.................. ..`.data........`.......N..............@....idata...............\..............@..@.rsrc... ............r..............@..@.reloc..TY.......Z...x..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):271176
                                                                                                                                                                                                              Entropy (8bit):6.552647386897863
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:YCcjou9AliSNuPRrSk+2sIslORcBwzCt4TrHcSUEn8wnrREQ0:Yxou9qivRrSkGdqcECE7R0
                                                                                                                                                                                                              MD5:AF530E084FC969B552DB842D3DE5F285
                                                                                                                                                                                                              SHA1:7D0BCCAD63D6B0F5F4B144ADE34AFB7FB342D22A
                                                                                                                                                                                                              SHA-256:92CD13772DD046E9E8A36343C96E6C145CE9072DC51DE05AEAE4A770CF4B1C33
                                                                                                                                                                                                              SHA-512:C89CB972067F7971C8EAD078A89EBED0D4625A46370C11DDFFBDD3F0E56619B55403D19CBF89AD001DBB9C302501BD3EA0331DBBB2A587B6EF79A5F709562792
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.P..w>V.w>V.w>V...V.w>Vu*?W.w>Vu*=W.w>Vu*;W.w>Vu*:W.w>V..V.w>V.w?Vcw>Vu*7W.w>Vu*>W.w>Vu*.V.w>Vu*<W.w>VRich.w>V........PE..L...U..V.........."!.....8...................P...............................0............@A.............................=..............................H?......4R..pJ..8............................J..@............................................text....6.......8.................. ..`.data....=...P...:...<..............@....idata..L............v..............@..@minATL..............................@..@.rsrc...............................@..@.reloc..4R.......T..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\vccorlib140.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):271176
                                                                                                                                                                                                              Entropy (8bit):6.552647386897863
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:YCcjou9AliSNuPRrSk+2sIslORcBwzCt4TrHcSUEn8wnrREQ0:Yxou9qivRrSkGdqcECE7R0
                                                                                                                                                                                                              MD5:AF530E084FC969B552DB842D3DE5F285
                                                                                                                                                                                                              SHA1:7D0BCCAD63D6B0F5F4B144ADE34AFB7FB342D22A
                                                                                                                                                                                                              SHA-256:92CD13772DD046E9E8A36343C96E6C145CE9072DC51DE05AEAE4A770CF4B1C33
                                                                                                                                                                                                              SHA-512:C89CB972067F7971C8EAD078A89EBED0D4625A46370C11DDFFBDD3F0E56619B55403D19CBF89AD001DBB9C302501BD3EA0331DBBB2A587B6EF79A5F709562792
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......R.P..w>V.w>V.w>V...V.w>Vu*?W.w>Vu*=W.w>Vu*;W.w>Vu*:W.w>V..V.w>V.w?Vcw>Vu*7W.w>Vu*>W.w>Vu*.V.w>Vu*<W.w>VRich.w>V........PE..L...U..V.........."!.....8...................P...............................0............@A.............................=..............................H?......4R..pJ..8............................J..@............................................text....6.......8.................. ..`.data....=...P...:...<..............@....idata..L............v..............@..@minATL..............................@..@.rsrc...............................@..@.reloc..4R.......T..................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):85840
                                                                                                                                                                                                              Entropy (8bit):6.85771318629829
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:4jer1DQwLp57xeH8zIJBj3hGzHcL3CTsQ+Vbc8su0sRXdjjecb+4AXmUkEBd:4jeNQwFFxExBozHcL3CTsQ+Vbc/uecbU
                                                                                                                                                                                                              MD5:B7EBC19A5B23D0D32FF014E30BE26061
                                                                                                                                                                                                              SHA1:EFB3B58B31A27407402A2BE0D41AEE120519C282
                                                                                                                                                                                                              SHA-256:5695560A50ED9746696C0D647E55D77459F5981907C177D086DF36656A978B19
                                                                                                                                                                                                              SHA-512:922D94E80CDFFEB51A1818C52B5C568597307225EED33C7C07E193322C2E9B0C7A5F17F3F4B57F2E22B8AD7F9509CB893BFC6D07D19AF83360DA6C0D807AA93A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................/nn.......6.......................................Z........Rich..........................PE..L......V.........."!........."...............................................P.......e....@A........................@................0..................P?...@....... ..8...........................8 ..@............................................text...T........................... ..`.data...............................@....idata..............................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\vcruntime140.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):85840
