URL:

https://rzr.to/axon-download

Full analysis: https://app.any.run/tasks/2bfbffbc-9e60-4dff-9a64-dac803d95c5d
Verdict: Malicious activity
Analysis date: October 16, 2024, 09:46:26
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MD5:

EE6874E02D3FA82F34A160DA48327DBB

SHA1:

4136959ACF8148F61965D37C7D570A9FF18BBD74

SHA256:

24913FE86C214DA0DDD5587E70C2CE8E42D60B6C7FAEFF05A2A0EBC88EE77C18

SSDEEP:

3:N8GHj:2GD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • RazerAxonInstaller.exe (PID: 7536)
      • RazerInstaller.exe (PID: 7640)
      • 1715844274QrwQ95olRazerCentral_v7.16.0.695.exe (PID: 6728)
      • irsetup.exe (PID: 4816)
      • 1728994405oIYh2UhIRazerAxonSetup_1.7.3.0.exe (PID: 7972)
      • 1728994405oIYh2UhIRazerAxonSetup_1.7.3.0.tmp (PID: 7996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5068)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7728)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7324)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2648)
      • MicrosoftEdgeUpdate.exe (PID: 8004)
      • MicrosoftEdge_X64_129.0.2792.89.exe (PID: 6024)

    • The process drops C-runtime libraries

      • RazerInstaller.exe (PID: 7640)
      • irsetup.exe (PID: 4816)
      • 1728994405oIYh2UhIRazerAxonSetup_1.7.3.0.tmp (PID: 7996)

    • Process drops legitimate windows executable

      • RazerInstaller.exe (PID: 7640)
      • irsetup.exe (PID: 4816)
      • 1728994405oIYh2UhIRazerAxonSetup_1.7.3.0.tmp (PID: 7996)
      • MicrosoftEdgeWebview2Setup.exe (PID: 5068)
      • MicrosoftEdgeUpdate.exe (PID: 7508)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7728)
      • MicrosoftEdgeUpdate.exe (PID: 5736)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7324)
      • MicrosoftEdgeUpdate.exe (PID: 2088)
      • MicrosoftEdgeWebview2Setup.exe (PID: 2648)
      • MicrosoftEdgeUpdate.exe (PID: 8004)
      • MicrosoftEdge_X64_129.0.2792.89.exe (PID: 6024)

    • Executes as Windows Service

      • RazerCentralService.exe (PID: 5900)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 7508)
      • MicrosoftEdgeUpdate.exe (PID: 2088)
      • MicrosoftEdgeUpdate.exe (PID: 8004)
      • MicrosoftEdgeUpdate.exe (PID: 5736)

    • Executing commands from a ".bat" file

      • RazerInstaller.exe (PID: 7732)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8004)

    • Starts CMD.EXE for commands execution

      • RazerInstaller.exe (PID: 7732)

    • Application launched itself

      • setup.exe (PID: 7496)

  • INFO

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 5596)

    • Application launched itself

      • chrome.exe (PID: 5596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
205
Monitored processes
61
Malicious processes
12
Suspicious processes
3

