File name:

RazerCortexLightInstaller.exe

Full analysis: https://app.any.run/tasks/ff8305ef-fd9b-4d62-acd5-10a93772a3b5
Verdict: Malicious activity
Analysis date: December 10, 2024, 08:45:56
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
wmi-base64
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

BD688DC5E5A2155D85AFF1CBBA9DDF62

SHA1:

FDE97E9FE148D75B179BAC170806BBF12F713AE3

SHA256:

64C2FCE367E22BA3CE90E5B2107E66FE59FFE1B8F5F548C81D9D37A25698D711

SSDEEP:

12288:7RSzO13/zq3qmiGKbg2jdu7JUWRhE1fIikBlcyq/V1ZurXtXa:7RSzO1b7miGKbgfVUWRhE1wikBlcya

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • RazerCortexLightInstaller.exe (PID: 6260)
      • RazerCentral_Setup.exe (PID: 6984)
      • RazerCentralService.exe (PID: 5388)
      • RazerCortex_1272593.tmp (PID: 3140)
      • MicrosoftEdgeUpdate.exe (PID: 3208)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • MicrosoftEdgeUpdate.exe (PID: 6936)

    • Executable content was dropped or overwritten

      • RazerCortex_1272593.exe (PID: 4912)
      • RazerCortex_1272593.tmp (PID: 3140)
      • RzGMS_Setup.exe (PID: 4444)
      • RzGMS_Setup.tmp (PID: 5640)
      • RazerCentral_Setup.exe (PID: 6984)
      • irsetup.exe (PID: 4144)
      • RazerCortexManifestRepair.exe (PID: 2092)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6312)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6568)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1448)

    • The process drops C-runtime libraries

      • RazerCortex_1272593.tmp (PID: 3140)
      • RzGMS_Setup.tmp (PID: 5640)
      • irsetup.exe (PID: 4144)
      • RazerCortexManifestRepair.exe (PID: 2092)

    • Process drops legitimate windows executable

      • RazerCortex_1272593.tmp (PID: 3140)
      • RzGMS_Setup.tmp (PID: 5640)
      • irsetup.exe (PID: 4144)
      • RazerCortexManifestRepair.exe (PID: 2092)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6312)
      • MicrosoftEdgeUpdate.exe (PID: 3208)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6568)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1448)
      • MicrosoftEdgeUpdate.exe (PID: 6936)

    • Reads the Windows owner or organization settings

      • RzGMS_Setup.tmp (PID: 5640)
      • RazerCortex_1272593.tmp (PID: 3140)

    • Executes as Windows Service

      • GameManagerService3.exe (PID: 6708)
      • RazerCentralService.exe (PID: 5388)
      • CortexLauncherService.exe (PID: 3824)

    • Searches for installed software

      • GameManagerService3.exe (PID: 6708)

    • Checks Windows Trust Settings

      • RazerCentralService.exe (PID: 5388)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 3208)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • MicrosoftEdgeUpdate.exe (PID: 6936)

    • Disables SEHOP

      • MicrosoftEdgeUpdate.exe (PID: 6936)

  • INFO

    • Checks supported languages

      • RazerCortexLightInstaller.exe (PID: 6260)
      • RazerCortex_1272593.exe (PID: 4912)
      • RazerCortex_1272593.tmp (PID: 3140)
      • RzGMS_Setup.exe (PID: 4444)
      • RzGMS_Setup.tmp (PID: 5640)
      • GMSServiceRegister.exe (PID: 6532)
      • GMSServiceRegister.exe (PID: 6504)
      • GMSServiceRegister.exe (PID: 6884)
      • GameManagerService3.exe (PID: 6708)
      • RazerCentral_Setup.exe (PID: 6984)
      • irsetup.exe (PID: 4144)
      • RazerCentralService.exe (PID: 5388)
      • RazerCortexManifestRepair.exe (PID: 2092)
      • CortexLauncherService.exe (PID: 1304)
      • CortexLauncherService.exe (PID: 6772)
      • GMSServiceRegister.exe (PID: 2996)
      • RazerComponentsController.exe (PID: 1076)
      • CortexLauncherService.exe (PID: 6092)
      • MicrosoftEdgeUpdate.exe (PID: 3208)
      • UninstallPowerPlans.exe (PID: 6180)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6568)
      • CortexLauncherService.exe (PID: 1732)
      • MicrosoftEdgeUpdate.exe (PID: 6936)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1448)
      • RazerCortex.exe (PID: 2220)
      • MicrosoftEdgeUpdate.exe (PID: 6504)