                                                                                                                                                                                                              Entropy (8bit):6.85771318629829
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:1536:4jer1DQwLp57xeH8zIJBj3hGzHcL3CTsQ+Vbc8su0sRXdjjecb+4AXmUkEBd:4jeNQwFFxExBozHcL3CTsQ+Vbc/uecbU
                                                                                                                                                                                                              MD5:B7EBC19A5B23D0D32FF014E30BE26061
                                                                                                                                                                                                              SHA1:EFB3B58B31A27407402A2BE0D41AEE120519C282
                                                                                                                                                                                                              SHA-256:5695560A50ED9746696C0D647E55D77459F5981907C177D086DF36656A978B19
                                                                                                                                                                                                              SHA-512:922D94E80CDFFEB51A1818C52B5C568597307225EED33C7C07E193322C2E9B0C7A5F17F3F4B57F2E22B8AD7F9509CB893BFC6D07D19AF83360DA6C0D807AA93A
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................/nn.......6.......................................Z........Rich..........................PE..L......V.........."!........."...............................................P.......e....@A........................@................0..................P?...@....... ..8...........................8 ..@............................................text...T........................... ..`.data...............................@....idata..............................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):25352
                                                                                                                                                                                                              Entropy (8bit):6.328055759440702
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:FpEKVGfgqL83uLo0uxMi8uNyb8E9VF6IYinAM+oaupoou2pYs:nEKVGf3Q3wi8WEpYinAMxJEs
                                                                                                                                                                                                              MD5:37FCE1D0E9A6351F0DDF9C2C4660E6D7
                                                                                                                                                                                                              SHA1:AFEA5DE8A6F212E8D748950BB50C5B9B3DE06593
                                                                                                                                                                                                              SHA-256:94DD34F4D44E924FB0A42B358F8297946B2C71BD72B952EA1025FE35429853E5
                                                                                                                                                                                                              SHA-512:15190DC73E305730C132D123190038ABAFEEB840BED7F3A254775E3A6E14D1DF25D113CF414B7200EB553B8CEA5C8B46FFB55763274C2E4BF3694D030ABB5F0E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.kf...........!.....2...........Q... ...`....... ...............................B....@..................................P..S....`..8............<...'........................................................... ............... ..H............text...41... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................Q......H.......8M..............P ...,...........................................,.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\zh-CHS\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):25352
                                                                                                                                                                                                              Entropy (8bit):6.328055759440702
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:FpEKVGfgqL83uLo0uxMi8uNyb8E9VF6IYinAM+oaupoou2pYs:nEKVGf3Q3wi8WEpYinAMxJEs
                                                                                                                                                                                                              MD5:37FCE1D0E9A6351F0DDF9C2C4660E6D7
                                                                                                                                                                                                              SHA1:AFEA5DE8A6F212E8D748950BB50C5B9B3DE06593
                                                                                                                                                                                                              SHA-256:94DD34F4D44E924FB0A42B358F8297946B2C71BD72B952EA1025FE35429853E5
                                                                                                                                                                                                              SHA-512:15190DC73E305730C132D123190038ABAFEEB840BED7F3A254775E3A6E14D1DF25D113CF414B7200EB553B8CEA5C8B46FFB55763274C2E4BF3694D030ABB5F0E
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.kf...........!.....2...........Q... ...`....... ...............................B....@..................................P..S....`..8............<...'........................................................... ............... ..H............text...41... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................Q......H.......8M..............P ...,...........................................,.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll (copy)