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs razeraxoninstaller.exe no specs razeraxoninstaller.exe conhost.exe no specs razerinstaller.exe razerinstaller.exe sppextcomobj.exe no specs slui.exe 1715844274qrwq95olrazercentral_v7.16.0.695.exe irsetup.exe slui.exe razercentralservice.exe 1728994405oiyh2uhirazeraxonsetup_1.7.3.0.exe 1728994405oiyh2uhirazeraxonsetup_1.7.3.0.tmp microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe no specs razercomponentscontroller.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs razeraxon.exe no specs explorer.exe no specs explorer.exe no specs razeraxon.exe no specs razer central.exe no specs microsoftedgewebview2setup.exe cefsharp.browsersubprocess.exe no specs microsoftedgeupdate.exe cefsharp.browsersubprocess.exe no specs cefsharp.browsersubprocess.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs cefsharp.browsersubprocess.exe no specs cefsharp.browsersubprocess.exe no specs cefsharp.browsersubprocess.exe no specs microsoftedge_x64_129.0.2792.89.exe setup.exe no specs setup.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
204"C:\Program Files (x86)\Razer\Razer Axon\win32\RazerComponentsController.exe" install natashaC:\Program Files (x86)\Razer\Razer Axon\win32\RazerComponentsController.exe1728994405oIYh2UhIRazerAxonSetup_1.7.3.0.tmp
User:
admin
Company:
Razer Inc.
Integrity Level:
HIGH
Exit code:
0
Version:
1.0.4.1
300"C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe" --type=renderer --log-severity=info --user-data-dir="C:\Users\admin\AppData\Local\CEF\User Data" --cefsharpexitsub --no-sandbox --log-file="C:\ProgramData\Razer\Razer Central\Logs\cef_admin.log" --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=5504 --field-trial-handle=2516,i,9484641758900160386,17561274128634273558,131072 --disable-features=Vulkan,WebRtcHideLocalIpsWithMdns --host-process-id=6588 /prefetch:1C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exeRazer Central.exe
User:
admin
Company:
The CefSharp Authors
Integrity Level:
MEDIUM
Description:
CefSharp.BrowserSubprocess
Version:
110.0.300.0
696explorer "C:\ProgramData\Razer\RazerAxon\RazerAxon.lnk"C:\Windows\explorer.exeRazerAxon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Explorer
Exit code:
1
Version:
10.0.19041.3758 (WinBuild.160101.0800)
1172"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\MicrosoftEdgeUpdateComRegisterShell64.exe" /user C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.167.21\MicrosoftEdgeUpdateComRegisterShell64.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update COM Registration Helper
Exit code:
0
Version:
1.3.167.21
1500"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3468 --field-trial-handle=1852,i,3737805194003369190,16783562479786758434,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2088"C:\Program Files (x86)\Microsoft\Temp\EUC926.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"C:\Program Files (x86)\Microsoft\Temp\EUC926.tmp\MicrosoftEdgeUpdate.exe
MicrosoftEdgeWebview2Setup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update
Exit code:
2147747592
Version:
1.3.167.21
Modules
Images
c:\program files (x86)\microsoft\temp\euc926.tmp\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ole32.dll
2312C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BC0F41C4-767B-4864-B9F9-081C61621EC8}\EDGEMITMP_D5340.tmp\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=129.0.6668.101 --annotation=exe=C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BC0F41C4-767B-4864-B9F9-081C61621EC8}\EDGEMITMP_D5340.tmp\setup.exe --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=129.0.2792.89 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2a8,0x2d8,0x7ff68ec576f0,0x7ff68ec576fc,0x7ff68ec57708C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\Install\{BC0F41C4-767B-4864-B9F9-081C61621EC8}\EDGEMITMP_D5340.tmp\setup.exesetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Installer
Version:
129.0.2792.89
2648"C:\Program Files (x86)\Razer\Razer Axon\MicrosoftEdgeWebview2Setup.exe"C:\Program Files (x86)\Razer\Razer Axon\MicrosoftEdgeWebview2Setup.exe
RazerAxon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update Setup
Version:
1.3.167.21
3128"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNjcuMjEiIHNoZWxsX3ZlcnNpb249IjEuMy4xNjcuMjEiIGlzbWFjaGluZT0iMCIgc2Vzc2lvbmlkPSJ7NkU2Q0IxOTAtMTI5RC00NDk1LUJGRTctQjAxMUQ2NkU5QjAxfSIgdXNlcmlkPSJ7NjhEMjUzNTktRDBFQy00NTkzLTlEOEItMENBMDBFRERFQkJBfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezUzOEVBNERELUM4RjQtNDM1Qi1CQTI5LTAxRDBBNUYzMjBGRH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSI0IiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDUuNDA0NiIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJERUxMIiBwcm9kdWN0X25hbWU9IkRFTEwiLz48ZXhwIGV0YWc9IiIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMTY3LjIxIiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI4MjM2NDY1NTU5IiBpbnN0YWxsX3RpbWVfbXM9IjU4MCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.167.21
3728\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Total events
27 907
Read events
27 714
Write events
184
Delete events
9

Modification events

(PID) Process:(5596) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(5596) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(5596) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(5596) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(5596) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(6164) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
01000000000000004D674B4CB01FDB01
(PID) Process:(7732) RazerInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(7732) RazerInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerInstaller_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(7732) RazerInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(7732) RazerInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
Executable files
2 131
Suspicious files
1 447
Text files
209
Unknown types
20