    • Disables trace logs

      • RazerCortexLightInstaller.exe (PID: 6260)
      • RazerCentralService.exe (PID: 5388)

    • Checks proxy server information

      • RazerCortexLightInstaller.exe (PID: 6260)
      • MicrosoftEdgeUpdate.exe (PID: 3208)
      • wermgr.exe (PID: 5240)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • wermgr.exe (PID: 6716)
      • MicrosoftEdgeUpdate.exe (PID: 6936)

    • Process checks computer location settings

      • RazerCortexLightInstaller.exe (PID: 6260)
      • GameManagerService3.exe (PID: 6708)
      • RazerCentral_Setup.exe (PID: 6984)
      • RazerCortex_1272593.tmp (PID: 3140)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • MicrosoftEdgeUpdate.exe (PID: 6936)

    • Reads the computer name

      • RazerCortex_1272593.exe (PID: 4912)
      • RazerCortex_1272593.tmp (PID: 3140)
      • RzGMS_Setup.tmp (PID: 5640)
      • GMSServiceRegister.exe (PID: 6504)
      • GMSServiceRegister.exe (PID: 6532)
      • RazerCortexLightInstaller.exe (PID: 6260)
      • GameManagerService3.exe (PID: 6708)
      • GMSServiceRegister.exe (PID: 6884)
      • RazerCentral_Setup.exe (PID: 6984)
      • irsetup.exe (PID: 4144)
      • RazerCentralService.exe (PID: 5388)
      • RazerCortexManifestRepair.exe (PID: 2092)
      • CortexLauncherService.exe (PID: 1304)
      • GMSServiceRegister.exe (PID: 2996)
      • CortexLauncherService.exe (PID: 6092)
      • CortexLauncherService.exe (PID: 3824)
      • UninstallPowerPlans.exe (PID: 6180)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • MicrosoftEdgeUpdate.exe (PID: 6936)
      • RazerCortex.exe (PID: 2220)
      • CortexLauncherService.exe (PID: 6772)

    • Create files in a temporary directory

      • RazerCortex_1272593.exe (PID: 4912)
      • RazerCortex_1272593.tmp (PID: 3140)
      • RzGMS_Setup.exe (PID: 4444)
      • RzGMS_Setup.tmp (PID: 5640)
      • RazerCortexLightInstaller.exe (PID: 6260)

    • Reads the software policy settings

      • RazerCortexLightInstaller.exe (PID: 6260)
      • GameManagerService3.exe (PID: 6708)
      • RazerCentralService.exe (PID: 5388)
      • MicrosoftEdgeUpdate.exe (PID: 3208)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • wermgr.exe (PID: 6620)
      • MicrosoftEdgeUpdate.exe (PID: 6936)

    • The process uses the downloaded file

      • RazerCortexLightInstaller.exe (PID: 6260)
      • RazerCentral_Setup.exe (PID: 6984)
      • RazerCentralService.exe (PID: 5388)
      • RazerCortex_1272593.tmp (PID: 3140)

    • Reads the machine GUID from the registry

      • RazerCortexLightInstaller.exe (PID: 6260)
      • GameManagerService3.exe (PID: 6708)
      • RazerCentralService.exe (PID: 5388)
      • RazerCortexManifestRepair.exe (PID: 2092)

    • Creates files or folders in the user directory

      • RazerCortex_1272593.tmp (PID: 3140)

    • Creates a software uninstall entry

      • RazerCortex_1272593.tmp (PID: 3140)