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):25352
                                                                                                                                                                                                              Entropy (8bit):6.378994094513088
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:npEGOp//b2u/FfdgnQudqn4kVNyb8E9VF6IYinAM+oaupoou2IgEn:pEGOp/SQu24kxEpYinAMxJmpn
                                                                                                                                                                                                              MD5:CDBD5F49C4D79E5B041694CB5780A9B6
                                                                                                                                                                                                              SHA1:9E4AC0D0BB8C411AC8B9E17E6F1478961958C360
                                                                                                                                                                                                              SHA-256:E644D4AFC8CBFE464116272969D9F6A41C2A0936D486DAD2EE6E23232F0D7828
                                                                                                                                                                                                              SHA-512:9E4A2698C6639C60786AF4FF981E8444175DC24DD8DEBA4526D519705DD874F176193163F70C66F43510BCDDC440C6A5A7006B4E0A21D217E769449A872DD9FC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.kf...........!.....2...........Q... ...`....... ....................................@..................................Q..K....`..8............<...'........................................................... ............... ..H............text....1... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................Q......H........M..............P ...-...........................................-.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\App\zh-CHT\Razer.RazerInstallerCommon.resources.dll.tmp

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):25352
                                                                                                                                                                                                              Entropy (8bit):6.378994094513088
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:384:npEGOp//b2u/FfdgnQudqn4kVNyb8E9VF6IYinAM+oaupoou2IgEn:pEGOp/SQu24kxEpYinAMxJmpn
                                                                                                                                                                                                              MD5:CDBD5F49C4D79E5B041694CB5780A9B6
                                                                                                                                                                                                              SHA1:9E4AC0D0BB8C411AC8B9E17E6F1478961958C360
                                                                                                                                                                                                              SHA-256:E644D4AFC8CBFE464116272969D9F6A41C2A0936D486DAD2EE6E23232F0D7828
                                                                                                                                                                                                              SHA-512:9E4A2698C6639C60786AF4FF981E8444175DC24DD8DEBA4526D519705DD874F176193163F70C66F43510BCDDC440C6A5A7006B4E0A21D217E769449A872DD9FC
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.kf...........!.....2...........Q... ...`....... ....................................@..................................Q..K....`..8............<...'........................................................... ............... ..H............text....1... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................Q......H........M..............P ...-...........................................-.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP|.i.........cS....W.w........#&.~V..'..p......vB.aQ...yq....w.Z..... V....../4...|<.\...D.y..."..,"...i..`.......1d.O;W..-......7Bk.0(....H.R...2.Q|.....#H....p.3.....q|.(.....G....^...ww..<Q.....P0.8.D..bx.

                                                                                                                                                                                                              C:\Windows\Installer\Razer\Installer\RazerInstaller.exe

                                                                                                                                                                                                              Download File
                                                                                                                                                                                                              Process:C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exe
                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):8063776
                                                                                                                                                                                                              Entropy (8bit):7.955887156069714
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:196608:MVQht26iZrVG5Jf8gpoqZawpmVM1sBW+qv9ve:6QhtDEkf8g2WVVe
                                                                                                                                                                                                              MD5:3F7BAB0F26DF356695B8C993ADD1BD6E
                                                                                                                                                                                                              SHA1:312D3D8C3E6094648DEE137A7FAA7D8F62BF0816
                                                                                                                                                                                                              SHA-256:9530720CE3D53E878FBA11A5C5A6236C5660F5F63A1EA231A489FCA93656A638
                                                                                                                                                                                                              SHA-512:F0A4471937B2F50E8AA01A389876382418E15CA1790643DA8198C511880F702CAA3C6CEBAF9EA836AC0E8BB1C172F796F451F6EEFDB2FC813789C978FA46280A
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....kf.................L..........>j... ........@.. .......................`........{...@..................................i..K....... .............z..'...@....................................................... ............... ..H............text...DJ... ...L.................. ..`.rsrc... ............N..............@..@.reloc.......@......................@..B................ j......H.......DG..."..........8................................................0..O........{....r...po....,..{....r...po.......+....,!.{....-....{....(....}......}.....*..0..O........{....r...po....,..{....r1..po.......+....,!.{....-....{....(....}......}.....*..0..g.......(......o.....+8.o..........rQ..p..(....rQ..p(.........(....u....o.......o....-....u........,...o......*.........DQ.......0............rU..p..(....&..}.....*.0.. .........ra..p..(....&.....}.....{....*.0..........

