URL:

https://www.razer.com/synapse-3

Full analysis: https://app.any.run/tasks/936400af-dfb7-46f5-8371-c94939932e8a
Verdict: Malicious activity
Analysis date: September 05, 2019, 16:49:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

1871E9358FAA76B1866DE41FA4ED6A06

SHA1:

87F573F9EBF81D2BE63184589A037A5E02301386

SHA256:

43AC5CB4D96F7E4FC9DD47D7D2DA2284F0AA91DABB07EFBE180F39DE5B5C7FB5

SSDEEP:

3:N8DSLUGrLHkn:2OLUME

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • RazerSynapseInstaller_V1.0.114.147.exe (PID: 3432)
      • RazerSynapseInstaller_V1.0.114.147.exe (PID: 2768)
      • RazerInstaller.exe (PID: 3676)
      • RazerInstaller.exe (PID: 3000)
      • vc_redist.x86.exe (PID: 1188)
      • irsetup.exe (PID: 1292)
      • vc_redist.x86.exe (PID: 2904)

    • Loads dropped or rewritten executable

      • RazerInstaller.exe (PID: 3000)
      • 1532494580S1lVvCUwRazerSynapseDependenciesSetup_v3.3.0725.072507.exe (PID: 3712)
      • vc_redist.x86.exe (PID: 2904)
      • irsetup.exe (PID: 1292)

    • Changes settings of System certificates

      • RazerInstaller.exe (PID: 3000)

  • SUSPICIOUS

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2868)

    • Creates files in the program directory

      • RazerInstaller.exe (PID: 3000)
      • irsetup.exe (PID: 1292)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 2868)
      • RazerSynapseInstaller_V1.0.114.147.exe (PID: 3432)
      • RazerInstaller.exe (PID: 3676)
      • chrome.exe (PID: 2264)
      • vc_redist.x86.exe (PID: 2904)
      • irsetup.exe (PID: 1292)
      • RazerInstaller.exe (PID: 3000)
      • 1562912123wzY7ZPyORazerCentral_v7.3.22.122.exe (PID: 2600)
      • 1532494580S1lVvCUwRazerSynapseDependenciesSetup_v3.3.0725.072507.exe (PID: 3712)

    • Adds / modifies Windows certificates

      • RazerInstaller.exe (PID: 3000)

    • Reads Environment values

      • RazerInstaller.exe (PID: 3000)

    • Reads Internet Cache Settings

      • RazerInstaller.exe (PID: 3000)

    • Application launched itself

      • vc_redist.x86.exe (PID: 1188)

    • Searches for installed software

      • vc_redist.x86.exe (PID: 2904)

  • INFO

    • Reads the hosts file

      • chrome.exe (PID: 2868)
      • chrome.exe (PID: 2264)

    • Reads Internet Cache Settings

      • chrome.exe (PID: 2868)

    • Application launched itself

      • chrome.exe (PID: 2868)

    • Dropped object may contain Bitcoin addresses

      • RazerInstaller.exe (PID: 3000)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
70
Monitored processes
31
Malicious processes
8
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs razersynapseinstaller_v1.0.114.147.exe no specs razersynapseinstaller_v1.0.114.147.exe razerinstaller.exe razerinstaller.exe chrome.exe no specs chrome.exe no specs 1532494580s1lvvcuwrazersynapsedependenciessetup_v3.3.0725.072507.exe vc_redist.x86.exe no specs vc_redist.x86.exe 1562912123wzy7zpyorazercentral_v7.3.22.122.exe irsetup.exe

Process information

PID
CMD
Path
Indicators
Parent process
1188C:\Users\admin\AppData\Local\Temp\nskE040.tmp\vc_redist.x86.exe /q /norestartC:\Users\admin\AppData\Local\Temp\nskE040.tmp\vc_redist.x86.exe1532494580S1lVvCUwRazerSynapseDependenciesSetup_v3.3.0725.072507.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
Exit code:
1638
Version:
14.0.23026.0
Modules
Images
c:\users\admin\appdata\local\temp\nske040.tmp\vc_redist.x86.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1292"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" /silent /ISLASTMODULE=False __IRAOFF:2010114 "__IRAFN:C:\Windows\Installer\Razer\Installer\1562912123wzY7ZPyORazerCentral_v7.3.22.122.exe" "__IRCT:1" "__IRTSS:66249520" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000"C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
1562912123wzY7ZPyORazerCentral_v7.3.22.122.exe
User:
admin
Company:
Indigo Rose Corporation
Integrity Level:
HIGH
Description:
Setup Application
Exit code:
0
Version:
9.5.1.0
Modules
Images
c:\users\admin\appdata\local\temp\_ir_sf_temp_0\irsetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\gdi32.dll
2060"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=16117862701121854399 --mojo-platform-channel-handle=4500 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2064"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2472866589724904596 --mojo-platform-channel-handle=4548 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2156"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15259387470267471691 --mojo-platform-channel-handle=4364 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2160"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9911442717103770132 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2264"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --service-request-channel-token=6784740274754149188 --mojo-platform-channel-handle=1456 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2392"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADgAAAgAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=15063346632684577985 --mojo-platform-channel-handle=4616 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2416"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=6238797588940791570 --mojo-platform-channel-handle=888 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
2528"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,13895931101989397078,12340450996666135279,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1026376660207206903 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
Total events
1 742
Read events
1 601
Write events
136
Delete events
5