    • Creates files in the program directory

      • RzGMS_Setup.tmp (PID: 5640)
      • RazerCortex_1272593.tmp (PID: 3140)
      • irsetup.exe (PID: 4144)
      • RazerCentralService.exe (PID: 5388)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6312)
      • MicrosoftEdgeWebview2Setup.exe (PID: 6568)
      • MicrosoftEdgeWebview2Setup.exe (PID: 1448)
      • RazerCortex.exe (PID: 2220)

    • Sends debugging messages

      • GMSServiceRegister.exe (PID: 6504)
      • RazerCortexLightInstaller.exe (PID: 6260)
      • GMSServiceRegister.exe (PID: 6532)
      • GameManagerService3.exe (PID: 6708)
      • GMSServiceRegister.exe (PID: 6884)
      • RazerCortexManifestRepair.exe (PID: 2092)
      • RazerComponentsController.exe (PID: 1076)
      • CortexLauncherService.exe (PID: 1304)
      • CortexLauncherService.exe (PID: 6772)
      • CortexLauncherService.exe (PID: 1732)
      • CortexLauncherService.exe (PID: 6092)
      • GMSServiceRegister.exe (PID: 2996)
      • CortexLauncherService.exe (PID: 3824)
      • RiseCodeReporter.exe (PID: 6212)
      • RazerComponentsController.exe (PID: 7080)

    • Reads the time zone

      • GameManagerService3.exe (PID: 6708)

    • Reads CPU info

      • GameManagerService3.exe (PID: 6708)

    • Reads Environment values

      • MicrosoftEdgeUpdate.exe (PID: 3208)
      • MicrosoftEdgeUpdate.exe (PID: 6504)
      • MicrosoftEdgeUpdate.exe (PID: 6936)

    • Found Base64 encoded reference to WMI classes (YARA)

      • RazerCentralService.exe (PID: 5388)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1989:04:25 17:07:20+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 717312
InitializedDataSize: 117248
UninitializedDataSize: -
EntryPoint: 0xb108e
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.1.0
ProductVersionNumber: 1.0.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: -
CompanyName: Razer Inc.
FileDescription: RazerCortexLightInstaller
FileVersion: 1.0.1.0
InternalName: RazerCortexLightInstaller.exe
LegalCopyright: Copyright © 2024 Razer Inc. All rights reserved.
LegalTrademarks: -
OriginalFileName: RazerCortexLightInstaller.exe
ProductName: RazerCortexLightInstaller
ProductVersion: 1.0.1.0
AssemblyVersion: 1.0.1.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
179
Monitored processes
49
Malicious processes
12
Suspicious processes
3