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                              Entropy (8bit):7.903765609842221
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                              File name:RazerSynapseInstaller_V1.19.0.635.exe
                                                                                                                                                                                                              File size:8'537'864 bytes
                                                                                                                                                                                                              MD5:6d6850d6a3f9cbc2d390ad748f8b36d5
                                                                                                                                                                                                              SHA1:a008fca238cc18c7b6c7e6cc14cc81298117ac9d
                                                                                                                                                                                                              SHA256:2fd29569403b05eaf6973b62a7c391f28006f1e35c6455d016f0047e9b2577e4
                                                                                                                                                                                                              SHA512:e3fe61b782d0bdf0eba63e001cfbad069815834ecb2a8ce789b619cfbc4746b37f4b138a0744170aaa6506ae72417104bc407607a50202ce1ddd223a8f80da69
                                                                                                                                                                                                              SSDEEP:196608:DVQht26iZrVG5Jf8gpoqZawpmVM1sBW+qv9vI:hQhtDEkf8g2WVVI
                                                                                                                                                                                                              TLSH:378623433BF84C57D1BACB7488A281A0C2F2FC52D53DC70B6795269E2E63784A62175F
                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4WA.p6/.p6/.p6/.....}6/......6/.....m6/.Kh,.f6/.Kh*.I6/.Kh+.R6/.....u6/.p6...6/..h&.r6/..h..q6/.p6..q6/..h-.q6/.Richp6/........

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:0739169f8e4d1b17

                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Entrypoint:0x4098b3
                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                              Subsystem:windows cui
                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                              Time Stamp:0x666BD68C [Fri Jun 14 05:35:08 2024 UTC]
                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                              OS Version Major:6
                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                              File Version Major:6
                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                              Import Hash:cba6c57e12ae94ace270fe6678a80a9f

                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                              Error Number:0
                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                              • 26/01/2022 01:00:00 27/02/2025 00:59:59
                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                              • CN=Razer USA Ltd., O=Razer USA Ltd., L=Irvine, S=California, C=US
                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                              Thumbprint MD5:FE1E46391A1C799CABEEC9A17DA785B8
                                                                                                                                                                                                              Thumbprint SHA-1:0F31C62F9E9A852C87553E7E672DBC9A00026366
                                                                                                                                                                                                              Thumbprint SHA-256:13037B6948D7C84D765496C41071DD08C89D1D442EF0605CE1FBC52C87837726
                                                                                                                                                                                                              Serial:06C3E30F101B62FE0A499EB1189012EA

                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                              call 00007FBC887DE8E8h
                                                                                                                                                                                                              jmp 00007FBC887DDF8Ch
                                                                                                                                                                                                              jmp dword ptr [0042615Ch]
                                                                                                                                                                                                              mov ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                                                              mov dword ptr fs:[00000000h], ecx
                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                              pop ebx
                                                                                                                                                                                                              mov esp, ebp
                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                              push ecx
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              mov ecx, dword ptr [ebp-10h]
                                                                                                                                                                                                              xor ecx, ebp
                                                                                                                                                                                                              call 00007FBC887DD986h
                                                                                                                                                                                                              jmp 00007FBC887DE0E0h
                                                                                                                                                                                                              mov ecx, dword ptr [ebp-14h]
                                                                                                                                                                                                              xor ecx, ebp
                                                                                                                                                                                                              call 00007FBC887DD975h
                                                                                                                                                                                                              jmp 00007FBC887DE0CFh
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              push dword ptr fs:[00000000h]
                                                                                                                                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              mov dword ptr [eax], ebp
                                                                                                                                                                                                              mov ebp, eax
                                                                                                                                                                                                              mov eax, dword ptr [00436070h]
                                                                                                                                                                                                              xor eax, ebp
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              push dword ptr [ebp-04h]
                                                                                                                                                                                                              mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                              mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              push dword ptr fs:[00000000h]
                                                                                                                                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              mov dword ptr [eax], ebp
                                                                                                                                                                                                              mov ebp, eax
                                                                                                                                                                                                              mov eax, dword ptr [00436070h]
                                                                                                                                                                                                              xor eax, ebp
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              mov dword ptr [ebp-10h], eax
                                                                                                                                                                                                              push dword ptr [ebp-04h]
                                                                                                                                                                                                              mov dword ptr [ebp-04h], FFFFFFFFh
                                                                                                                                                                                                              lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                                                              mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                              ret
                                                                                                                                                                                                              push eax
                                                                                                                                                                                                              push dword ptr fs:[00000000h]
                                                                                                                                                                                                              lea eax, dword ptr [esp+0Ch]
                                                                                                                                                                                                              sub esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                              push esi
                                                                                                                                                                                                              push edi
                                                                                                                                                                                                              mov dword ptr [eax], ebp