Dropped files

PID
Process
Filename
Type
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF8c387.TMP
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF8c387.TMP
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF8c387.TMP
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF8c397.TMP
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF8c387.TMP
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
5596chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
104
DNS requests
57
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
632
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7732
RazerInstaller.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D
unknown
whitelisted
7732
RazerInstaller.exe
HEAD
301
23.48.23.32:80
http://assets2.razerzone.com/images/razer-synapse/lifestyle_chroma_studio.png
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7732
RazerInstaller.exe
GET
301
23.48.23.32:80
http://assets2.razerzone.com/images/razer-synapse/lifestyle_chroma_studio.png
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
23.48.23.166:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7732
RazerInstaller.exe
HEAD
301
23.48.23.32:80
http://assets2.razerzone.com/images/razer-synapse/light_chroma_studio.png
unknown
whitelisted
7732
RazerInstaller.exe
HEAD
301
23.48.23.32:80
http://assets2.razerzone.com/images/razer-synapse/lifestyle_macros.png
unknown
whitelisted
7732
RazerInstaller.exe
HEAD
301
23.48.23.32:80
http://assets2.razerzone.com/images/razer-synapse/light_macros.png
unknown
whitelisted
7732
RazerInstaller.exe
GET
301
23.48.23.32:80
http://assets2.razerzone.com/images/razer-synapse/dark_chroma_studio.png
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5596
chrome.exe
239.255.255.250:1900
whitelisted
3844
chrome.exe
52.2.56.64:443
rzr.to
AMAZON-AES
US
suspicious
3844
chrome.exe
142.251.168.84:443
accounts.google.com
GOOGLE
US
whitelisted
3844
chrome.exe
23.48.23.39:443
dl.razerzone.com
Akamai International B.V.
DE
whitelisted
3844
chrome.exe
142.250.185.206:443
sb-ssl.google.com
GOOGLE
US
whitelisted
632
svchost.exe
20.190.159.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
632
svchost.exe
192.229.221.95:80
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
rzr.to
  • 52.2.56.64
  • 52.21.33.16
unknown
accounts.google.com
  • 142.251.168.84
whitelisted
dl.razerzone.com
  • 23.48.23.39
  • 23.48.23.25
whitelisted
sb-ssl.google.com
  • 142.250.185.206
whitelisted
login.live.com
  • 20.190.159.2
  • 40.126.31.73
  • 20.190.159.75
  • 40.126.31.67
  • 20.190.159.73
  • 40.126.31.69
  • 20.190.159.71
  • 20.190.159.0
  • 20.190.159.68
  • 20.190.159.64
  • 20.190.159.4
  • 40.126.31.71
whitelisted
th.bing.com
  • 104.126.37.161
  • 104.126.37.139
  • 104.126.37.168
  • 104.126.37.155
  • 104.126.37.144
  • 104.126.37.162
  • 104.126.37.153
  • 104.126.37.146
  • 104.126.37.160
whitelisted
www.google.com
  • 216.58.206.68
whitelisted
go.microsoft.com
  • 23.218.210.69
whitelisted
u05srooyhc.execute-api.us-east-1.amazonaws.com
  • 99.86.4.106
  • 99.86.4.24
  • 99.86.4.14
  • 99.86.4.13
shared
discovery.razerapi.com
  • 23.48.23.53
  • 23.48.23.31
  • 2.22.242.112
  • 2.22.242.139
unknown

Threats

PID
Process
Class
Message
3844
chrome.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
3844
chrome.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
RazerInstaller.exe
RzKitty: DetectManager()
RazerInstaller.exe
RzKitty: Win10
RazerInstaller.exe
RzKitty: hWnd ok
RazerInstaller.exe
RzKitty: RegisterDevNotify ok
RazerInstaller.exe
RzKitty: EnumBTLEAudioDevices start
RazerInstaller.exe
RzKitty: EnumBTLEAudioDevices done
RazerInstaller.exe
RzKitty: DetectMgr done
RazerInstaller.exe
log4net:ERROR Could not create Appender [RollingLogFileAppender] of type [log4net.Appender.RollingFileAppender,log4net]. Reported error follows.
RazerInstaller.exe
System.InvalidCastException: Unable to cast object of type 'log4net.Appender.RollingFileAppender' to type 'log4net.Appender.IAppender'. at log4net.Repository.Hierarchy.XmlHierarchyConfigurator.ParseAppender(XmlElement appenderElement)
RazerInstaller.exe
log4net:ERROR Appender named [RollingLogFileAppender] not found.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://rzr.to/axon-download