Behavior graph

Click at the process to see the details
start razercortexlightinstaller.exe razercortex_1272593.exe razercortex_1272593.tmp rzgms_setup.exe rzgms_setup.tmp gmsserviceregister.exe conhost.exe no specs gmsserviceregister.exe conhost.exe no specs gmsserviceregister.exe conhost.exe no specs gmsserviceregister.exe conhost.exe no specs gamemanagerservice3.exe razercentral_setup.exe irsetup.exe razercentralservice.exe razercortexmanifestrepair.exe conhost.exe no specs razercomponentscontroller.exe no specs conhost.exe no specs cortexlauncherservice.exe no specs conhost.exe no specs cortexlauncherservice.exe no specs conhost.exe no specs cortexlauncherservice.exe no specs conhost.exe no specs cortexlauncherservice.exe no specs conhost.exe no specs cortexlauncherservice.exe no specs risecodereporter.exe no specs conhost.exe no specs uninstallpowerplans.exe no specs conhost.exe no specs uninstallpowerplans.exe no specs conhost.exe no specs razercomponentscontroller.exe no specs conhost.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe microsoftedgewebview2setup.exe microsoftedgeupdate.exe wermgr.exe razercortex.exe no specs razercortexlightinstaller.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
732"C:\Users\admin\AppData\Local\Temp\RazerCortexLightInstaller.exe" C:\Users\admin\AppData\Local\Temp\RazerCortexLightInstaller.exeexplorer.exe
User:
admin
Company:
Razer Inc.
Integrity Level:
MEDIUM
Description:
RazerCortexLightInstaller
Exit code:
3221226540
Version:
1.0.1.0
Modules
Images
c:\users\admin\appdata\local\temp\razercortexlightinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1076"C:\Program Files (x86)\Razer\Razer Cortex\RazerComponentsController.exe" install natasha gms3C:\Program Files (x86)\Razer\Razer Cortex\RazerComponentsController.exeRazerCortex_1272593.tmp
User:
admin
Company:
Razer Inc.
Integrity Level:
HIGH
Exit code:
0
Version:
1.0.4.0
1304"C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exe" stopC:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exeRazerCortex_1272593.tmp
User:
admin
Company:
Razer Inc.
Integrity Level:
HIGH
Description:
CortexLauncherService.exe
Exit code:
0
Version:
2.0.3.0
1448"C:\Program Files (x86)\Razer\Razer Cortex\MicrosoftEdgeWebview2Setup.exe" /silent /installC:\Program Files (x86)\Razer\Razer Cortex\MicrosoftEdgeWebview2Setup.exe
RazerCortex_1272593.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge Update Setup
Exit code:
2147747592
Version:
1.3.181.5
1732"C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exe" installC:\Program Files (x86)\Razer\Razer Cortex\CortexLauncherService.exeRazerCortex_1272593.tmp
User:
admin
Company:
Razer Inc.
Integrity Level:
HIGH
Description:
CortexLauncherService.exe
Exit code:
0
Version:
2.0.3.0
2092"C:\Program Files (x86)\Razer\Razer Cortex\RazerCortexManifestRepair.exe" /silent /cortex-ver=10.15.99.0 /cortex-dir="C:\Program Files (x86)\Razer\Razer Cortex" /manifest-dir="Manifest"C:\Program Files (x86)\Razer\Razer Cortex\RazerCortexManifestRepair.exe
RazerCortex_1272593.tmp
User:
admin
Integrity Level:
HIGH
Description:
RazerCortexManifestRepair
Exit code:
0
Version:
1.0.3.0
2220"C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe" -createdelay3minlaunchC:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exeRazerCortex_1272593.tmp
User:
admin
Company:
Razer Inc.
Integrity Level:
HIGH
Description:
RazerCortex
Exit code:
0
Version:
10.15.99.0
2996"C:\Program Files (x86)\Razer\Razer Services\GMS3\GMSServiceRegister.exe" installC:\Program Files (x86)\Razer\Razer Services\GMS3\GMSServiceRegister.exe
RzGMS_Setup.tmp
User:
admin
Company:
Razer Inc.
Integrity Level:
HIGH
Description:
GMSServiceRegister
Exit code:
0
Version:
1.6.0.1
Modules
Images
c:\program files (x86)\razer\razer services\gms3\gmsserviceregister.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3140"C:\Users\admin\AppData\Local\Temp\is-7MAOA.tmp\RazerCortex_1272593.tmp" /SL5="$70204,253852456,902144,C:\Users\admin\AppData\Local\Temp\RazerCortex_1272593.exe" /SP- /VERYSILENT /SUPRESSMSGBOXES /NORESTART /psh=C:\Users\admin\AppData\Local\Temp\is-7MAOA.tmp\RazerCortex_1272593.tmp
RazerCortex_1272593.exe
User:
admin
Company:
Razer Inc.
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-7maoa.tmp\razercortex_1272593.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
3144\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeCortexLauncherService.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Total events
30 319
Read events
30 087
Write events
199
Delete events
33

Modification events

(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASMANCS
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6260) RazerCortexLightInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\RazerCortexLightInstaller_RASMANCS
Operation:writeName:EnableConsoleTracing
Value:
0
Executable files
2 565
Suspicious files
902
Text files
189
Unknown types
81