                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                              • [RES] VS2015 UPD3 build 24213
                                                                                                                                                                                                              • [LNK] VS2015 UPD3.1 build 24215

                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x351340x3c.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000x7ea1e0.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x8220000x2708.rsrc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x8260000x2574.reloc
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x328100x70.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x328dc0x18.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x328800x40.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x260000x15c.rdata
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                              Sections

                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                              .text0x10000x241690x242008e86e6e7fcd0d45083e704ede1fa8b54False0.5625608239619377data6.663760863523346IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .rdata0x260000xf8f60xfa0024d94a26858cccaec476c89fa7d49d63False0.477953125data5.4972595388851095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .data0x360000x20c00x120028e7856f7282cad2b2e423dcc3d52fb4False0.2026909722222222DOS executable (block device driver ght (c)3.8170004300251814IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .gfids0x390000x2880x400d78dce83c2c5378d2a9a484e960b9b18False0.3681640625data2.6618190551222565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .tls0x3a0000x90x2001f354d76203061bfdd5a53dae48d5435False0.033203125data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                              .rsrc0x3b0000x7ea1e00x7ea200a54489e84135c21a5e3d75c07d36836eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                              .reloc0x8260000x25740x260036e4ced029872016f6d14fbd7bfe49d1False0.676500822368421data6.526730456339362IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                              Resources

                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                              RT_ICON0x7ebf100x4454PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9880516807683513
                                                                                                                                                                                                              RT_ICON0x7f03680x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.08448184076659174
                                                                                                                                                                                                              RT_ICON0x800b900x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.1018236283371873
                                                                                                                                                                                                              RT_ICON0x80a0380x67e8Device independent bitmap graphic, 80 x 160 x 32, image size 26560EnglishUnited States0.11409774436090225
                                                                                                                                                                                                              RT_ICON0x8108200x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.12000924214417745
                                                                                                                                                                                                              RT_ICON0x815ca80x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.146669815777043
                                                                                                                                                                                                              RT_ICON0x819ed00x32e8Device independent bitmap graphic, 56 x 112 x 32, image size 12992EnglishUnited States0.157305095150399
                                                                                                                                                                                                              RT_ICON0x81d1b80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.17365145228215767
                                                                                                                                                                                                              RT_ICON0x81f7600x1a68Device independent bitmap graphic, 40 x 80 x 32, image size 6720EnglishUnited States0.16715976331360946
                                                                                                                                                                                                              RT_ICON0x8211c80x1588Device independent bitmap graphic, 36 x 72 x 32, image size 5472EnglishUnited States0.17634252539912917
                                                                                                                                                                                                              RT_ICON0x8227500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.18667917448405252
                                                                                                                                                                                                              RT_ICON0x8237f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.26844262295081966
                                                                                                                                                                                                              RT_ICON0x8241800x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.3186046511627907
                                                                                                                                                                                                              RT_ICON0x8248380x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6090425531914894
                                                                                                                                                                                                              RT_RCDATA0x3b3f00x7b0b20PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS WindowsEnglishUnited States0.6360540390014648
                                                                                                                                                                                                              RT_GROUP_ICON0x824ca00xcadataEnglishUnited States0.6782178217821783
                                                                                                                                                                                                              RT_VERSION0x824d700x2e8dataEnglishUnited States0.44623655913978494
                                                                                                                                                                                                              RT_MANIFEST0x8250580x188XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5892857142857143

                                                                                                                                                                                                              Imports

                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                              KERNEL32.dllGetWindowsDirectoryW, FindResourceW, GetLastError, LoadResource, LockResource, SizeofResource, lstrcpynW, CreateProcessW, CloseHandle, HeapSize, CreateFileW, WriteConsoleW, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, SetEvent, ResetEvent, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RaiseException, RtlUnwind, FreeLibrary, LoadLibraryExW, HeapAlloc, HeapReAlloc, HeapFree, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, GetACP, GetFileType, FlushFileBuffers, GetConsoleCP, GetConsoleMode, ReadFile, SetFilePointerEx, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetProcessHeap, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, ReadConsoleW, SetEndOfFile
                                                                                                                                                                                                              SHELL32.dllSHCreateDirectoryExW