Modification events

(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2856) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:2868-13212175761759875
Value:
259
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2868) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:1512-13197841398593750
Value:
0
(PID) Process:(2868) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
112
Suspicious files
69
Text files
460
Unknown types
33

Dropped files

PID
Process
Filename
Type
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\b4216b4f-613f-4ebf-aab1-a285fbf73e10.tmp
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000020.dbtmp
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF16a03c.TMPtext
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF16a05b.TMPtext
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldtext
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF16a0c9.TMPtext
MD5:
SHA256:
2868chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
54
TCP/UDP connections
89
DNS requests
51
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3000
RazerInstaller.exe
GET
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/dark_macros.png
US
whitelisted
3000
RazerInstaller.exe
GET
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/dark_chroma_studio.png
US
whitelisted
3000
RazerInstaller.exe
HEAD
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/lifestyle_macros.png
US
whitelisted
3000
RazerInstaller.exe
GET
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/dark_macros.png
US
whitelisted
3000
RazerInstaller.exe
GET
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/dark_chroma_studio.png
US
whitelisted
3000
RazerInstaller.exe
HEAD
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/dark_chroma_studio.png
US
whitelisted
3000
RazerInstaller.exe
GET
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/lifestyle_macros.png
US
whitelisted
3000
RazerInstaller.exe
HEAD
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/light_macros.png
US
whitelisted
3000
RazerInstaller.exe
HEAD
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/dark_macros.png
US
whitelisted
3000
RazerInstaller.exe
GET
301
104.16.193.122:80
http://assets2.razerzone.com/images/razer-synapse/light_macros.png
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2264
chrome.exe
216.58.207.45:443
accounts.google.com
Google Inc.
US
whitelisted
2264
chrome.exe
216.58.207.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
2264
chrome.exe
104.16.193.122:443
assets2.razerzone.com
Cloudflare Inc
US
shared
2264
chrome.exe
143.204.208.186:443
d4kkpd69xt9l7.cloudfront.net
US
malicious
2264
chrome.exe
172.217.22.3:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
2264
chrome.exe
104.16.196.122:443
assets2.razerzone.com
Cloudflare Inc
US
shared
2264
chrome.exe
2.20.132.152:443
www.razer.com
Akamai International B.V.
whitelisted
2264
chrome.exe
216.58.206.3:443
fonts.gstatic.com
Google Inc.
US
whitelisted
2264
chrome.exe
172.217.18.168:443
www.googletagmanager.com
Google Inc.
US
whitelisted
2264
chrome.exe
216.58.207.78:443
www.google-analytics.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
clientservices.googleapis.com
  • 172.217.22.3
whitelisted
www.razer.com
  • 2.20.132.152
  • 2.20.132.138
suspicious
accounts.google.com
  • 216.58.207.45
shared
fonts.googleapis.com
  • 216.58.207.42
whitelisted
assets2.razerzone.com
  • 104.16.193.122
  • 104.16.197.122
  • 104.16.194.122
  • 104.16.196.122
  • 104.16.195.122
whitelisted
assets.razerzone.com
  • 104.16.196.122
  • 104.16.193.122
  • 104.16.195.122
  • 104.16.197.122
  • 104.16.194.122
whitelisted
d4kkpd69xt9l7.cloudfront.net
  • 143.204.208.186
  • 143.204.208.45
  • 143.204.208.113
  • 143.204.208.56
whitelisted
fonts.gstatic.com
  • 216.58.206.3
whitelisted
cdn1.affirm.com
  • 143.204.214.62
  • 143.204.214.48
  • 143.204.214.46
  • 143.204.214.102
whitelisted
www.googletagmanager.com
  • 172.217.18.168
whitelisted

Threats

PID
Process
Class
Message
1060
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
3000
RazerInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3000
RazerInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3000
RazerInstaller.exe
Misc activity
ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)
3000
RazerInstaller.exe
A Network Trojan was detected
[PTsecurity] Encrypted PE EXE or DLL Windows file download Key = 07
3000
RazerInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3000
RazerInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3000
RazerInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3000
RazerInstaller.exe
Potentially Bad Traffic
ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download
3000
RazerInstaller.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
RazerInstaller.exe
log4net:ERROR XmlHierarchyConfigurator: Could not create Appender [RollingLogFileAppender] of type [log4net.Appender.RollingFileAppender,log4net]. Reported error follows.
RazerInstaller.exe
System.InvalidCastException: Unable to cast object of type 'log4net.Appender.RollingFileAppender' to type 'log4net.Appender.IAppender'. at log4net.Repository.Hierarchy.XmlHierarchyConfigurator.ParseAppender(XmlElement appenderElement)
RazerInstaller.exe
log4net:ERROR XmlHierarchyConfigurator: Appender named [RollingLogFileAppender] not found.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.razer.com/synapse-3