Dropped files

PID
Process
Filename
Type
6260RazerCortexLightInstaller.exeC:\Users\admin\AppData\Local\Temp\RazerCortex_1272593.exe.tmp
MD5:
SHA256:
6260RazerCortexLightInstaller.exeC:\Users\admin\AppData\Local\Temp\RazerCortex_1272593.exe
MD5:
SHA256:
3140RazerCortex_1272593.tmpC:\Users\admin\AppData\Local\Temp\is-DQ8NN.tmp\is-4T21K.tmp
MD5:
SHA256:
3140RazerCortex_1272593.tmpC:\Users\admin\AppData\Local\Temp\is-DQ8NN.tmp\RzGMS_Setup.exe
MD5:
SHA256:
3140RazerCortex_1272593.tmpC:\Users\admin\AppData\Local\Temp\is-DQ8NN.tmp\is-5O1C0.tmp
MD5:
SHA256:
3140RazerCortex_1272593.tmpC:\Users\admin\AppData\Local\Temp\is-DQ8NN.tmp\RazerCentral_Setup.exe
MD5:
SHA256:
6260RazerCortexLightInstaller.exeC:\Users\admin\AppData\Local\Temp\RazerCortex_1272593.exe.etagtext
MD5:EF312A8DB6E4D1C527BD014E59042788
SHA256:8B37A7C64C9E8E438BB921DB1CB336A0AA632C8F8AFA6AD502635A07BB5300D7
3140RazerCortex_1272593.tmpC:\Users\admin\AppData\Local\Temp\is-DQ8NN.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
3140RazerCortex_1272593.tmpC:\ProgramData\Razer\RazerCortex\BoostCommon.initext
MD5:1469D9FB88E22D4757CABC1F0F24E2A7
SHA256:6C52964557E5CD0BE65F21AB6E95156E476EFAE7E8197AD36499F7EF7E453611
3140RazerCortex_1272593.tmpC:\Users\admin\AppData\Local\Temp\is-DQ8NN.tmp\RazerCortexInstallerLib.dllexecutable
MD5:82098B60E4AC5F603AA0A995A0015C03
SHA256:247F6335F6B40C397B95A36DA50651F8E26A7EB9E021CBCD905F4211D14393D7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
18
TCP/UDP connections
53
DNS requests
30
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6092
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6092
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6208
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
6708
GameManagerService3.exe
GET
301
23.48.23.149:80
http://deals-assets-cdn.razerzone.com/mgl/latest-20240501.xml.gz
unknown
whitelisted
7032
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6708
GameManagerService3.exe
HEAD
301
23.48.23.149:80
http://deals-assets-cdn.razerzone.com/mgl/latest-20240501.xml.gz
unknown
whitelisted
7032
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
5388
RazerCentralService.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
6092
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6092
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
104.126.37.130:443
www.bing.com
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 88.221.169.152
whitelisted
google.com
  • 142.250.184.206
whitelisted
www.bing.com
  • 104.126.37.130
  • 104.126.37.136
  • 104.126.37.161
  • 104.126.37.160
  • 104.126.37.137
  • 104.126.37.152
  • 104.126.37.131
  • 104.126.37.128
  • 104.126.37.139
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted
maxineapi.razersynapse.com
  • 3.226.140.32
  • 44.209.5.128
unknown
dl.razerzone.com
  • 23.48.23.188
  • 23.48.23.167
  • 23.48.23.152
  • 23.48.23.178
whitelisted
login.live.com
  • 40.126.32.138
  • 40.126.32.133
  • 40.126.32.76
  • 40.126.32.74
  • 20.190.160.22
  • 40.126.32.72
  • 20.190.160.14
  • 20.190.160.17
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted

Threats

No threats detected
Process
Message
RazerCortexLightInstaller.exe
[RazerLightInstaller] Get args:
RazerCortexLightInstaller.exe
[RazerLightInstaller] Start download installer, save to: C:\Users\admin\AppData\Local\Temp\RazerCortex_1272593.exe
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0% 0.0 bytes/243.1MB
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0% 8KB/243.1MB
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0.01% 1.7MB/243.1MB
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0.01% 3.1MB/243.1MB
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0.02% 5.1MB/243.1MB
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0.03% 6.6MB/243.1MB
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0.03% 8.1MB/243.1MB
RazerCortexLightInstaller.exe
[RazerLightInstaller] Downloading... 0.04% 9.6MB/243.1MB
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RazerCortexLightInstaller.exe