                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.472439051 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.472476006 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.472621918 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.488909960 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.488930941 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.353669882 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.353789091 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.360743999 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.360754013 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.361093044 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.407834053 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.417543888 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.463402987 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.717794895 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.721864939 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:42.721884012 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:43.357422113 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:43.358091116 CEST49715443192.168.2.699.86.4.106
                                                                                                                                                                                                              Oct 21, 2024 11:21:43.358134031 CEST4434971599.86.4.106192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:43.358263016 CEST49715443192.168.2.699.86.4.106

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.413568974 CEST6419253192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.425220966 CEST53641921.1.1.1192.168.2.6
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.766593933 CEST5272553192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:21:43.869486094 CEST4917253192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:21:44.694516897 CEST5550953192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:21:46.059806108 CEST5149553192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:21:47.947645903 CEST6269553192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:21:57.410229921 CEST5127453192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:21:57.443197012 CEST5578853192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:22:14.512875080 CEST6513153192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:22:18.445543051 CEST6509953192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:22:34.612735987 CEST6265353192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:22:48.585220098 CEST6169853192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:22:54.777329922 CEST6480553192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:23:09.372946978 CEST5907653192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:23:11.500822067 CEST4927253192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:23:23.585004091 CEST5150353192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:23:36.917655945 CEST5360553192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:23:41.696629047 CEST6524253192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:23:49.723172903 CEST5866553192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:23:56.865304947 CEST5698853192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:24:03.927206993 CEST5735053192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:24:23.751477957 CEST5363553192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:24:24.609858990 CEST6046853192.168.2.61.1.1.1
                                                                                                                                                                                                              Oct 21, 2024 11:24:30.434972048 CEST6291153192.168.2.61.1.1.1

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.413568974 CEST192.168.2.61.1.1.10x78e1Standard query (0)u05srooyhc.execute-api.us-east-1.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.766593933 CEST192.168.2.61.1.1.10x853Standard query (0)discovery.razerapi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:43.869486094 CEST192.168.2.61.1.1.10x7d3aStandard query (0)synapse-3-webservice.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:44.694516897 CEST192.168.2.61.1.1.10xac8Standard query (0)manifest.razerapi.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:46.059806108 CEST192.168.2.61.1.1.10x2fcdStandard query (0)cdn.razersynapse.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:47.947645903 CEST192.168.2.61.1.1.10x775eStandard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:57.410229921 CEST192.168.2.61.1.1.10x1296Standard query (0)assets2.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:57.443197012 CEST192.168.2.61.1.1.10x96a4Standard query (0)deals-assets-cdn.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:14.512875080 CEST192.168.2.61.1.1.10x48a5Standard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:18.445543051 CEST192.168.2.61.1.1.10x1000Standard query (0)deals-assets-cdn.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:34.612735987 CEST192.168.2.61.1.1.10x45aaStandard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:48.585220098 CEST192.168.2.61.1.1.10xf48bStandard query (0)assets2.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:54.777329922 CEST192.168.2.61.1.1.10x311bStandard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:09.372946978 CEST192.168.2.61.1.1.10xc64fStandard query (0)assets2.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:11.500822067 CEST192.168.2.61.1.1.10xc6ccStandard query (0)deals-assets-cdn.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:23.585004091 CEST192.168.2.61.1.1.10xd9ebStandard query (0)deals-assets-cdn.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:36.917655945 CEST192.168.2.61.1.1.10xe779Standard query (0)deals-assets-cdn.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:41.696629047 CEST192.168.2.61.1.1.10x2228Standard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:49.723172903 CEST192.168.2.61.1.1.10xd4bfStandard query (0)assets2.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:56.865304947 CEST192.168.2.61.1.1.10xda19Standard query (0)deals-assets-cdn.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:03.927206993 CEST192.168.2.61.1.1.10x5e3Standard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:23.751477957 CEST192.168.2.61.1.1.10x1cf7Standard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:24.609858990 CEST192.168.2.61.1.1.10x83d0Standard query (0)assets.razerzone.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:30.434972048 CEST192.168.2.61.1.1.10x7458Standard query (0)assets2.razerzone.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.425220966 CEST1.1.1.1192.168.2.60x78e1No error (0)u05srooyhc.execute-api.us-east-1.amazonaws.com99.86.4.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.425220966 CEST1.1.1.1192.168.2.60x78e1No error (0)u05srooyhc.execute-api.us-east-1.amazonaws.com99.86.4.24A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.425220966 CEST1.1.1.1192.168.2.60x78e1No error (0)u05srooyhc.execute-api.us-east-1.amazonaws.com99.86.4.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.425220966 CEST1.1.1.1192.168.2.60x78e1No error (0)u05srooyhc.execute-api.us-east-1.amazonaws.com99.86.4.13A (IP address)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:41.775428057 CEST1.1.1.1192.168.2.60x853No error (0)discovery.razerapi.comdiscovery.razerapi.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:43.878005981 CEST1.1.1.1192.168.2.60x7d3aNo error (0)synapse-3-webservice.razerzone.comsynapse-3-webservice.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:44.702423096 CEST1.1.1.1192.168.2.60xac8No error (0)manifest.razerapi.commanifest.razerapi.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:46.067586899 CEST1.1.1.1192.168.2.60x2fcdNo error (0)cdn.razersynapse.comcdn.razersynapse.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:47.965830088 CEST1.1.1.1192.168.2.60x775eNo error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:57.423701048 CEST1.1.1.1192.168.2.60x1296No error (0)assets2.razerzone.comassets2.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:21:57.455780029 CEST1.1.1.1192.168.2.60x96a4No error (0)deals-assets-cdn.razerzone.comdeals-assets-cdn.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:14.527198076 CEST1.1.1.1192.168.2.60x48a5No error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:18.453027010 CEST1.1.1.1192.168.2.60x1000No error (0)deals-assets-cdn.razerzone.comdeals-assets-cdn.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:34.644875050 CEST1.1.1.1192.168.2.60x45aaNo error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:48.596744061 CEST1.1.1.1192.168.2.60xf48bNo error (0)assets2.razerzone.comassets2.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:22:54.792205095 CEST1.1.1.1192.168.2.60x311bNo error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:09.385654926 CEST1.1.1.1192.168.2.60xc64fNo error (0)assets2.razerzone.comassets2.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:11.508475065 CEST1.1.1.1192.168.2.60xc6ccNo error (0)deals-assets-cdn.razerzone.comdeals-assets-cdn.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:23.592855930 CEST1.1.1.1192.168.2.60xd9ebNo error (0)deals-assets-cdn.razerzone.comdeals-assets-cdn.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:36.927335024 CEST1.1.1.1192.168.2.60xe779No error (0)deals-assets-cdn.razerzone.comdeals-assets-cdn.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:41.717808008 CEST1.1.1.1192.168.2.60x2228No error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:49.735613108 CEST1.1.1.1192.168.2.60xd4bfNo error (0)assets2.razerzone.comassets2.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:23:56.872643948 CEST1.1.1.1192.168.2.60xda19No error (0)deals-assets-cdn.razerzone.comdeals-assets-cdn.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:03.939762115 CEST1.1.1.1192.168.2.60x5e3No error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:23.758996010 CEST1.1.1.1192.168.2.60x1cf7No error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:24.628648996 CEST1.1.1.1192.168.2.60x83d0No error (0)assets.razerzone.comassets.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                              Oct 21, 2024 11:24:30.443568945 CEST1.1.1.1192.168.2.60x7458No error (0)assets2.razerzone.comassets2.razerzone.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • u05srooyhc.execute-api.us-east-1.amazonaws.com

                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                              0192.168.2.64971599.86.4.1064434924C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                              2024-10-21 09:21:42 UTC296OUTPOST /sts HTTP/1.1
                                                                                                                                                                                                              X-Api-Key: ihkodRTss344zqhvkmORG29dNmgEIgJIaCn5DvbY
                                                                                                                                                                                                              authorizationToken: RZR_0000000000000000000000000000
                                                                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                              Host: u05srooyhc.execute-api.us-east-1.amazonaws.com
                                                                                                                                                                                                              Content-Length: 50
                                                                                                                                                                                                              Expect: 100-continue
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              2024-10-21 09:21:42 UTC25INHTTP/1.1 100 Continue
                                                                                                                                                                                                              2024-10-21 09:21:42 UTC50OUTData Raw: 7b 0d 0a 20 20 22 75 75 69 64 22 3a 20 22 52 5a 52 5f 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 22 0d 0a 7d
                                                                                                                                                                                                              Data Ascii: { "uuid": "RZR_0000000000000000000000000000"}
                                                                                                                                                                                                              2024-10-21 09:21:43 UTC1118INHTTP/1.1 200 OK
                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                              Content-Length: 590
                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                              Date: Mon, 21 Oct 2024 09:21:43 GMT
                                                                                                                                                                                                              X-Amzn-Trace-Id: Root=1-67161d26-4cdd9e021fb960f821ab9d8e;Parent=32860a66c3115711;Sampled=0;Lineage=2:9b9bd8e2:0
                                                                                                                                                                                                              x-amzn-RequestId: f01208ee-8d07-4bf1-85a3-cd3905700c0f
                                                                                                                                                                                                              x-amz-apigw-id: f_l-HHCkIAMEHgQ=
                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                              Via: 1.1 a56d6b55603697d6c44b19d4f907baaa.cloudfront.net (CloudFront)
                                                                                                                                                                                                              X-Amz-Cf-Pop: FRA6-C1
                                                                                                                                                                                                              X-Amz-Cf-Id: lj76D6W6nl4C8XcFwRigvDfKMCeguVkdw7XQ_c-XyMFdQyp6Th_OAA==
                                                                                                                                                                                                              {"statusCode": 200, "body": {"AccessKeyId": "ASIA3XSQMA2KCH7HUICB", "SecretAccessKey": "Jt++7Z+D+lb/Uk+pLi0BgK8KhDEayT/bwAq1fiQo", "SessionToken": "FwoGZXIvYXdzEDMaDLRsAhT96VSmGQe3liLFAbTVmYIp8B0warGtX6GMghXLmba8jUTVFRirdV2F6P/L0g9KPE2GE1HsDaaVt21iPO9VzI2IZFSdRrG442SSmpy8JDLgGKg1tst/Y9M52Qkufa3L8zKUQ4hylj0td9ueX007fSDQ5b4A6eDjlhuYrpI09vHBeyTh+j4b7roaZbUYhyduVAOt3w/BlMajzJcvxv/W9jXJzhKlngTv1LiUT3Cozngdg9sYjSoN0QTfL3+Kw+Wd5mVXRtMcLOiDka2imuM1r19vKKe62LgGMi1RigrRBvqTCxR/svVkVkz6csga4Nd1J1vj0ZtJfAVXkiYt0BjkGi4jIwuSyTE=", "Expiration": "2024-10-21 21:21:43+00:00"}, "ip": "155.94.241.186"}


                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                              Start time:05:21:35
                                                                                                                                                                                                              Start date:21/10/2024
                                                                                                                                                                                                              Path:C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\RazerSynapseInstaller_V1.19.0.635.exe"
                                                                                                                                                                                                              Imagebase:0xf60000
                                                                                                                                                                                                              File size:8'537'864 bytes
                                                                                                                                                                                                              MD5 hash:6D6850D6A3F9CBC2D390AD748F8B36D5
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:1
                                                                                                                                                                                                              Start time:05:21:35
                                                                                                                                                                                                              Start date:21/10/2024
                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                              Imagebase:0x7ff66e660000
                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                              Start time:05:21:35
                                                                                                                                                                                                              Start date:21/10/2024
                                                                                                                                                                                                              Path:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:C:\Windows\Installer\Razer\Installer\RazerInstaller.exe
                                                                                                                                                                                                              Imagebase:0x550000
                                                                                                                                                                                                              File size:8'063'776 bytes
                                                                                                                                                                                                              MD5 hash:3F7BAB0F26DF356695B8C993ADD1BD6E
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                              Start time:05:21:38
                                                                                                                                                                                                              Start date:21/10/2024
                                                                                                                                                                                                              Path:C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe
                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                              Commandline:"C:\Windows\Installer\Razer\Installer\App\RazerInstaller.exe"
                                                                                                                                                                                                              Imagebase:0x2a0000
                                                                                                                                                                                                              File size:4'492'040 bytes
                                                                                                                                                                                                              MD5 hash:7046AAC6CAEE64EF664508D999DA39D3
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              No disassembly